swh.osv.map_packages module#
- swh.osv.map_packages.SWH_API_SEMAPHORE = <asyncio.locks.Semaphore object at 0x7f86e4b4c950 [unlocked, value:10]>#
Prevents more than 10 concurrent requests to the SWH API
- swh.osv.map_packages.QUERY_MAVEN = False#
Sends requests to
https://repo1.maven.org/maven2in order to check whether origins have no sources, are missing from SWH, or are not on Maven; and print which it is.
- swh.osv.map_packages.DEFAULT_MAVEN_REPOSITORY = 'https://repo1.maven.org/maven2'#
Which Maven repository to use when it is not specified in the vulnerability report (which is true of all reports I have seen so far).
The OSV spec says
https://repo.maven.apache.org/maven2but SWH archiveshttps://repo1.maven.org/maven2instead, so let’s use that instead, because they are the same repository under the hood.
- class swh.osv.map_packages.DocProcessor(stub: swh.graph.grpc.swhgraph_pb2_grpc.TraversalServiceStub, session: aiohttp.client.ClientSession, origin_denormalizer: swh.osv.map_origins.OriginDenormalizer, found: set[tuple[str, str]] = <factory>, unmapped: set[tuple[str, str]] = <factory>, not_found: set[tuple[str, str]] = <factory>, incorrect_ecosystem: set[tuple[str, str]] = <factory>, confabulated: set[tuple[str, str]] = <factory>, todo_mappings: set[tuple[str, str]] = <factory>)[source]#
Bases:
object- stub: TraversalServiceStub#
- session: ClientSession#
- origin_denormalizer: OriginDenormalizer#
- total_found = 0#
- total_unmapped = 0#
- total_not_found = 0#
- total_incorrect_ecosystem = 0#
- total_confabulated = 0#
- total_todo = 0#
- async swh.osv.map_packages.main(conn: Connection) None[source]#