Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add VulnerabilityInfo APIs into NuGet.Protocol #12518

Closed
zivkan opened this issue Apr 3, 2023 · 0 comments · Fixed by NuGet/NuGet.Client#5115
Closed

Add VulnerabilityInfo APIs into NuGet.Protocol #12518

zivkan opened this issue Apr 3, 2023 · 0 comments · Fixed by NuGet/NuGet.Client#5115
Assignees
@zivkan
Labels
Area:Protocol Client/Server protocol /code around it Functionality:SDK The NuGet client packages published to nuget.org Priority:2 Issues for the current backlog. Type:Feature
Milestone
6.7

Comments

@zivkan
Copy link
Member

zivkan commented Apr 3, 2023

NuGet Product(s) Involved

NuGet SDK

The Elevator Pitch

The Vulnerabilities In Restore spec introduces a new "resource" in the V3 protocol service index document.

There needs to be APIs added in NuGet.Protocol to download them, so that not only can the rest of NuGet download and use the data, but also other apps using the NuGet.Protocol package in their own apps can use it.

Additional Context and Details

See the PR for the actual implementation, but the proposed API can be something along the lines of:

var vulnResource = await sourceRepository.GetResourceAsync<VulnerabilityInfoResource>();
IReadOnlyList<IDictionary<string, IReadOnlyList<VulnerabilityInfo>>> knownVulnerabilities =
    await vulnResource.GetVulnerabilityInfoAsync(...);

It's not the prettiest of APIs, specifically returning a list of dictionaries instead of a a single dictionary the the resource merges itself. However, it's going to be used in a perf-critical hot-path, and merging dictionaries will take more time than iterating multiple dictionaries, so here we are.
@zivkan zivkan added Functionality:SDK The NuGet client packages published to nuget.org Priority:2 Issues for the current backlog. Type:Feature Area:Protocol Client/Server protocol /code around it labels Apr 3, 2023
@zivkan zivkan self-assigned this Apr 3, 2023
@zivkan zivkan mentioned this issue Apr 3, 2023
Merged
8 tasks
@nkolev92 nkolev92 added this to the 6.7 milestone Jun 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zivkan zivkan

Labels
Area:Protocol Client/Server protocol /code around it Functionality:SDK The NuGet client packages published to nuget.org Priority:2 Issues for the current backlog. Type:Feature
Projects
None yet
Milestone
6.7
Development

Successfully merging a pull request may close this issue.

Add VulnerabilityInfo to NuGet.Protocol public API NuGet/NuGet.Client
2 participants
@nkolev92 @zivkan