-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor FIPS & unify CLI actions #275
Conversation
I applaud this effort! When I get more time hopefully I can help as well. In the meantime, let me add a few pointers/issues I hit when working with the FIPS code:
|
Thanks for the input. This I'll probably leave for future work, this PR is going to be giant anyway. Could you please create a separate issue to address this? |
Did this in #276. |
I'll re-implement the folder structure of FIPS Dataset. Outline:
|
@J08nY looking at the code here and there, I planned the following:
This comes with some advantages:
Some disadvantages that cross my mind:
Now's the time to speak up if you have comments/tips/whatever :). |
Interesting approach but I am worried about a few things:
I guess I am really not sure what problem you are trying to solve by passing the callables. I will have to look at the code. |
Looking at the code a bit. I think now I would just match the FIPS Dataset API to the CC Dataset API manually, even at the cost of some code duplication. I don't feel like it is a good time to rework the handling like this during this FIPS unification. |
Ah yes, lets do this: https://refactoring.guru/design-patterns/template-method and don't pass callables around. Just call the methods directly, even if there might be some duplication I think it makes sense for future flexibility. |
I was thinking about the logic of the download testing. At the moment, the situation is as follows:
|
Co-authored-by: Ján Jančár <[email protected]>
Co-authored-by: Ján Jančár <[email protected]>
Oh this hurts. It was added by accident. I'll probably rewrite the history... |
You're perfectly right about the cause.
I was actually opting for the second, which is kind of the current state. The serialization will fail unless a path is set. See sec-certs/sec_certs/serialization/json.py Lines 50 to 51 in f14dfe3
It's just implemented with that |
I agree this can be counterintuitive. I'll take a look at that, thanks for spotting this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm except the hash impl.
High-level plan
pytest
, separate download tests from others, refactor test structure (split into cc/fips/others)Tests
CPEDataset
andCVEDataset
Or forbid it and demand explicit paths (that will not get serialized omg). Either way, act consistently.test download on resources that we trust (e.g. our server)Forbid download on non-download test by auto-use fixture that raises exception onrequests.get
/requests.post
FIPS
Processing steps progress:
get_certs_from_web()
process_auxillary_datasets()
download_all_artifacts()
convert_all_pdfs()
analyze_certificates()
_compute_references()
_compute_transitive_vulnerabilities()
Random notes to do there:
redo
->fresh
, implement reatempting computations on failed samplesFIPSCertificate
and toFIPSDataset
Done outside of the processing steps:
[ ] Add examples of plot graph into FIPS reference notebookVerify if FIPS webpages are loading on scroll (historical modules). If yes, figure out how to force full load with BeautifulSoupFIPSDataset
contentsFIPSAlgorithmDataset
should reside in own json in auxillary datasetsMisc
fresh
on places where it does not makes senseSanity check
Still part of refactoring, but to-be-addressed by separate PRs
from __future__ import annotations