Merge branch 'main' of github.com:anchore/vunnel into fix/respect-git…

…hub-rate-limit-headers
anchore · Oct 31, 2023 · 9fc9c9f · 9fc9c9f
2 parents 11d11e2 + 984b5cb
commit 9fc9c9f
Show file tree

Hide file tree

Showing 14 changed files with 44 additions and 29 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -11,6 +11,7 @@ permissions:
 
 jobs:
   quality-gate:
+    environment: release
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
@@ -59,7 +60,6 @@ jobs:
     needs:
       - quality-gate
     runs-on: ubuntu-22.04
-    environment: release
     permissions:
       contents: write
       packages: write
@@ -84,7 +84,6 @@ jobs:
     needs:
       - tag
     runs-on: ubuntu-22.04
-    environment: release
     permissions:
       contents: read
     steps:
@@ -105,7 +104,6 @@ jobs:
     needs:
       - tag
     runs-on: ubuntu-22.04
-    environment: release
     permissions:
       contents: read
       packages: write
@@ -133,7 +131,6 @@ jobs:
     needs:
       - tag
     runs-on: ubuntu-22.04
-    environment: release
     permissions:
       contents: write
       packages: write

diff --git a/poetry.lock b/poetry.lock
diff --git a/src/vunnel/cli/cli.py b/src/vunnel/cli/cli.py
@@ -91,7 +91,6 @@ def cli(ctx: click.core.Context, verbose: bool, config_path: str) -> None:
 def show_config(cfg: config.Application) -> None:
     logging.info("showing application config")
 
-    # noqa
     class IndentDumper(yaml.Dumper):
         def increase_indent(self, flow: bool = False, indentless: bool = False) -> None:  # noqa: ARG002
             return super().increase_indent(flow, False)

diff --git a/src/vunnel/providers/amazon/parser.py b/src/vunnel/providers/amazon/parser.py
@@ -120,7 +120,7 @@ def get_package_name_version(pkg):
         if not pkg.endswith(".rpm"):
             pkg = pkg + ".rpm"
 
-        name, version, release, epoch, arch = rpm.split_rpm_filename(pkg)  # noqa
+        name, version, release, epoch, arch = rpm.split_rpm_filename(pkg)
 
         if release:
             return AlasFixedIn(pkg=name, ver=(version + "-" + release))

diff --git a/src/vunnel/providers/debian/parser.py b/src/vunnel/providers/debian/parser.py
@@ -128,7 +128,6 @@ def _get_cve_to_dsalist(self, dsa):
 
         return ns_cve_dsalist
 
-    # noqa
     def _parse_dsa_record(self, dsa_lines):  # noqa: C901
         """
 
@@ -188,7 +187,7 @@ def _parse_dsa_record(self, dsa_lines):  # noqa: C901
                     continue
 
             return dsa
-        except Exception:  # noqa
+        except Exception:
             self.logger.exception("failed to parse dsa record")
 
     def _get_dsa_map(self):
@@ -444,7 +443,7 @@ def _normalize_json(self, ns_cve_dsalist=None):  # noqa: PLR0912,PLR0915,C901
 
                             # retlists[relno].append(final_record)
 
-                    except Exception:  # noqa
+                    except Exception:
                         self.logger.exception(f"ignoring error parsing vuln: {vid}, pkg: {pkg}, rel: {rel}")
 
         self.logger.debug(f"metrics for advisory information: {json.dumps(adv_mets)}")

diff --git a/src/vunnel/providers/github/parser.py b/src/vunnel/providers/github/parser.py
@@ -55,7 +55,7 @@ def __init__(  # noqa: PLR0913
         download_timeout=125,
         api_url="https://api.github.com/graphql",
         logger=None,
-    ):  # noqa
+    ):
         self.db = db.connection(workspace.input_path, serializer="json")
         self.download_timeout = download_timeout
         self.api_url = api_url
@@ -253,7 +253,7 @@ def get_advisory(ghsaId, data):
     return {}
 
 
-def get_vulnerabilities(token, ghsaId, timestamp, vuln_cursor, parent_cursor):  # noqa
+def get_vulnerabilities(token, ghsaId, timestamp, vuln_cursor, parent_cursor):
     """
     In the improbable case that an Advisory is associated with more than 100
     (Github's GraphQL limit) these will need to get fetched until the cursor is
@@ -343,7 +343,6 @@ def needs_subquery(data):
     return False
 
 
-# noqa
 def graphql_advisories(cursor=None, timestamp=None, vuln_cursor=None):
     """
     The cursor needs to be the `endCursor` for the last successful query. The

diff --git a/src/vunnel/providers/oracle/parser.py b/src/vunnel/providers/oracle/parser.py
@@ -116,7 +116,7 @@ def _is_ksplice_version(cls, version) -> bool:
         :param version:
         :return:
         """
-        epoch, version, release = rpm.split_fullversion(version)  # noqa
+        epoch, version, release = rpm.split_fullversion(version)
         return cls.ksplice_regex.match(release) is not None
 
     def filter(self, vuln_dict: dict) -> dict:  # noqa: A003
@@ -135,7 +135,7 @@ def filter(self, vuln_dict: dict) -> dict:  # noqa: A003
         :param vuln_dict: dict of vulns where key is distro and version and value is the list of vulns for that version
         :return:
         """
-        for version, vuln in vuln_dict.values():  # noqa
+        for version, vuln in vuln_dict.values():  # noqa: B007
             fixes = vuln.get("Vulnerability", {}).get("FixedIn", [])
             if fixes:
                 pre_filter_fix_count = len(fixes)

diff --git a/src/vunnel/providers/rhel/parser.py b/src/vunnel/providers/rhel/parser.py
@@ -134,7 +134,7 @@ def _process_minimal_cve(self, min_cve_api, do_full_sync, min_cve_dir, full_cve_
             raise  # raise the original exception
 
