Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VCIO-next: Add Almalinux advisories #1491

Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open

VCIO-next: Add Almalinux advisories #1491

wants to merge 16 commits into from
+594 −0

Conversation

ambuj-1211
Copy link
Collaborator

Fix #1201
@ziadhany @TG1999 @keshav-space This is the basic nit to adds Alma Linux advisories into vulnerablecode database, please review it to make further changes.

@ambuj-1211
Add Almalinux advisories
d51b973 
Added almalinux advisories and tests for it
Signed-off-by: ambuj <[email protected]>
@ambuj-1211
Copy link
Collaborator Author

@ziadhany as this importer uses osv.py importer so shall I add AlmaLinux:8 and AlmaLinux:9 in supported ecosystems in osv.py

@ziadhany
Copy link
Collaborator

ziadhany commented Jun 22, 2024
edited
Loading

@ambuj-1211 yes, you should add it to this PURL_TYPE_BY_OSV_ECOSYSTEM dict.

@ziadhany
Copy link
Collaborator

@ambuj-1211
I looked into your code. Instead of using uppercase, you should use lowercase. then you are going to pass the test.

PURL_TYPE_BY_OSV_ECOSYSTEM = {
     ....
    "almalinux:8": "almalinux:8",
    "almalinux:9": "almalinux:9",
}

but you will face another issue. you need to add support for almalinux in univers.

https://github.com/nexB/univers/blob/205d7c48835dfeb6b694c9196728d2b4fa0a011a/src/univers/version_range.py#L1254:L1258

@TG1999 TG1999 requested a review from ziadhany July 9, 2024 15:22
@TG1999
Copy link
Contributor

TG1999 commented Jul 22, 2024

@ziadhany can this be merged ?

@ziadhany
Copy link
Collaborator

ziadhany commented Aug 5, 2024

@ziadhany can this be merged ?

I still need to review this code

@ambuj-1211
Merge branch 'main' into add-almalinux-advisories
c679856
@ambuj-1211
docs(almalinux-importer): Add docstring to parse_advisory_data func…
088279c 
…tion

- Added a detailed docstring to the `parse_advisory_data` function in the `almalinux-importer` module.
- The docstring includes a clear description of the function's purpose, arguments, return value, and an example usage.
- Improved the readability and structure of the example output in the docstring to ensure clarity and consistency.

This documentation enhancement makes the `parse_advisory_data` function easier to understand and use, aiding future development and maintenance.

Signed-off-by: ambuj <[email protected]>
ziadhany
ziadhany requested changes Aug 31, 2024
View reviewed changes
Copy link
Collaborator

@ziadhany ziadhany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ambuj-1211

Why not use the existing OSV script directly or modify it to support Almalinux, instead of rewriting the entire code?

vulnerabilities/importers/almalinux.py Outdated Show resolved Hide resolved
vulnerabilities/importers/almalinux.py Outdated Show resolved Hide resolved
vulnerabilities/importers/almalinux.py Outdated Show resolved Hide resolved
vulnerabilities/importers/almalinux.py Outdated Show resolved Hide resolved
vulnerabilities/importers/almalinux.py Outdated Show resolved Hide resolved
vulnerabilities/importers/almalinux.py Outdated Show resolved Hide resolved
@ziadhany
Copy link
Collaborator

ziadhany commented Sep 9, 2024

@ambuj-1211 Update the OSV get_affected_purl function to add support for AlmaLinux, just like we did for Maven.

vulnerablecode/vulnerabilities/importers/osv.py

Line 190 in 2888d29

def get_affected_purl(affected_pkg, raw_id):

@TG1999 TG1999 added this to the v36.0.0 - 3-next milestone Oct 15, 2024
@ambuj-1211 ambuj-1211 force-pushed the add-almalinux-advisories branch from df053ba to 088279c Compare December 14, 2024 18:40
@ambuj-1211
Copy link
Collaborator Author

ambuj-1211 commented Dec 22, 2024
edited
Loading

@ziadhany please have a look at it I have made the necessary changes
Please have a look on get_advisory URL part am I doing it correctly?

@pombredanne pombredanne changed the title Add Almalinux advisories VCIO-next: Add Almalinux advisories Dec 23, 2024
ziadhany
ziadhany reviewed Dec 31, 2024
View reviewed changes
Copy link
Collaborator

@ziadhany ziadhany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! @ambuj-1211, the code looks good overall, just a few small nits. Please run the importer and share the logs.

vulnerabilities/pipelines/almalinux_importer.py Outdated Show resolved Hide resolved
@ambuj-1211
Copy link
Collaborator Author

almalinux_logs.txt
@ziadhany These are the importer logs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ziadhany ziadhany ziadhany requested changes

@TG1999 TG1999 Awaiting requested review from TG1999

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
04-VulnerableCode Data Quality and next
Status: No status
Milestone
v36.0.0 - 3-next
Development

Successfully merging this pull request may close these issues.

Collect advisories for AlmaLinux
3 participants
@ambuj-1211 @ziadhany @TG1999