Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update vulnerabilities CVE endpoint #3386

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Update vulnerabilities CVE endpoint #3386

wants to merge 9 commits into from

Conversation

lucasmoura
Copy link
Contributor

Why is this needed?

We have redesigned the vulnerabilities CVE endpoint to per-package instead of per-cve. Now, each installed package will list all of the CVEs that it is affected by.

Test Steps

  1. Run the new integration test created for the endpoint
  2. Check that the vulnerability caches are still behaving correctly
  • (un)check this to re-run the checklist action

@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 30, 2025
edited by orndorffgrant
Loading

PR Checklist

How to use this checklist

How to use this checklist

PR Author

For each section, check a box when it is true.
Uncheck a box if it becomes un-true.
Then check the box at the bottom of the PR description to re-run the action that creates this checklist.
The action that creates and updates this comment will retain your edits.
The action will fail if the checklist is not completed.

PR Reviewer

Check that the PR checklist action did not fail.
Double check that the author filled out the checklist accurately.
If you disagree with a checklist item, start a conversation.
For example, the author may say they don't think integration tests are necessary, but you may disagree.

Bug References

None.

Confirm

  • I've properly referenced all bugs that this PR fixes
How to properly reference fixed bugs
  • If this PR is related to a Jira item, include an SC-1234 reference in the PR title
  • If this PR is fixes a GitHub issue, include a Fixes: #1234 reference in the commit that fixes the issue
  • If this PR is fixes a Launchpad bug, include a LP: #12345678 reference in the commit that fixes the issue

Test Updates

Unit Tests

  • I have updated or added any unit tests accordingly
  • No unit test changes are necessary for this change

Integration Tests

  • I have updated or added any integration tests accordingly
  • No integration test changes are necessary for this change

Documentation

  • Changes here need to be documented and I have referenced the docs PR in the description
  • No documentation updates are necessary for this change

Does this PR require review from someone outside the core ubuntu-pro-client team?

  • Yes, and I have requested those reviews via GitHub
  • No

@lucasmoura lucasmoura mentioned this pull request Jan 31, 2025
Open
1 task
orndorffgrant
orndorffgrant reviewed Feb 3, 2025
View reviewed changes
uaclient/data_types.py Outdated Show resolved Hide resolved
uaclient/data_types.py Show resolved Hide resolved
uaclient/data_types.py Show resolved Hide resolved
uaclient/messages/__init__.py Outdated Show resolved Hide resolved
features/api/vulnerabilities_cve.feature Outdated Show resolved Hide resolved
features/api/vulnerabilities_cve.feature Outdated Show resolved Hide resolved
features/api/vulnerabilities_cve.feature Outdated Show resolved Hide resolved
features/api/vulnerabilities_cve.feature Outdated Show resolved Hide resolved
features/api/vulnerabilities_cve.feature Outdated Show resolved Hide resolved
@renanrodrigo
Copy link
Member

rebased to accomodate commits from #3384

@renanrodrigo
Copy link
Member

renanrodrigo commented Feb 6, 2025
edited
Loading

Xenial build now broken on a dict comparison - maybe ordering?

@lucasmoura
Remove old vulnerability commands
ffade2e
@lucasmoura
Add Dict DataValue support
7355035 
Similar to the data_list function, we are now creating
a data_dict function to support dict objects on our DataObject
definitions
@lucasmoura
Support overlay response for download xz function
66d929d
@lucasmoura
Redesign vulnerabilities cve endpoint
065bf14 
The redesigned endpoint is now orientend per-package
instead of per-cve. This endpoint will be the base
for the vulnerability CLI commands, that will also
be redesigned
@lucasmoura
api: add related_packages to vulnerabilities cve
d00e6b0 
Add the related_packages to each vulnerability CVE
that we have, as this information will be required in
some CLI commands of Pro
@lucasmoura
api: update example for vulnerabilities cve
22b2cdc
@lucasmoura
api: rename cve endpoint to u.pro.security.cves.v1
e20af99
@lucasmoura
api: hide cves fields that are only usefull on cli
5c74bf6 
We are now hiding some fields that are only usefull when
we are writing our CLI related CVE features
@lucasmoura
Copy link
Contributor Author

@renanrodrigo I have updated the PR and fixed the affected integration tests related to this change

orndorffgrant
orndorffgrant reviewed Feb 7, 2025
View reviewed changes
uaclient/api/u/pro/security/cves/cve/v1.py
@@ -1,13 +1,12 @@
import datetime
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

During the rename, this file was left behind. I believe all of uaclient/api/u/pro/security/cves/cve/* can be deleted

uaclient/api/u/pro/security/cves/_common/v1.py
@@ -182,9 +182,6 @@ def get_published_date(self):
return vulnerability_json_data["published_at"]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You don't need to make a change, but I suppose the _common structure is not needed anymore since there is only one API endpoint.

uaclient/cli/vulnerability/update.py
@@ -1,7 +1,5 @@
from uaclient import messages
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why was update left behind if we're deleting the other two vulnerability commands in this PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@orndorffgrant orndorffgrant orndorffgrant left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lucasmoura @renanrodrigo @orndorffgrant