     # TODO: ALEX, should skip_if_exists be hooked up here? (currently unused)
-    def _sync_cves(self, skip_if_exists=False, do_full_sync=True):  # noqa
+    def _sync_cves(self, skip_if_exists=False, do_full_sync=True):  # noqa: PLR0915, PLR0912, C901
         """
         Download minimal or summary cve and compare it to persisted state on disk. If no persisted state is found or a
         a change is detected, full cve is downloaded

diff --git a/src/vunnel/providers/sles/parser.py b/src/vunnel/providers/sles/parser.py
@@ -239,7 +239,7 @@ def _transform_oval_vulnerabilities(cls, major_version: str, parsed_dict: dict)
         if not vulnerabilities_dict or not tests_dict or not artifacts_dict or not versions_dict:
             return results
 
-        for identity, vulnerability_obj in vulnerabilities_dict.items():  # noqa
+        for identity, vulnerability_obj in vulnerabilities_dict.items():  # noqa: B007
             # version->release->feed map
             version_release_feed = defaultdict()
 

diff --git a/src/vunnel/providers/wolfi/parser.py b/src/vunnel/providers/wolfi/parser.py
@@ -79,7 +79,6 @@ def _load(self):
             self.logger.exception(f"failed to load {self.namespace} sec db data")
             raise
 
-    # noqa
     def _normalize(self, release, data):
         """
         Normalize all the sec db entries into vulnerability payload records

diff --git a/src/vunnel/result.py b/src/vunnel/result.py
@@ -195,7 +195,7 @@ def close(self, successful: bool) -> None:
 
 
 class Writer:
-    def __init__(  # noqa
+    def __init__(  # noqa: PLR0913
         self,
         workspace: Workspace,
         result_state_policy: ResultStatePolicy,

diff --git a/src/vunnel/utils/vulnerability.py b/src/vunnel/utils/vulnerability.py
@@ -1,4 +1,3 @@
-# noqa
 from __future__ import annotations
 
 from dataclasses import asdict, dataclass, field

diff --git a/tests/quality/configure.py b/tests/quality/configure.py
@@ -206,7 +206,6 @@ def cli(ctx, verbose: bool, config_path: str):
 def show_config(cfg: Config):
     logging.info("showing application config")
 
-    # noqa
     class IndentDumper(yaml.Dumper):
         def increase_indent(self, flow: bool = False, indentless: bool = False) -> None:  # noqa: ARG002
             return super().increase_indent(flow, False)

diff --git a/tests/unit/providers/github/test_github.py b/tests/unit/providers/github/test_github.py
@@ -286,7 +286,7 @@ def test_no_cursor_no_timestamp(self):
         assert (
             line
             == "securityAdvisories(orderBy: {field: PUBLISHED_AT, direction: ASC}, classifications: [GENERAL, MALWARE], first: 100) {"
-        )  # noqa
+        )
 
     def test_no_cursor_with_timestamp_changes_field(self):
         # first run after a successful run
@@ -307,7 +307,7 @@ def test_cursor_no_timestamp(self):
         assert (
             line
             == 'securityAdvisories(orderBy: {field: PUBLISHED_AT, direction: ASC}, after: "FXXF==", classifications: [GENERAL, MALWARE], first: 100) {'
-        )  # noqa
+        )
 
     def test_cursor_with_timestamp(self):
         # subsequent request after a successful run(s) because a timestamp has
@@ -318,15 +318,15 @@ def test_cursor_with_timestamp(self):
         assert (
             line
             == ', after: "FXXF==", updatedSince: "2019-02-06T20:44:12.371565", classifications: [GENERAL, MALWARE], first: 100) {'
-        )  # noqa
+        )
 
     def test_cursor_with_timestamp_changes_field(self):
         # subsequent request after a successful run(s) because a timestamp has
         # been recorded
         result = parser.graphql_advisories(cursor="FXXF==", timestamp="2019-02-06T20:44:12.371565")
         line = result.split("\n")[2].strip()
         line = line.split("}")[0]
-        assert line == "securityAdvisories(orderBy: {field: UPDATED_AT, direction: ASC"  # noqa
+        assert line == "securityAdvisories(orderBy: {field: UPDATED_AT, direction: ASC"
 
 
 class TestNeedsSubquery:
-Original file line number
+Diff line change
@@ Expand Up / @@ -79,7 +79,6 @@ def _load(self): @@
                 self.logger.exception(f"failed to load {self.namespace} sec db data")
                 raise
-        # noqa
         def _normalize(self, release, data):
             """
             Normalize all the sec db entries into vulnerability payload records
@@ Expand Down @@