launchpad-reviewers team mailing list archive

Thread
Date

Re: [Merge] ~enriqueesanchz/launchpad:add-import-export-endpoints into launchpad:master

To: mp+491804@xxxxxxxxxxxxxxxxxx
From: Enrique Sánchez <mp+491804@xxxxxxxxxxxxxxxxxx>
Date: Wed, 03 Sep 2025 08:20:03 -0000
In-reply-to: <175682930409.3988919.2213395396691712100.launchpad@scripts-bzrsyncd.lp.internal>
Reply-to: mp+491804@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

Replied :) `SOSSImporter` is only called inside the `ImportVulnerabilityJob` so there is no logged in user using it.

Diff comments:

> diff --git a/lib/lp/bugs/tests/test_importvulnerabilityjob.py b/lib/lp/bugs/tests/test_importvulnerabilityjob.py
> index 297f8d7..45b3340 100644
> --- a/lib/lp/bugs/tests/test_importvulnerabilityjob.py
> +++ b/lib/lp/bugs/tests/test_importvulnerabilityjob.py
> @@ -335,7 +335,107 @@ class ImportVulnerabilityJobTests(TestCaseWithFactory):
>  
>          job = self.job_source.create(
>              handler=VulnerabilityHandlerEnum.SOSS,
> -            git_repository=self.repository.git_https_url,
> +            git_repository=self.repository.id,
> +            git_ref="ref/tags/v1.0",
> +            git_paths=["cves"],
> +            information_type=InformationType.PRIVATESECURITY.value,
> +            import_since_commit_sha1=None,
> +        )
> +        job.run()
> +
> +        # Check that it created the bug and vulnerability
> +        self.assertEqual(len(cve.bugs), 1)
> +
> +        admin = getUtility(ILaunchpadCelebrities).admin
> +        with person_logged_in(admin):
> +            self.assertEqual(len(list(cve.vulnerabilities)), 1)
> +
> +        self.assertEqual(
> +            job.metadata.get("result"),
> +            {
> +                "succeeded": ["CVE-2025-1979"],
> +                "failed": [],
> +                "error_description": [],
> +            },
> +        )
> +
> +    def test_run_import_with_private_repo(self):
> +        """Run ImportVulnerabilityJob."""
> +        private_repo = removeSecurityProxy(
> +            self.factory.makeGitRepository(
> +                information_type=InformationType.PRIVATESECURITY
> +            )
> +        )
> +        refs = self.factory.makeGitRefs(
> +            repository=private_repo,
> +            paths=("ref/heads/main", "ref/tags/v1.0"),
> +        )
> +        with open(self.cve_path, encoding="utf-8") as file:
> +            self.useFixture(
> +                GitHostingFixture(
> +                    blob=file.read(),
> +                    refs=refs,
> +                    diff_stats={"added": ["cves/CVE-2025-1979"]},
> +                )
> +            )
> +
> +        cve = self.factory.makeCVE("2025-1979")
> +        self.factory.makeDistribution(name="soss")
> +
> +        job = self.job_source.create(
> +            handler=VulnerabilityHandlerEnum.SOSS,
> +            git_repository=private_repo.id,
> +            git_ref="ref/tags/v1.0",
> +            git_paths=["cves"],
> +            information_type=InformationType.PRIVATESECURITY.value,

Above, you can see that I created a distribution with `self.factory.makeDistribution(name="soss")`. This distribution defaults to InformationType.PUBLIC that allows the creation of PRIVATESECURITY bugs/vulnerabilities.

There are other places where I use InformationType.PROPRIETARY distribution that only allows to create PROPRIETARY bugs/vulnerabilities.

I will take a look in the docstrings to explain this.

> +            import_since_commit_sha1=None,
> +        )
> +        job.run()
> +
> +        # Check that it created the bug and vulnerability
> +        self.assertEqual(len(cve.bugs), 1)
> +
> +        admin = getUtility(ILaunchpadCelebrities).admin
> +        with person_logged_in(admin):
> +            self.assertEqual(len(list(cve.vulnerabilities)), 1)
> +
> +        self.assertEqual(
> +            job.metadata.get("result"),
> +            {
> +                "succeeded": ["CVE-2025-1979"],
> +                "failed": [],
> +                "error_description": [],
> +            },
> +        )
> +
> +    def test_run_import_with_proprietary_repo(self):
> +        """Run ImportVulnerabilityJob."""
> +        project = self.factory.makeProduct()
> +        self.factory.makeAccessPolicy(pillar=project)
> +        proprietary_repo = removeSecurityProxy(
> +            self.factory.makeGitRepository(
> +                target=project, information_type=InformationType.PROPRIETARY
> +            )
> +        )
> +        refs = self.factory.makeGitRefs(
> +            repository=proprietary_repo,
> +            paths=("ref/heads/main", "ref/tags/v1.0"),
> +        )
> +        with open(self.cve_path, encoding="utf-8") as file:
> +            self.useFixture(
> +                GitHostingFixture(
> +                    blob=file.read(),
> +                    refs=refs,
> +                    diff_stats={"added": ["cves/CVE-2025-1979"]},
> +                )
> +            )
> +
> +        cve = self.factory.makeCVE("2025-1979")
> +        self.factory.makeDistribution(name="soss")
> +
> +        job = self.job_source.create(
> +            handler=VulnerabilityHandlerEnum.SOSS,
> +            git_repository=proprietary_repo.id,
>              git_ref="ref/tags/v1.0",
>              git_paths=["cves"],
>              information_type=InformationType.PRIVATESECURITY.value,


-- 
https://code.launchpad.net/~enriqueesanchz/launchpad/+git/launchpad/+merge/491804
Your team Launchpad code reviewers is requested to review the proposed merge of ~enriqueesanchz/launchpad:add-import-export-endpoints into launchpad:master.

Follow ups

Re: [Merge] ~enriqueesanchz/launchpad:add-import-export-endpoints into launchpad:master
From: Yuliy Schwartzburg, 2025-09-03

References

[Merge] ~enriqueesanchz/launchpad:add-import-export-endpoints into launchpad:master
From: Enrique Sánchez, 2025-09-02