-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Add support for NormalizedVersionRanges #108
base: main
Are you sure you want to change the base?
Conversation
keshav-space
commented
Mar 14, 2023
- support normalization of range expression from GitHub, Snyk, GitLab
- Discrete range normalization for OSV, DEPS, VulerableCode
97c2de4
to
e001ca7
Compare
1018732
to
b9664ca
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks
LGTM overall! we have likely to find a bettr way than using the native intbitset of at least have a fallback to plain Python, I will review further later this WE!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we could:
- extract Span as its own mini library also reused in ScanCode? May be this is overakill though
- have a fallback to a plain builtin set when intbitset is not installed... and have this also in SCTK
cda6c25
to
e387ecb
Compare
Added |
- support normalization of range expression from GitHub, Snyk, GitLab - Discrete range normalization for OSV, DEPS, VulerableCode Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
e387ecb
to
d88b80c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! See some/many comments for your consideration!
if resolved_operator == operator.lt: | ||
return Span(1, index - 1) | ||
if resolved_operator == operator.gt: | ||
return Span(index + 1, len(version_map)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
May be you could create a variable for this?
Return dict mapping version to integer. | ||
""" | ||
if purl_type not in VERSIONS_BY_PACKAGE_TYPE: | ||
return |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should error out with an exception IMHO
sorted_versions = sorted([version_type(i) for i in versions]) | ||
sorted_versions = [version.string for version in sorted_versions] | ||
index = list(range(1, len(sorted_versions) + 1, 1)) | ||
return dict(zip(sorted_versions, index)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
May be {v: i for i, v in enumerate(versions, 1)}
return | ||
|
||
version_type = VERSIONS_BY_PACKAGE_TYPE.get(purl_type) | ||
sorted_versions = sorted([version_type(i) for i in versions]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about sorting using a key instead? May be something like this?
# sort using the version class of the purl type
sorted_versions = sorted(versions, key=version_type)
return dict(zip(sorted_versions, index)) | ||
|
||
@classmethod | ||
def from_github(cls, range_expression: Union[str, List], purl_type: str, all_versions: List): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not GitHub but a GitHub Advisory and same for Gitlab: ghsa, github_advisory gitlab_advisory
return version[1:] | ||
|
||
|
||
VERSIONS_BY_PACKAGE_TYPE = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This does double duty with existing code