Fix modified time of nvd part entries #2196
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
andrewpollock
added a commit
that referenced
this pull request
Sep 12, 2024
This should achieve the same outcome and is easier to manipulate (it doesn't require object recreation) and so should make triggering a reimport of specific records a little more efficient (doesn't require downloading and reuploading the object to reset the _creation_ time) Tested in Staging: Before: ``` $ gsutil stat gs://osv-test-cve-osv-conversion/osv-output/CVE-2024-7067.json gs://osv-test-cve-osv-conversion/osv-output/CVE-2024-7067.json: Creation time: Fri, 26 Jul 2024 16:53:59 GMT Update time: Wed, 31 Jul 2024 03:52:06 GMT Storage class: STANDARD Content-Length: 3073 Content-Type: application/json Metadata: goog-reserved-file-mtime:1722394200 Hash (crc32c): Lo3Xwg== Hash (md5): rdI8478THJQOVCgblWW9UQ== ETag: COmK0tyVxYcDED4= Generation: 1722012839216489 Metageneration: 62 ``` After: ``` $ gsutil stat gs://osv-test-cve-osv-conversion/osv-output/CVE-2024-7067.json gs://osv-test-cve-osv-conversion/osv-output/CVE-2024-7067.json: Creation time: Fri, 26 Jul 2024 16:53:59 GMT Update time: Tue, 06 Aug 2024 07:07:12 GMT Storage class: STANDARD Content-Length: 3073 Content-Type: application/json Metadata: goog-reserved-file-mtime:1722394200 Hash (crc32c): Lo3Xwg== Hash (md5): rdI8478THJQOVCgblWW9UQ== ETag: COmK0tyVxYcDED8= Generation: 1722012839216489 Metageneration: 63 ``` I have a sneaking suspicion this may facilitate the intentional reimporting of CVEs that get updated when one of their constituent parts changes (the fact that the original creation and update times were already divergent surprised me) This also requires `combine-to-osv` to switch back to using `gsutil rsync` instead of `gcloud storage rsync` due to a subtle difference in the treatment of the GCS object modification time for otherwise unchanged objects. (see #2196 for additional context) --------- Co-authored-by: Rex P <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The
gcloud storage rsync --checksums-onlycommand always updates the modified time on GCS objects once a file has been touched, even if the file content remains the same. Updates it togsutil rsynccommand to keep the original modified time on GCS objects when nothing has been changed.