Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add Red Hat converter #274

Merged
merged 1 commit into from
Sep 12, 2024
Merged

add Red Hat converter #274

merged 1 commit into from
Sep 12, 2024

Conversation

jasinner
Copy link
Contributor

@jasinner jasinner commented Sep 9, 2024

Add a Red Hat CSAF to OSV converter tool used by Red Hat to produce the Red Hat OSV data to be hosted at https://security.access.redhat.com/data/osv

This is slightly modified version of the sample code originally review at https://github.com/andrewpollock/rhcsaf2osv

@jasinner jasinner force-pushed the red-hat-csaf-converter branch 2 times, most recently from 695c5e4 to 0b4076e Compare September 9, 2024 06:16
andrewpollock
andrewpollock requested changes Sep 10, 2024
View reviewed changes
Copy link
Collaborator

@andrewpollock andrewpollock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I learned about this new dataclass hammer as part of reviewing this. Entirely your call as to whether you adjust to use it... The only definitely actionable items from me relate to schema version.

tools/redhat/csaf.py Show resolved Hide resolved
tools/redhat/csaf.py Show resolved Hide resolved
tools/redhat/osv.py Show resolved Hide resolved
tools/redhat/osv.py Show resolved Hide resolved
tools/redhat/osv.py Show resolved Hide resolved
tools/redhat/osv.py Show resolved Hide resolved
tools/redhat/osv.py Outdated Show resolved Hide resolved
tools/redhat/osv.py Outdated Show resolved Hide resolved
andrewpollock
andrewpollock reviewed Sep 11, 2024
View reviewed changes
tools/redhat/osv.py Outdated
Also make sure to add a related entry for any GO advisory references found
"""
if reference["url"].startswith(ADVISORY_URL_PREFIXES):
self._add_go_related(reference["url"])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This reads a bit awkwardly given it is called for non-Go advisories too.

Suggested change
self._add_go_related(reference["url"])
self._maybe_add_go_related(reference["url"])

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or maybe just pull out the conditional behaviour to the call site rather than inside the function?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed this function and moved the code back in-line. I also renamed the calling function from get_reference_type to get_reference_type_and_add_go_related to better indicate it's dual behaviour.

tools/redhat/osv.py Outdated Show resolved Hide resolved
@jasinner
add Red Hat converter
7a30e2b 
Signed-off-by: Jason Shepherd <jshepher@redhat.com>
@andrewpollock andrewpollock merged commit 0cef5d4 into ossf:main Sep 12, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@component-registry component-registry component-registry left review comments

@andrewpollock andrewpollock andrewpollock approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jasinner @andrewpollock @component-registry