Add: standalone plugin for evaluating dependencies with a graph #774
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Conventional Commits Report
🚀 Conventional commits found. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #774 +/- ##
==========================================
+ Coverage 79.82% 80.00% +0.17%
==========================================
Files 87 88 +1
Lines 3023 3215 +192
Branches 589 613 +24
==========================================
+ Hits 2413 2572 +159
- Misses 462 485 +23
- Partials 148 158 +10 ☔ View full report in Codecov by Sentry. |
Dependency ReviewThe following issues were found:
Snapshot WarningsEnsure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice. License Issuespoetry.lock
pyproject.toml
Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-or-later, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense OpenSSF Scorecard
Scanned Files
|
NiklasHargarter
force-pushed
the
dependency_graph
branch
from
5c1c5e8 to
e3ab622
Compare
This reverts commit 2d9a86f.
NiklasHargarter
force-pushed
the
dependency_graph
branch
from
f43bc1f to
63c0f64
Compare
mbrinkhoff
requested changes
Jan 20, 2025
| class Script: | ||
| name: str | ||
| feed: str | ||
| dependencies: list[tuple[str, bool]] # (dependency_name, is_gated) |
There was a problem hiding this comment.
Suggested change
| dependencies: list[tuple[str, bool]] # (dependency_name, is_gated) | |
| dependencies: set[tuple[str, bool]] # (dependency_name, is_gated) |
There was a problem hiding this comment.
Using a set would interfere with the current check_duplicates. Would require checking for duplicate dependencies during setup, rather than afterwards with the other checks. Or store duplicates in some other way.
Comment on lines
+383
to
+391
| has_errors = any(result.has_errors() for result in results) | ||
| has_warnings = any(result.has_warnings() for result in results) | ||
|
|
||
| if has_errors: | ||
| return 1 | ||
| elif has_warnings: | ||
| return 2 | ||
| else: | ||
| return 0 |
There was a problem hiding this comment.
Suggested change
| has_errors = any(result.has_errors() for result in results) | |
| has_warnings = any(result.has_warnings() for result in results) | |
| if has_errors: | |
| return 1 | |
| elif has_warnings: | |
| return 2 | |
| else: | |
| return 0 | |
| if any(result.has_errors() for result in results): | |
| return 1 | |
| elif any(result.has_warnings() for result in results): | |
| return 2 | |
| else: | |
| return 0 |
Can be inlined
Comment on lines
+108
to
+113
| parser.add_argument( | ||
| "--feed", | ||
| choices=["21.04", "22.04", "common", "full"], | ||
| default="full", | ||
| help="feed", | ||
| ) |
There was a problem hiding this comment.
https://docs.python.org/3/howto/enum.html#flag
Good example for Flags I think
Comment on lines
+103
to
+107
| parser.add_argument( | ||
| "root", | ||
| type=directory_type, | ||
| help="directory that should be linted", | ||
| ) |
There was a problem hiding this comment.
Suggested change
| parser.add_argument( | |
| "root", | |
| type=directory_type, | |
| help="directory that should be linted", | |
| ) | |
| parser.add_argument( | |
| "root", | |
| type=directory_type, | |
| help="directory that should be linted", | |
| ) |
can be defaulted to the VTDIR environment variable, which is used by convention by nasl devs
| VTCategory, | ||
| ) | ||
|
|
||
| EXTENSIONS = (".nasl",) # not sure if inc files can also have dependencies |
There was a problem hiding this comment.
I dont think so, but worth a question to the core members I think
Comment on lines
+138
to
+139
| case _: | ||
| return [] |
There was a problem hiding this comment.
Suggested change
| case _: | |
| return [] | |
| case _: | |
| raise <Some Exception> |
Should raise an Error, since none of the proper values were found
|
|
||
| def get_scripts(directory) -> list[Script]: | ||
| scripts = [] | ||
| # use path glob? |
There was a problem hiding this comment.
There is an example in troubadix with glob
Comment on lines
+187
to
+199
| def split_dependencies(value: str) -> list[str]: | ||
| """ | ||
| removes blank lines, strips comments, cleans dependencies, | ||
| splits them by commas, and excludes empty strings. | ||
| """ | ||
| return [ | ||
| dep | ||
| for line in value.splitlines() | ||
| if line.strip() # Ignore blank or whitespace-only lines | ||
| # ignore comment, clean line of unwanted chars, split by ',' | ||
| for dep in re.sub(r'[\'"\s]', "", line.split("#", 1)[0]).split(",") | ||
| if dep # Include only non-empty | ||
| ] |
There was a problem hiding this comment.
I think this should be encapsulated in the check_dependencies check and then imported.
My original code isnt good to begin with, having it duplicated only increases the mess
| checks for a script depending on a script multiple times | ||
| """ | ||
| warnings = [] | ||
| for script in scripts: |
There was a problem hiding this comment.
Need to come back to this, reminder to myself
|
|
||
|
|
||
| def cross_feed_dependencies(graph, gated_status: bool) -> list[tuple[str, str]]: | ||
| """ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What
Adds a standalone plugin for evaluating script dependencies with a directed networkx graph.
checks for:
included functionality of normal plugins
Output
python logging levels for system information (
error,warning,info)normal additive verbosity up to
-vvfor result output.Feed options
example call:
poetry run troubadix-dependency-graph ~/gb/vulnerability-tests/nasl --feed full --log info -vvExecution Time
locally ~13 seconds
Why
When checking dependencies, it makes sense to analyse the whole feed, rather than just working on changed scripts. And working on the whole feed is easier with a standalone plugin that doesn't have to adhere to the Troubadix structure.
References
Checklist