Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add importer for vmware/photon/wiki/Security-Advisories vulnerabilities advisories #1683

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Add importer for vmware/photon/wiki/Security-Advisories vulnerabilities advisories #1683

wants to merge 9 commits into from
+155 −0

Conversation

Samk1710
Copy link

@Samk1710 Samk1710 commented Nov 26, 2024
edited
Loading

Added an importer at vulnerabilities/pipelines/vmwarephoton_importer.py and registered in vulnerabilities/importers/init.py
Addressing issue: #36

Signed-off-by: Sampurna Pyne [email protected]

keshav-space
keshav-space requested changes Dec 3, 2024
View reviewed changes
Copy link
Member

@keshav-space keshav-space left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @Samk1710, see some suggestions.

.qdrant-initialized Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why commit the Qdrant init config?

vulnerabilities/pipelines/vmwarephoton_importer.py
advisories = []
for url in self.urls:
try:
response = requests.get(url)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why fetch these twice? both in advisories_count and here.

vulnerabilities/pipelines/vmwarephoton_importer.py

# Use GenericVersion to handle non-semver versions
try:
fixed_version = GenericVersion(rev_ver)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we add support for PhotonVersion, or could we instead use RpmVersion?

vulnerabilities/pipelines/vmwarephoton_importer.py
response = requests.get(url)
response.raise_for_status()
advisories_data = response.json() # Fetch the data from the API
advisories.extend(self.to_advisory(advisories_data)) # Collect advisories for each URL
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not the right approach, advisory should always be yielded. No need to compute all advisory at once. See the other importer pipelines like https://github.com/aboutcode-org/vulnerablecode/blob/main/vulnerabilities/pipelines/nginx_importer.py

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thankyou @keshav-space for the suggestions. I will look into them and make the changes. Thankyou.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keshav-space keshav-space keshav-space requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Samk1710 @keshav-space