def _source_update(self, message):
"""Source update."""
source = message.attributes['source']
path = message.attributes['path']
original_sha256 = message.attributes['original_sha256']
source_repo = osv.get_source_repository(source)
repo = osv.clone_with_retries(
source_repo.repo_url,
os.path.join(self._sources_dir, source),
callbacks=self._git_callbacks(source_repo))
yaml_path = os.path.join(osv.repo_path(repo), path)
current_sha256 = osv.sha256(yaml_path)
if current_sha256 != original_sha256:
logging.warning(
'sha256sum of %s no longer matches (expected=%s vs current=%s).',
path, original_sha256, current_sha256)
return
try:
vulnerability = osv.parse_vulnerability(yaml_path)
except Exception as e:
logging.error('Failed to parse vulnerability %s: %s', yaml_path, e)
return
self._do_update(source_repo, repo, vulnerability, yaml_path,
original_sha256)
def run(self):
"""Run importer."""
# Currently only importing OSS-Fuzz data.
oss_fuzz_source = osv.get_source_repository('oss-fuzz')
if not oss_fuzz_source:
raise RuntimeError('OSS-Fuzz source not found.')
self.process_oss_fuzz(oss_fuzz_source)
def add_source_info(bug, response):
"""Add source information to `response`."""
if bug.source_of_truth == osv.SourceOfTruth.INTERNAL:
response['source'] = 'INTERNAL'
return
source_repo = osv.get_source_repository(bug.source)
if not source_repo or not source_repo.link:
return
source_path = osv.source_path(source_repo, bug)
response['source'] = source_repo.link + source_path
response['source_link'] = response['source']
def _source_update(self, message):
"""Source update."""
source = message.attributes['source']
path = message.attributes['path']
source_repo = osv.get_source_repository(source)
repo = osv.clone_with_retries(
source_repo.repo_url,
os.path.join(self._sources_dir, source),
callbacks=self._git_callbacks(source_repo))
yaml_path = os.path.join(osv.repo_path(repo), path)
vulnerability = osv.parse_vulnerability(yaml_path)
self._do_update(source_repo, repo, vulnerability, yaml_path)
def _source_update(self, message):
"""Source update."""
source = message.attributes['source']
path = message.attributes['path']
original_sha256 = message.attributes['original_sha256']
deleted = message.attributes['deleted'] == 'true'
source_repo = osv.get_source_repository(source)
repo = osv.ensure_updated_checkout(
source_repo.repo_url,
os.path.join(self._sources_dir, source),
git_callbacks=self._git_callbacks(source_repo))
yaml_path = os.path.join(osv.repo_path(repo), path)
if not os.path.exists(yaml_path):
logging.info('%s was deleted.', yaml_path)
if deleted:
self._handle_deleted(yaml_path)
return
if deleted:
logging.info('Deletion request but source still exists, aborting.')
return
current_sha256 = osv.sha256(yaml_path)
if current_sha256 != original_sha256:
logging.warning(
'sha256sum of %s no longer matches (expected=%s vs current=%s).',
path, original_sha256, current_sha256)
return
try:
vulnerability = osv.parse_vulnerability(yaml_path)
except Exception as e:
logging.error('Failed to parse vulnerability %s: %s', yaml_path, e)
return
self._do_update(source_repo, repo, vulnerability, yaml_path, path,
original_sha256)
def _source_update(self, message):
"""Source update."""
source = message.attributes['source']
path = message.attributes['path']
original_sha256 = message.attributes['original_sha256']
deleted = message.attributes['deleted'] == 'true'
source_repo = osv.get_source_repository(source)
if source_repo.type == osv.SourceRepositoryType.GIT:
repo = osv.ensure_updated_checkout(
source_repo.repo_url,
os.path.join(self._sources_dir, source),
git_callbacks=self._git_callbacks(source_repo),
branch=source_repo.repo_branch)
vuln_path = os.path.join(osv.repo_path(repo), path)
if not os.path.exists(vuln_path):
logging.info('%s was deleted.', vuln_path)
if deleted:
self._handle_deleted(source_repo, path)
return
if deleted:
logging.info(
'Deletion request but source still exists, aborting.')
return
try:
vulnerabilities = osv.parse_vulnerabilities(
vuln_path, key_path=source_repo.key_path)
except Exception as e:
logging.error('Failed to parse vulnerability %s: %s',
vuln_path, e)
return
current_sha256 = osv.sha256(vuln_path)
elif source_repo.type == osv.SourceRepositoryType.BUCKET:
storage_client = storage.Client()
bucket = storage_client.bucket(source_repo.bucket)
try:
blob = bucket.blob(path).download_as_bytes()
except google.cloud.exceptions.NotFound:
logging.error('Bucket path %s does not exist.', path)
return
current_sha256 = osv.sha256_bytes(blob)
try:
vulnerabilities = osv.parse_vulnerabilities_from_data(
blob,
extension=os.path.splitext(path)[1],
key_path=source_repo.key_path)
except Exception as e:
logging.error('Failed to parse vulnerability %s: %s', path, e)
return
repo = None
else:
raise RuntimeError('Unsupported SourceRepository type.')
if current_sha256 != original_sha256:
logging.warning(
'sha256sum of %s no longer matches (expected=%s vs current=%s).',
path, original_sha256, current_sha256)
return
for vulnerability in vulnerabilities:
self._do_update(source_repo, repo, vulnerability, path,
original_sha256)