feat(go worker): implement the enrichers#5310
Hidden character warning
feat(go worker): implement the enrichers#5310michaelkedar wants to merge 15 commits intogoogle:masterfrom
Conversation
michaelkedar
requested review from
Ly-Joey,
another-rex and
tobyhawker
and removed request for
Ly-Joey
another-rex
left a comment
another-rex
left a comment
There was a problem hiding this comment.
hmm for each enricher should it have a name, that way we can debug up to where each enrichment run actually got up to and which one errored.
Overall LGTM!
| "github.com/ossf/osv-schema/bindings/go/osvschema" | ||
| ) | ||
|
|
||
| type EventType int |
There was a problem hiding this comment.
Should this just be a string type rather than an int type, and we can skip the switch statement in affected_versions.go
There was a problem hiding this comment.
I want this to be an int type to use for sorting, but I've added a String() method to the type.
|
|
||
| // Get the current state of the vuln to check against | ||
| current, err := e.Stores.Vulnerability.Get(ctx, task.Vuln.GetId()) | ||
| currentNotFound := errors.Is(err, models.ErrNotFound) |
There was a problem hiding this comment.
can you invert this bool? The double negation is a bit confusing.
There was a problem hiding this comment.
redid the logic here to avoid this variable altogether
|
|
||
| var parsedEvents []parsedEvent | ||
| for _, evt := range events { | ||
| p, err := sys.Parse(evt.Version) |
There was a problem hiding this comment.
Hmm do we have a linter or some sort of warning where we can get notified about these invalid versions? E.g. maybe this is showing a edge case in our version parsing where we are wrong.
There was a problem hiding this comment.
I've made the SortVersions and this log an error and skip. Hopefully we don't have bad versions OSV.dev (though IIRC, most semantic parsers cannot actually error.
I actually use the I can still add a Name() method if you'd prefer |
2 participants
Added Enrichers to the pipeline to cover what the python worker is currently doing.
There's quite a bit, but I've tried making individual tests to cover each enricher, and copied one of the Python test yaml files to go to make sure it's similar