These are chat archives for coala/coala-bears

21st
Jul 2018
John Vandenberg
@jayvdb
Jul 21 2018 01:42
two days of TextLintBear break on master https://travis-ci.org/coala/coala-bears/builds ; someone create an issue pls
Viresh Gupta
@virresh
Jul 21 2018 02:17
The breakage is due to ssl certificate expiration of coala.io
Viresh Gupta
@virresh
Jul 21 2018 02:23
Opened coala/coala-bears#2628
John Vandenberg
@jayvdb
Jul 21 2018 02:32
create an issue in devops about that
then ping Yuki
Viresh Gupta
@virresh
Jul 21 2018 02:42
@yukiisbored coala/devops#124
Muhammad Kaisar Arkhan
@yukiisbored
Jul 21 2018 03:00
Thank you @virresh. It's fixed now. I forgot to enable the HTTP Challenge after disabling the evil cloudflare proxies
Viresh Gupta
@virresh
Jul 21 2018 03:03
Will close the issue then :)
Vaibhav Rai
@RaiVaibhav
Jul 21 2018 07:51
@jayvdb I have made the changes in code something like this https://bpaste.net/show/2652e65a0118 to make it working with cve_key( it is somewhat hack stuff) if you find it useful ping me I will update the code of PySafetyBear
John Vandenberg
@jayvdb
Jul 21 2018 07:54
@RaiVaibhav , how big is their database? is it feasible to download it ?
John Vandenberg
@jayvdb
Jul 21 2018 07:55
what is the difference between those two files ?
how big are they? I dont want to download them if they are huge
last release was July 2017 though
Vaibhav Rai
@RaiVaibhav
Jul 21 2018 07:58
the difference it one have more content than another :sweat_smile:
John Vandenberg
@jayvdb
Jul 21 2018 07:58
why does one have more than the other
if you dont know , we'll investigate together
Vaibhav Rai
@RaiVaibhav
Jul 21 2018 07:59
insecure.json contains just the package name and all insecure releases as a plain list

insecure_full.json additionally contains the CVE description and URLs, or the relevant part of the changelog.
Ishan Srivastava
@ishanSrt
Jul 21 2018 08:03
GIT_AUTHOR_DATE and author changed on coala/coala-quickstart#236
@jayvdb
Vaibhav Rai
@RaiVaibhav
Jul 21 2018 08:06
So they always search full data base
Seems like there insecure.json will never get use :sweat_smile: , just like they made a backup if some want to import externally there function
fetch_database(full=False, key=False, db=False, cached=False):
John Vandenberg
@jayvdb
Jul 21 2018 08:08
@RaiVaibhav , can safety work with just the smaller one ?
Vaibhav Rai
@RaiVaibhav
Jul 21 2018 08:09
yeah
db_name = "insecure_full.json" if full else "insecure.json"
John Vandenberg
@jayvdb
Jul 21 2018 08:09
ok. great.
Vaibhav Rai
@RaiVaibhav
Jul 21 2018 08:10
So should I continue with this code https://bpaste.net/show/2652e65a0118 or you have something different in your mind?
John Vandenberg
@jayvdb
Jul 21 2018 08:15
I cant easily decide based on a code paste ; can you paste a diff
John Vandenberg
@jayvdb
Jul 21 2018 08:23
ah , well if you emit the cve like before, that is much better
I did add a review to your PR for how I think we should do it
Vaibhav Rai
@RaiVaibhav
Jul 21 2018 08:25
Yeah I have seen a mail :+1:
So you want me to directly fetch the data and make my own safety?
John Vandenberg
@jayvdb
Jul 21 2018 08:29
no. directly fetch the data and give the directory to safety
Vaibhav Rai
@RaiVaibhav
Jul 21 2018 08:31
but why does it needed when, I didn't relate here how does it effect cve in PySafetyBear when original safety module don't support cve in there namedtuple, please correct I may think in wrong way
this is for db_mirror?
John Vandenberg
@jayvdb
Jul 21 2018 08:38
there are two undesirable parts of safety -- one is the 'online' checking, which is not how coala works. -- the other is the regression in reporting cve's, which you have a great workaround for
John Vandenberg
@jayvdb
Jul 21 2018 08:55
@ishanSrt ; thx . one minor fixup
@RaiVaibhav , we cant use safety-db - pyupio/safety-db#2265
Ishan Srivastava
@ishanSrt
Jul 21 2018 09:08
can you tell me how exactly does that break git blame?
Vaibhav Rai
@RaiVaibhav
Jul 21 2018 09:10
we cant use safety-db
So what exactly to do now? I am confuse now
Ishan Srivastava
@ishanSrt
Jul 21 2018 09:12
btw fixed that
Vaibhav Rai
@RaiVaibhav
Jul 21 2018 09:14

okay so you don't want the

one is the 'online' checking, which is not how coala works

instead cache the data and solve that

John Vandenberg
@jayvdb
Jul 21 2018 09:15
@RaiVaibhav , you cant use the PyPi package safety-db - you can fetch the db
Vaibhav Rai
@RaiVaibhav
Jul 21 2018 09:16
yeah I will grab it somehow :+1:
Vaibhav Rai
@RaiVaibhav
Jul 21 2018 11:01
@jayvdb updated have a look coala/coala-bears#2626
Vaibhav Rai
@RaiVaibhav
Jul 21 2018 11:07
And now I think bear will not fail if they didn't do any major change in there database file
Vaibhav Rai
@RaiVaibhav
Jul 21 2018 11:38
John Vandenberg
@jayvdb
Jul 21 2018 11:41
replied
Vaibhav Rai
@RaiVaibhav
Jul 21 2018 13:36
:+1:
Vaibhav Rai
@RaiVaibhav
Jul 21 2018 13:54
@jayvdb please review coala/coala-bears#2626