Add PySec Live V2 Importer Pipeline #1983
Conversation
* Add PySec Live V2 Importer * Add tests for the PySec Live V2 Importer * Tested functionally using the Live Evaluation API in #1969 Signed-off-by: Michael Ehab Mikhail <[email protected]>
There was a problem hiding this comment.
@michaelehab Great job 👍 A few functions could be refactored to improve readability.
| from vulnerabilities.pipelines.v2_importers.pysec_live_importer import PySecLiveImporterPipeline | ||
|
|
There was a problem hiding this comment.
Move import PySecLiveImporterPipeline to the top of the test
| from vulnerabilities.pipelines.v2_importers.pysec_live_importer import PySecLiveImporterPipeline |
|
|
||
|
|
||
| def test_package_with_version_not_affected(mock_zip_data): | ||
| from vulnerabilities.pipelines.v2_importers.pysec_live_importer import PySecLiveImporterPipeline |
There was a problem hiding this comment.
| from vulnerabilities.pipelines.v2_importers.pysec_live_importer import PySecLiveImporterPipeline |
| from vulnerabilities.pipelines.v2_importers.pysec_live_importer import PySecLiveImporterPipeline | ||
|
|
There was a problem hiding this comment.
| from vulnerabilities.pipelines.v2_importers.pysec_live_importer import PySecLiveImporterPipeline |
| if not file_name.startswith("PYSEC-"): | ||
| continue | ||
| with zip_file.open(file_name) as f: | ||
| import json |
There was a problem hiding this comment.
Move import json to the top
| try: | ||
| v = PypiVersion(version) | ||
| except Exception: | ||
| return False |
There was a problem hiding this comment.
Catch only InvalidVersion instead of all errors.
| return False | ||
| for entry in affected: | ||
| ranges = entry.get("ranges", []) | ||
| for r in ranges: |
There was a problem hiding this comment.
r in for r in ranges: could be renamed to something clearer like version_range/data_range for readability.
| ranges = entry.get("ranges", []) | ||
| for r in ranges: |
There was a problem hiding this comment.
| ranges = entry.get("ranges", []) | |
| for r in ranges: | |
| for event in r.get("events", []): |
| events = r.get("events", []) | ||
| introduced = None | ||
| fixed = None | ||
| for event in events: |
There was a problem hiding this comment.
| for event in events: | |
| for event in r.get("events", []): |
| for entry in affected: | ||
| ranges = entry.get("ranges", []) | ||
| for r in ranges: | ||
| events = r.get("events", []) |
There was a problem hiding this comment.
| events = r.get("events", []) |
| if not self._is_version_affected(advisory_dict, self.purl.version): | ||
| continue | ||
|
|
||
| f.seek(0) |
There was a problem hiding this comment.
Why do we need f.seek(0) here? Could we just read the file once instead?
Solves #1981
Add PySec Live V2 Importer
Add tests for the PySec Live V2 Importer
Tested functionally using the Live Evaluation API in Add Live Evaluation API endpoint and PyPa live pipeline importer #1969