Refactoring

Author: andrew

lib/git/pkgs/commands/vulns/base.rb

@@ -148,34 +148,12 @@ def sync_packages(packages)
             error "Failed to query OSV API: #{e.message}"
           end
 
-          # Collect all unique vuln IDs and fetch full details
-          vuln_ids = results.flatten.map { |v| v["id"] }.uniq
-          vuln_ids.each do |vuln_id|
-            next if Models::Vulnerability.first(id: vuln_id)&.vulnerability_packages&.any?
-
-            begin
-              full_vuln = client.get_vulnerability(vuln_id)
-              Models::Vulnerability.from_osv(full_vuln)
-            rescue OsvClient::ApiError => e
-              $stderr.puts "Warning: Failed to fetch vulnerability #{vuln_id}: #{e.message}" unless Git::Pkgs.quiet
-            end
-          end
+          fetch_vulnerability_details(client, results)
 
-          # Update package sync timestamps
           packages.each do |pkg|
             bib_ecosystem = Ecosystems.from_osv(pkg[:ecosystem])
             purl = Ecosystems.generate_purl(bib_ecosystem, pkg[:name])
-
-            if purl
-              Models::Package.update_or_create(
-                { purl: purl },
-                {
-                  ecosystem: bib_ecosystem,
-                  name: pkg[:name],
-                  vulns_synced_at: Time.now
-                }
-              )
-            end
+            mark_package_synced(purl, bib_ecosystem, pkg[:name]) if purl
           end
         end
 
@@ -207,33 +185,36 @@ def ensure_vulns_synced
             end.compact
 
             results = client.query_batch(queries)
+            fetch_vulnerability_details(client, results)
 
-            # Collect all unique vuln IDs and fetch full details
-            vuln_ids = results.flatten.map { |v| v["id"] }.uniq
-            vuln_ids.each do |vuln_id|
-              next if Models::Vulnerability.first(id: vuln_id)&.vulnerability_packages&.any?
-
-              begin
-                full_vuln = client.get_vulnerability(vuln_id)
-                Models::Vulnerability.from_osv(full_vuln)
-              rescue OsvClient::ApiError => e
-                $stderr.puts "Warning: Failed to fetch vulnerability #{vuln_id}: #{e.message}" unless Git::Pkgs.quiet
-              end
-            end
-
-            # Update package sync timestamps
             batch.each do |pkg|
               purl = Ecosystems.generate_purl(pkg.ecosystem, pkg.name)
-              next unless purl
+              mark_package_synced(purl, pkg.ecosystem, pkg.name) if purl
+            end
+          end
+        end
+
+        def fetch_vulnerability_details(client, results)
+          vuln_ids = results.flatten.map { |v| v["id"] }.uniq
+          vuln_ids.each do |vuln_id|
+            next if Models::Vulnerability.first(id: vuln_id)&.vulnerability_packages&.any?
 
-              Models::Package.update_or_create(
-                { purl: purl },
-                { ecosystem: pkg.ecosystem, name: pkg.name, vulns_synced_at: Time.now }
-              )
+            begin
+              full_vuln = client.get_vulnerability(vuln_id)
+              Models::Vulnerability.from_osv(full_vuln)
+            rescue OsvClient::ApiError => e
+              $stderr.puts "Warning: Failed to fetch vulnerability #{vuln_id}: #{e.message}" unless Git::Pkgs.quiet
             end
           end
         end
 
+        def mark_package_synced(purl, ecosystem, name)
+          Models::Package.update_or_create(
+            { purl: purl },
+            { ecosystem: ecosystem, name: name, vulns_synced_at: Time.now }
+          )
+        end
+
         def format_commit_info(commit)
           return nil unless commit
 

lib/git/pkgs/commands/vulns/exposure.rb

@@ -297,7 +297,7 @@ def compute_exposure_summary(data)
 
           post_disclosure_times = fixed.map { |d| d[:post_disclosure_days] }.compact
           mean_remediation = post_disclosure_times.empty? ? nil : (post_disclosure_times.sum.to_f / post_disclosure_times.size).round(1)
-          median_remediation = post_disclosure_times.empty? ? nil : post_disclosure_times.sort[post_disclosure_times.size / 2]
+          median_remediation = median(post_disclosure_times)
 
           oldest_ongoing = ongoing.map { |d| d[:post_disclosure_days] }.compact.max
 
@@ -399,6 +399,18 @@ def output_exposure_table(data)
           puts ""
           output_exposure_summary(data)
         end
+
+        def median(values)
+          return nil if values.empty?
+
+          sorted = values.sort
+          mid = sorted.size / 2
+          if sorted.size.odd?
+            sorted[mid]
+          else
+            ((sorted[mid - 1] + sorted[mid]) / 2.0).round(1)
+          end
+        end
         end
       end
     end

lib/git/pkgs/commands/vulns/praise.rb

@@ -228,13 +228,7 @@ def output_praise_text(results)
                         end
 
             line = "#{severity}  #{id}  #{pkg}  #{commit_info}  #{days_info}"
-            colored_line = case result[:severity]&.downcase
-                           when "critical", "high" then Color.green(line)
-                           when "medium" then Color.green(line)
-                           when "low" then Color.green(line)
-                           else Color.green(line)
-                           end
-            puts colored_line
+            puts Color.green(line)
           end
         end
         end

lib/git/pkgs/commands/vulns/show.rb

@@ -166,7 +166,7 @@ def find_exposure_for_vuln(vuln, vuln_pkgs, repo)
           begin
             commit_sha = repo.rev_parse(ref)
             target_commit = Models::Commit.first(sha: commit_sha)
-          rescue StandardError
+          rescue Rugged::ReferenceError
             return exposures
           end
 

lib/git/pkgs/commands/vulns/sync.rb

@@ -40,7 +40,7 @@ def run
           repo = Repository.new
 
           unless Database.exists?(repo.git_dir)
-            error "No database found. Run 'git pkgs init' first or use --stateless."
+            error "No database found. Run 'git pkgs init' first."
           end
 
           Database.connect(repo.git_dir)

lib/git/pkgs/osv_client.rb

@@ -129,16 +129,19 @@ def http_client(uri)
         end
       end
 
-      # Handle pagination for single query endpoint
+      MAX_PAGES = 100
+
       def fetch_all_pages(response, original_payload)
         vulns = response["vulns"] || []
         page_token = response["next_page_token"]
+        pages_fetched = 0
 
-        while page_token
+        while page_token && pages_fetched < MAX_PAGES
           payload = original_payload.merge(page_token: page_token)
           response = post("/query", payload)
           vulns.concat(response["vulns"] || [])
           page_token = response["next_page_token"]
+          pages_fetched += 1
         end
 
         vulns