Skip to content

feat: added PURL generation to PhpParser #4016

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Apr 16, 2024
Merged

feat: added PURL generation to PhpParser #4016

merged 13 commits into from
Apr 16, 2024

Conversation

joydeep049
Copy link
Contributor

Related #3771.

"Composer" based packages do contain vendor information for their components so I guess we do not have to do extra work later for getting vendor info.

cc @terriko @anthonyharrison

joydeep049 and others added 13 commits November 1, 2023 12:55
@joydeep049
Merge pull request #1 from intel/main
a1e428d 
Changes
@joydeep049
Merge pull request #4 from intel/main
f0bd35d 
Changes-2
@joydeep049
Merge pull request #5 from intel/main
97ec9a5 
Changes
@joydeep049
Merge pull request #6 from intel/main
829036e 
Changes
@joydeep049
Merge pull request #11 from intel/main
1d8812e 
Changes
@joydeep049
Merge pull request #12 from intel/main
f6805f0 
Changes
@joydeep049
Merge pull request #13 from intel/main
a0800d6 
Changes
@joydeep049
Merge branch 'main' of https://github.com/joydeep049/cve-bin-tool
5d98393
@joydeep049
Merge pull request #14 from intel/main
1182cd7 
Changes
@joydeep049
Merge branch 'main' of https://github.com/joydeep049/cve-bin-tool
a3b79f1
@joydeep049
Merge pull request #16 from intel/main
0c9db96 
Changes
@joydeep049
Merge branch 'main' of https://github.com/joydeep049/cve-bin-tool
1e6b475
@joydeep049
feat: added PURL generation to PhpParser
d439a6a
@joydeep049
Copy link
Contributor Author

joydeep049 commented Apr 9, 2024
edited
Loading

With this , I guess most of the PURL generation parts are done.
We can now begin working on adding unit tests to the generate_purl method as filed in #3961.

Will take me a bit of time as I have a number of assignment submissions and presentations this week, but I'll start working on it next week.

@codecov-commenter
Copy link

codecov-commenter commented Apr 9, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 36.36364% with 7 lines in your changes are missing coverage. Please review.

Project coverage is 80.39%. Comparing base (d6cbe40) to head (d439a6a).
Report is 148 commits behind head on main.

Files Patch % Lines
cve_bin_tool/parsers/php.py 36.36% 7 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4016      +/-   ##
==========================================
+ Coverage   75.41%   80.39%   +4.97%     
==========================================
  Files         808      820      +12     
  Lines       11983    12583     +600     
  Branches     1598     1951     +353     
==========================================
+ Hits         9037    10116    +1079     
+ Misses       2593     2050     -543     
- Partials      353      417      +64
Flag Coverage Δ
longtests 75.49% <36.36%> (+0.07%) ⬆️
win-longtests 78.60% <36.36%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@joydeep049
Copy link
Contributor Author

joydeep049 commented Apr 10, 2024
edited
Loading

Also @terriko , had some ideas as to how a new abstraction layer could be added for the purl2cpe database as @anthonyharrison suggested after reviewing my proposal. Whenever you're free we can discuss about that.

Cheers!

terriko
terriko approved these changes Apr 10, 2024
View reviewed changes
Copy link
Contributor

@terriko terriko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yay for having vendor info!

And feel free to kick off discussions any time in the issues, I'm just trying to focus on release stuff but everyone else involved in the project might like to talk about it!

I'm marking this as approved now, not sure if I'm going to merge it before or after the release.

@terriko terriko added this to the 3.3.1 milestone Apr 10, 2024
@joydeep049
Copy link
Contributor Author

Yay for having vendor info!

And feel free to kick off discussions any time in the issues, I'm just trying to focus on release stuff but everyone else involved in the project might like to talk about it!

I'm marking this as approved now, not sure if I'm going to merge it before or after the release.

I think I'm gonna spend bit of time this month trying to figure out data sources to get vendor information for package types lile PyPi and cpan. (So that we can spend more time implementing and less time researching during the GSoC project.)

I did also have some further ideas on the abstraction layer for the purl2cpe database as well. So that we can maybe swap that database for a new one possibly in the future as @anthonyharrison suggested.

@terriko
Copy link
Contributor

terriko commented Apr 16, 2024

Release is done, time to get this merged. thank you again!

@terriko terriko merged commit fcf0555 into intel:main Apr 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@terriko terriko terriko approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.4
Development

Successfully merging this pull request may close these issues.
3 participants
@joydeep049 @codecov-commenter @terriko