From baa47b56193e8df472bcce47b1db9f5c1ee6b17d Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Wed, 29 Mar 2023 17:14:47 +0530 Subject: [PATCH] Remove excessive network calls from redhat importer #1161 Signed-off-by: Tushar Goel --- vulnerabilities/importers/redhat.py | 41 +++---------------- .../test_data/redhat/redhat-expected.json | 37 ++++------------- 2 files changed, 15 insertions(+), 63 deletions(-) diff --git a/vulnerabilities/importers/redhat.py b/vulnerabilities/importers/redhat.py index 967f0dc38..e24480ddd 100644 --- a/vulnerabilities/importers/redhat.py +++ b/vulnerabilities/importers/redhat.py @@ -98,24 +98,12 @@ def to_advisory(advisory_data): bugzilla = advisory_data.get("bugzilla") if bugzilla: url = "https://bugzilla.redhat.com/show_bug.cgi?id={}".format(bugzilla) - bugzilla_url = f"https://bugzilla.redhat.com/rest/bug/{bugzilla}" - bugzilla_data = get_data_from_url(bugzilla_url) - bugs = bugzilla_data.get("bugs") or [] - if bugs: - # why [0] only here? - severity = bugs[0].get("severity") - if severity: - bugzilla_severity = VulnerabilitySeverity( - system=severity_systems.REDHAT_BUGZILLA, - value=severity, - ) - references.append( - Reference( - severities=[bugzilla_severity], - url=url, - reference_id=bugzilla, - ) - ) + references.append( + Reference( + url=url, + reference_id=bugzilla, + ) + ) for rh_adv in advisory_data.get("advisories") or []: # RH provides 3 types of advisories RHSA, RHBA, RHEA. Only RHSA's contain severity score. @@ -126,25 +114,8 @@ def to_advisory(advisory_data): continue if "RHSA" in rh_adv.upper(): - rhsa_url = f"https://access.redhat.com/hydra/rest/securitydata/cvrf/{rh_adv}.json" - rhsa_data = get_data_from_url(rhsa_url) - if not rhsa_data: - continue - rhsa_aggregate_severities = [] - if rhsa_data.get("cvrfdoc"): - # not all RHSA errata have a corresponding CVRF document - value = get_item(rhsa_data, "cvrfdoc", "aggregate_severity") - if value: - rhsa_aggregate_severities.append( - VulnerabilitySeverity( - system=severity_systems.REDHAT_AGGREGATE, - value=value, - ) - ) - references.append( Reference( - severities=rhsa_aggregate_severities, url="https://access.redhat.com/errata/{}".format(rh_adv), reference_id=rh_adv, ) diff --git a/vulnerabilities/tests/test_data/redhat/redhat-expected.json b/vulnerabilities/tests/test_data/redhat/redhat-expected.json index 721eb4575..dbaa18636 100644 --- a/vulnerabilities/tests/test_data/redhat/redhat-expected.json +++ b/vulnerabilities/tests/test_data/redhat/redhat-expected.json @@ -9,13 +9,7 @@ { "reference_id": 2077736, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077736", - "severities": [ - { - "system": "rhbs", - "value": "medium", - "scoring_elements": "" - } - ] + "severities": [] }, { "reference_id": "", @@ -197,35 +191,22 @@ { "reference_id": 2075788, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075788", - "severities": [ - { - "system": "rhbs", - "value": "medium", - "scoring_elements": "" - } - ] + "severities": [] }, { "reference_id": "RHSA-2022:1439", "url": "https://access.redhat.com/errata/RHSA-2022:1439", - "severities": [ - { - "system": "rhas", - "value": "Important", - "scoring_elements": "" - } - ] + "severities": [] }, { "reference_id": "RHSA-2022:1437", "url": "https://access.redhat.com/errata/RHSA-2022:1437", - "severities": [ - { - "system": "rhas", - "value": "Important", - "scoring_elements": "" - } - ] + "severities": [] + }, + { + "reference_id": "RHSA-2022:1436", + "url": "https://access.redhat.com/errata/RHSA-2022:1436", + "severities": [] }, { "reference_id": "",