Skip to content

Commit 8b904a4

Browse files
TG1999TG1999
committed
Cache the advisory content hash
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
1 parent d888bfe commit 8b904a4

File tree

1 file changed

+40
-36
lines changed

1 file changed

+40
-36
lines changed

vulnerabilities/pipelines/v2_improvers/group_advisories_for_packages.py

Lines changed: 40 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -34,34 +34,23 @@ def group_advisories_for_packages(self):
3434
group_advisoris_for_packages(logger=self.log)
3535

3636

37+
CONTENT_HASH_CACHE = {}
38+
39+
3740
def merge_advisories(advisories):
3841

3942
advisories = list(advisories)
4043

4144
content_hash_map = defaultdict(list)
42-
result_groups = []
4345

4446
for adv in advisories:
45-
affected = []
46-
fixed = []
47-
48-
for impact in adv.impacted_packages.all():
49-
affected.extend([pkg.package_url for pkg in impact.affecting_packages.all()])
50-
51-
fixed.extend([pkg.package_url for pkg in impact.fixed_by_packages.all()])
52-
53-
normalized_data = {
54-
"affected_packages": normalize_list(affected),
55-
"fixed_packages": normalize_list(fixed),
56-
}
57-
58-
normalized_json = json.dumps(normalized_data, separators=(",", ":"), sort_keys=True)
59-
content_hash = hashlib.sha256(normalized_json.encode("utf-8")).hexdigest()
60-
61-
if content_hash:
62-
content_hash_map[content_hash].append(adv)
47+
if adv.avid in CONTENT_HASH_CACHE:
48+
content_hash = CONTENT_HASH_CACHE[adv.avid]
6349
else:
64-
result_groups.append([adv])
50+
content_hash = compute_advisory_content_hash(adv)
51+
CONTENT_HASH_CACHE[adv.avid] = content_hash
52+
53+
content_hash_map[content_hash].append(adv)
6554

6655
final_groups = []
6756

@@ -72,6 +61,25 @@ def merge_advisories(advisories):
7261
return final_groups
7362

7463

64+
def compute_advisory_content_hash(adv):
65+
affected = []
66+
fixed = []
67+
68+
for impact in adv.impacted_packages.all():
69+
affected.extend([pkg.package_url for pkg in impact.affecting_packages.all()])
70+
71+
fixed.extend([pkg.package_url for pkg in impact.fixed_by_packages.all()])
72+
73+
normalized_data = {
74+
"affected_packages": normalize_list(affected),
75+
"fixed_packages": normalize_list(fixed),
76+
}
77+
78+
normalized_json = json.dumps(normalized_data, separators=(",", ":"), sort_keys=True)
79+
content_hash = hashlib.sha256(normalized_json.encode("utf-8")).hexdigest()
80+
return content_hash
81+
82+
7583
def get_merged_identifier_groups(advisories):
7684

7785
identifier_groups = defaultdict(set)
@@ -130,24 +138,20 @@ def get_merged_identifier_groups(advisories):
130138
def group_advisoris_for_packages(logger=None):
131139
for package in PackageV2.objects.iterator():
132140
print(package)
133-
affecting_advisories = (
134-
AdvisoryV2.objects
135-
.latest_affecting_advisories_for_purl(purl=package.purl)
136-
.prefetch_related(
137-
"aliases",
138-
"impacted_packages__affecting_packages",
139-
"impacted_packages__fixed_by_packages",
140-
)
141+
affecting_advisories = AdvisoryV2.objects.latest_affecting_advisories_for_purl(
142+
purl=package.purl
143+
).prefetch_related(
144+
"aliases",
145+
"impacted_packages__affecting_packages",
146+
"impacted_packages__fixed_by_packages",
141147
)
142148

143-
fixed_by_advisories = (
144-
AdvisoryV2.objects
145-
.latest_fixed_by_advisories_for_purl(purl=package.purl)
146-
.prefetch_related(
147-
"aliases",
148-
"impacted_packages__affecting_packages",
149-
"impacted_packages__fixed_by_packages",
150-
)
149+
fixed_by_advisories = AdvisoryV2.objects.latest_fixed_by_advisories_for_purl(
150+
purl=package.purl
151+
).prefetch_related(
152+
"aliases",
153+
"impacted_packages__affecting_packages",
154+
"impacted_packages__fixed_by_packages",
151155
)
152156

153157
try:

0 commit comments

Comments
 (0)