Hritik14 · December 4, 2021 20:04
diff --git a/review-2021-12-04.txt b/review-2021-12-04.txt
 https://github.com/nexB/vulnerablecode/blob/main/vulnerabilities/migrations/0003_populate_patched_package.py
 Is this hand written migration ? Why ? I'm resetting migrations, this is breaks on changes in univers
 - > move to init migration, provide data dump


 https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/import_runner.py#L73
 - name should be inside the importer class
 https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/import_runner.py#L108
 - Advisory. get or create in the loop itself
 https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/import_runner.py#L95
 - Make it a list (or iterable is better), not set

 class AdvisoryData:
 """
 This data class expresses the contract between data sources and the import runner.
 """


 vulnerability_id: Optional[str] = None
 summary: str = None
 affected_packages: List[AffectedPackage] = dataclasses.field(default_factory=list)
 references: List[Reference] = dataclasses.field(default_factory=list)
 date_published: Optional[datetime.datetime] = None

 - Use this to create an Advisory model and store List objects as json

 https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/data_source.py#L99
 - affected_version_range

 - https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/data_source.py#L120
 VersionRange.version_class to get the Version subclass

 https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/importers/nginx.py#L71 
 - docify this

 - advisory_data should return an iterable as a contract

 https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/importers/nginx.py#L77
 - yield better

 https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/importers/nginx.py#L158
 - use getattr

 https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/importers/nginx.py#L162
 - only for nginx advisory

 https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/importers/nginx.py#L188
 - return a dict and use ** on 77
 https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/importers/nginx.py#L99
 - _,_,fixed_versions = 

 https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/importers/nginx.py#L86
 - how does a paragraph look

 https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/importers/nginx.py#L116
 - remove branch qualifier
	https://github.com/nexB/vulnerablecode/blob/main/vulnerabilities/migrations/0003_populate_patched_package.py
	Is this hand written migration ? Why ? I'm resetting migrations, this is breaks on changes in univers
	- > move to init migration, provide data dump


	https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/import_runner.py#L73
	- name should be inside the importer class
	https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/import_runner.py#L108
	- Advisory. get or create in the loop itself
	https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/import_runner.py#L95
	- Make it a list (or iterable is better), not set

	class AdvisoryData:
	"""
	This data class expresses the contract between data sources and the import runner.
	"""


	vulnerability_id: Optional[str] = None
	summary: str = None
	affected_packages: List[AffectedPackage] = dataclasses.field(default_factory=list)
	references: List[Reference] = dataclasses.field(default_factory=list)
	date_published: Optional[datetime.datetime] = None

	- Use this to create an Advisory model and store List objects as json

	https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/data_source.py#L99
	- affected_version_range

	- https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/data_source.py#L120
	VersionRange.version_class to get the Version subclass

	https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/importers/nginx.py#L71
	- docify this

	- advisory_data should return an iterable as a contract

	https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/importers/nginx.py#L77
	- yield better

	https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/importers/nginx.py#L158
	- use getattr

	https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/importers/nginx.py#L162
	- only for nginx advisory

	https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/importers/nginx.py#L188
	- return a dict and use ** on 77
	https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/importers/nginx.py#L99
	- _,_,fixed_versions =

	https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/importers/nginx.py#L86
	- how does a paragraph look

	https://github.com/Hritik14/vulnerablecode/blob/ee0dba45f1d5b6680e121d91ce59b050325a5e67/vulnerabilities/importers/nginx.py#L116
	- remove branch qualifier