From 715a21f74ea7f64e9a0915f5dfaaf3fb1e5c2c37 Mon Sep 17 00:00:00 2001 From: Holly Gong Date: Tue, 6 Aug 2024 13:06:34 +1000 Subject: [PATCH 1/4] Add enumeration version check --- gcp/api/server.py | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/gcp/api/server.py b/gcp/api/server.py index 351bb289c01..0595af65dc6 100644 --- a/gcp/api/server.py +++ b/gcp/api/server.py @@ -1065,17 +1065,9 @@ def query_by_version(context: QueryContext, # Query for non-enumerated ecosystems. bugs, next_page_token = yield _query_by_comparing_versions( context, query, ecosystem, version) - logging.info( - '[_query_by_comparing_versions] Package %s ' - 'at version %s has total %d bugs in %s', package_name or purl, - version, len(bugs), ecosystem) else: bugs, next_page_token = yield _query_by_generic_version( context, query, package_name, ecosystem, purl, version) - logging.info( - '[_query_by_generic_version] Package %s ' - 'at version %s has total %d bugs in %s', package_name or purl, - version, len(bugs), ecosystem) else: logging.warning("Package query without ecosystem specified") @@ -1248,6 +1240,9 @@ def _is_affected(ecosystem: str, version: str, ecosystem_info = ecosystems.get(ecosystem) queried_version = ecosystem_info.sort_key(version) + if version in affected_package.versions: + return True + for r in affected_package.ranges: r: osv.AffectedRange2 From 9de2367c487eca8ba56a8812e9a48ac5e95c4880 Mon Sep 17 00:00:00 2001 From: Holly Gong Date: Tue, 6 Aug 2024 13:13:25 +1000 Subject: [PATCH 2/4] move the enumeration version check to bottom to better test the performance of our new approach. --- gcp/api/server.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/gcp/api/server.py b/gcp/api/server.py index 0595af65dc6..7eef02da493 100644 --- a/gcp/api/server.py +++ b/gcp/api/server.py @@ -1240,9 +1240,6 @@ def _is_affected(ecosystem: str, version: str, ecosystem_info = ecosystems.get(ecosystem) queried_version = ecosystem_info.sort_key(version) - if version in affected_package.versions: - return True - for r in affected_package.ranges: r: osv.AffectedRange2 @@ -1262,7 +1259,8 @@ def _is_affected(ecosystem: str, version: str, if affected: return True - return False + # OSV allows users to add affected versions that are not covered by affected ranges. + return version in affected_package.versions def main(): From 443997a44cdc6424ec35599f3f49baff8c04e560 Mon Sep 17 00:00:00 2001 From: Holly Gong Date: Tue, 6 Aug 2024 13:15:29 +1000 Subject: [PATCH 3/4] fix lint --- gcp/api/server.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gcp/api/server.py b/gcp/api/server.py index 7eef02da493..e9b6275c722 100644 --- a/gcp/api/server.py +++ b/gcp/api/server.py @@ -1259,7 +1259,8 @@ def _is_affected(ecosystem: str, version: str, if affected: return True - # OSV allows users to add affected versions that are not covered by affected ranges. + # OSV allows users to add affected versions + # that are not covered by affected ranges. return version in affected_package.versions From 70decc6cdce3762e1bbeee5e28d5559f80ef8318 Mon Sep 17 00:00:00 2001 From: Holly Gong Date: Tue, 6 Aug 2024 13:19:27 +1000 Subject: [PATCH 4/4] add a todo --- gcp/api/server.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gcp/api/server.py b/gcp/api/server.py index e9b6275c722..3f8d0ac3edf 100644 --- a/gcp/api/server.py +++ b/gcp/api/server.py @@ -1261,6 +1261,8 @@ def _is_affected(ecosystem: str, version: str, # OSV allows users to add affected versions # that are not covered by affected ranges. + # TODO(gongh@): Move this check before the version range check + # after performance analysis. return version in affected_package.versions