Skip to content

npm importer - improver migration #805

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 9 commits into from
Closed

npm importer - improver migration #805

wants to merge 9 commits into from

Conversation

@ziadhany
Copy link
Collaborator

@ziadhany ziadhany commented Jul 25, 2022

Signed-off-by: ziad ziadhany2016@gmail.com
ziadhany and others added 8 commits August 1, 2022 15:48
@ziadhany
Refactor Gitimporter using fetchcode
4fbd1a5 
Signed-off-by: ziad <ziadhany2016@gmail.com>
@ziadhany
remove git-config
577f2d5 
Signed-off-by: ziad <ziadhany2016@gmail.com>
@ziadhany
remove unused library, remove a git-test
7c09515 
Signed-off-by: ziad <ziadhany2016@gmail.com>
@TG1999
Refactor Git importer
637c3d5 
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
@ziadhany
add a test
dc605b0 
Signed-off-by: ziad <ziadhany2016@gmail.com>
@ziadhany
rewrite get_gitlab_package_type
ec88205 
Signed-off-by: ziad <ziadhany2016@gmail.com>
@ziadhany
npm importer - improver migration
fdfa4fa 
Signed-off-by: ziad <ziadhany2016@gmail.com>
@ziadhany
Merge remote-tracking branch 'origin/git-fetchcode' into npm
2babaf4 
# Conflicts: #	vulnerabilities/importer.py #	vulnerabilities/importers/__init__.py
@ziadhany
fix npm affected package , add npm test
a3bfb58 
Signed-off-by: ziadhany <ziadhany2016@gmail.com>
TG1999
TG1999 requested changes Sep 22, 2022
View reviewed changes
Copy link
Contributor

@TG1999 TG1999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! please see my feedback for your consideration
vulnerabilities/importers/npm.py
glob = "vuln/npm/**/*.json" # subdir="vuln/npm"
files = (p for p in path.glob(glob) if p.is_file())
for file in files:
print(file)
Copy link
Contributor

@TG1999 TG1999 Sep 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove print statement
vulnerabilities/importers/npm.py
publish_date = parse(record["updated_at"])
publish_date = publish_date.replace(tzinfo=pytz.UTC)

pkg_manager_api = NpmVersionAPI()
Copy link
Contributor

@TG1999 TG1999 Sep 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

VersionAPI is needed to be handled at improver side, check github and gitlab importer for same
vulnerabilities/importers/npm.py
aff_ver.add(ver)

return aff_ver, fix_ver
def get_fixed_version(
Copy link
Contributor

@TG1999 TG1999 Sep 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add tests
vulnerabilities/importers/npm.py
Example:
>>> z = normalize_ranges(">=6.1.3 < 7.0.0 || >=7.0.3")
>>> assert z == [">=6.1.3,<7.0.0", ">=7.0.3"]
def map_all_versions(all_versions) -> List[SemverVersion]:
Copy link
Contributor

@TG1999 TG1999 Sep 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add tests
@ziadhany ziadhany mentioned this pull request Sep 22, 2022
Open
9 tasks
@TG1999
Copy link
Contributor

TG1999 commented Nov 21, 2022

Been worked in #960
@TG1999 TG1999 closed this Nov 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@ziadhany @TG1999