-
Notifications
You must be signed in to change notification settings - Fork 641
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Hotfix]change sql get vulnerabilities by package id #8540
Conversation
How have you validated this? When I prototyped one attempt before, I made the code change, captured the generated SQL via intellitrace event in VS, and then ran the SQL query against PROD USSC with IO statistics and query plan enabled. Looks like UTs and Functional tests are also unhappy. |
I haven't validate yet. working on the changes on unit test. I think Drew is going to wake up soon. I will handle over to him since he is most familiar with vulnerabilities. |
This changes the following query:
...to this:
i.e. a much simpler query that doesn't load |
@@ -434,7 +433,7 @@ protected override void Load(ContainerBuilder builder) | |||
|
|||
builder.RegisterType<PackageVulnerabilitiesService>() | |||
.As<IPackageVulnerabilitiesService>() | |||
.InstancePerLifetimeScope(); | |||
.SingleInstance(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For an example on how to implement caching and avoid this problem checkout the typosquating cache:
https://github.com/NuGet/NuGetGallery/blob/main/src/NuGetGallery/App_Start/DefaultDependenciesModule.cs#L410
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, so sad--this will break caching.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reverting the caching commit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The typosquating cache is pretty straightforward. Same approach can be reused. You can extract the relevant code to an abstract class..
This reverts commit 71c5506.
Query metrics delta: (local) TIME statistics pre-change:
TIME statistics post-change:
IO statistics pre-change:
IO statistics post-change:
|
using System.Data.Entity; | ||
using System.IO; | ||
using System.Linq; | ||
using System.Security.Cryptography; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this using required?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No. Thanks. Probably a leftover from the caching.
Adding TIME and IO statistics from PROD USSC. BEFORE:
AFTER:
|
This reverts commit a2ab1c7.
Improve the performance of quering vulnerabilities by package id
Addresses https://github.com/NuGet/Engineering/issues/3788#issuecomment-816126501