-
Notifications
You must be signed in to change notification settings - Fork 645
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Vulnerabilities]Adding new Job for updating v3 Vulnerabilities files. #9740
Merged
Merged
Changes from 13 commits
Commits
Show all changes
16 commits
Select commit
Hold shift + click to select a range
57eb678
Initial frameowkr for Ghv2v3 job.
ryuyu 8b96afc
Adding specialcasing
ryuyu cbff107
Fix some runtime issues.
ryuyu 8d64690
Add Telemetry. Clean up some leftovers.
ryuyu d47d714
Adding Tests.
ryuyu e8cd337
Fix tests. Allow collector to not update cursor.
ryuyu 54cc778
Addressing some nits, and some other PR feedback.
ryuyu ec6a028
Fix useragent header setting. Fix special case check to include packa…
ryuyu debe7c6
Revert special case to catch whenever we see a repeated vuln URL
ryuyu de6c38a
Update build/test scripts. update comments. remove static assemblyinfo.
ryuyu 907bccd
Lifted some value in to config. Basic wasWithdrawn behaviour?
ryuyu 8d4b99a
Split FlushAsync
ryuyu a4ee119
Close gap between collection and writing when setting final cursor va…
ryuyu 998eedd
Fixing some typos in comments.
ryuyu 568087a
Adding some extra traces.
ryuyu 3b86743
Enable gzipping and surface configuration value for it.
ryuyu File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| <?xml version="1.0" encoding="utf-8" ?> | ||
| <configuration> | ||
| <startup> | ||
| <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" /> | ||
| </startup> | ||
| </configuration> | ||
50 changes: 50 additions & 0 deletions
50
src/GitHubVulnerabilities2v3/Configuration/GitHubVulnerabilities2v3Configuration.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| // Copyright (c) .NET Foundation. All rights reserved. | ||
| // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. | ||
|
|
||
| using System; | ||
| using NuGet.Services.GitHub.Configuration; | ||
|
|
||
| namespace GitHubVulnerabilities2v3.Configuration | ||
| { | ||
| public class GitHubVulnerabilities2v3Configuration : GraphQLQueryConfiguration | ||
| { | ||
| /// <summary> | ||
| /// The storage connection to use to save the job's output. | ||
| /// </summary> | ||
| public string StorageConnectionString { get; set; } | ||
|
|
||
| /// <summary> | ||
| /// The storage container to save the job's output in. | ||
| /// </summary> | ||
| public string V3VulnerabilityContainerName { get; set; } = "v3-vulnerabilities"; | ||
|
|
||
| /// <summary> | ||
| /// Service Index Root | ||
| /// </summary> | ||
| public string V3BaseUrl { get; set; } = "https://api.nuget.org/"; | ||
|
|
||
| /// <summary> | ||
| /// The name of the blob to save the job's advisories cursor in. | ||
| /// </summary> | ||
| public string AdvisoryCursorBlobName { get; set; } = "cursor.json"; | ||
|
|
||
| /// <summary> | ||
| /// The names of the generated files. | ||
| /// </summary> | ||
| public string IndexFileName { get; set; } = "index.json"; | ||
| public string BaseFileName { get; set; } = "vulnerability.base.json"; | ||
| public string UpdateFileName { get; set; } = "vulnerability.update.json"; | ||
|
|
||
| /// <summary> | ||
| /// Other Runtime Configurations | ||
| /// </summary> | ||
| public int DaysBeforeBaseStale { get; set; } = 30; | ||
|
|
||
| /// <summary> | ||
| /// Cache control headers. | ||
| /// </summary> | ||
| public string IndexCacheControlHeader { get; set; } = "max-age=259200, must-revalidate"; | ||
| public string BaseCacheControlHeader { get; set; } = "max-age=604800, must-revalidate"; | ||
| public string UpdateCacheControlHeader { get; set; } = "max-age=604800, must-revalidate"; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| // Copyright (c) .NET Foundation. All rights reserved. | ||
| // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. | ||
|
|
||
| using Newtonsoft.Json; | ||
|
|
||
| namespace GitHubVulnerabilities2v3.Entities | ||
| { | ||
| public class Advisory | ||
| { | ||
| [JsonProperty(PropertyName = "url")] | ||
ryuyu marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| public string Url { get; set; } | ||
|
|
||
| [JsonProperty(PropertyName = "severity")] | ||
| public int Severity { get; set; } | ||
|
|
||
| [JsonProperty(PropertyName = "versions")] | ||
| public string Versions { get; set; } | ||
| } | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| // Copyright (c) .NET Foundation. All rights reserved. | ||
| // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. | ||
|
|
||
| using Newtonsoft.Json; | ||
| using System; | ||
|
|
||
| namespace GitHubVulnerabilities2v3.Entities | ||
| { | ||
| public class IndexEntry | ||
| { | ||
| [JsonProperty(PropertyName = "@name")] | ||
| public string Name { get; set; } | ||
|
|
||
| [JsonProperty(PropertyName = "@id")] | ||
| public string Id { get; set; } | ||
|
|
||
| [JsonProperty(PropertyName = "@updated")] | ||
| public DateTime Updated { get; set; } | ||
|
|
||
| [JsonProperty(PropertyName = "comment")] | ||
| public string Comment { get; set; } | ||
| } | ||
| } |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just wondering if we really need NETFramework 4.7.2 for this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file was generated (I think?) as part of the project template? I am not 100% sure if we need it or what it does. Does anybody with a bit more knowledge here know if this can safely be removed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@RiadGahlouz are you asking if .NET (Core) would suffice here instead of .NET Framework?
Regarding the need for this file, I believe we have it for all of our entry points (web apps, jobs), but not all of our libraries. I'd say just leave it and be consistent with everything else.