[pull] main from guacsec:main#208
Merged
Merged
Conversation
Add ProxyOptions::auto() to FetchOptions in GitWalker so that libgit2 honors HTTP_PROXY/HTTPS_PROXY environment variables when cloning repositories. Without this, git-based importers (CVE, OSV-GitHub) fail with connection timeouts in proxy-required environments because libgit2 defaults to GIT_PROXY_NONE. The reproducer test uses a subprocess trampoline to verify proxy settings are honored without modifying process-global environment variables. Implements TC-5174 Assisted-by: Claude Code
The test's maintenance cost outweighs the regression risk for a 3-line proxy fix: it depends on network access to an external GitHub repository, its stderr assertion is fragile across platforms, and the subprocess trampoline is disproportionately complex. The git2 FetchOptions API does not expose proxy state, so there is no clean way to unit-test the configuration without hitting the network. This is consistent with HTTP-based importers (reqwest), which also rely on implicit proxy auto-detection with no proxy-specific tests. Implements TC-5176 Assisted-by: Claude Code
Introduce a JsonSource trait that abstracts over JSON input sources (&[u8] and serde_json::Value), allowing loaders to accept pre-parsed Values without needing separate methods. Refactor CyclonedxLoader to use the trait, extracting post-parse logic into a private ingest method. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…DocumentDetector Introduce `DocumentDetector` that replaces the old `Format::from_bytes()` + `Format::load()` stateless pipeline with a stateful detect-and-parse approach: 1. Detect wire format (JSON/YAML/XML) from the first non-whitespace byte 2. Parse into `serde_json::Value` (JSON and YAML) or keep raw bytes (XML) 3. Detect content type via cheap key lookups on the Value 4. Parse the Value all the way to the domain type (Csaf, Cve, etc.) 5. Return the fully-parsed document in a `DetectedDocument` enum This eliminates double-parsing (detect then re-parse from scratch) and removes the `jsn` streaming dependency. The `Format` enum is stripped down to just its type definition, category matching, and serde impls. Key changes: - New `detect.rs` module with `DocumentDetector`, `WireFormat`, `DetectedDocument` - `IngestorService::ingest` and `DatasetLoader` wired to use `DocumentDetector` - `extract_sbom_purls` (UI module) switched to `DocumentDetector` - `Format` enum cleaned up: removed all detection/loading methods - `jsn` dependency removed from workspace - Criterion benchmarks added for detection performance Assisted-by: Claude Code Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When detect_as() receives a concrete format hint (e.g. CSAF) but the wire format is XML, return UnsupportedFormat instead of silently creating a CweCatalog document. This prevents format()/load() mismatch. Addresses review feedback from sourcery-ai. Assisted-by: Claude Code Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add doc comment to WireFormat enum explaining which content formats are valid for each wire format (JSON/YAML/XML). Addresses review feedback from sourcery-ai. Assisted-by: Claude Code Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )