Skip to content

Commit

Permalink
Merge branch 'main' into risk
Browse files Browse the repository at this point in the history
  • Loading branch information
TG1999 authored Oct 11, 2024
2 parents 4cffb2a + bcf02ac commit 61687c8
Show file tree
Hide file tree
Showing 11 changed files with 69 additions and 16 deletions.
6 changes: 5 additions & 1 deletion CHANGELOG.rst
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
Release notes
=============


Version (next)
-------------------


Version v34.0.2
-------------------

- Add management command to commit exported vulnerability data (#1600)
- Fix API 500 error (#1603)


Version v34.0.1
Expand Down
9 changes: 5 additions & 4 deletions requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,13 @@ click==8.1.2
coreapi==2.3.3
coreschema==0.0.4
cryptography==43.0.1
crispy-bootstrap4==2024.1
cwe2==3.0.0
dateparser==1.1.1
decorator==5.1.1
defusedxml==0.7.1
distro==1.7.0
Django==4.2.15
Django==4.2.16
django-crispy-forms==2.3
django-environ==0.11.2
django-filter==24.3
Expand All @@ -35,10 +36,10 @@ djangorestframework==3.15.2
doc8==0.11.1
docopt==0.6.2
docutils==0.17.1
drf-spectacular==0.27.2
drf-spectacular-sidecar==2024.7.1
drf-spectacular==0.24.2
drf-spectacular-sidecar==2022.10.1
executing==0.8.3
fetchcode==0.3.0
fetchcode==0.6.0
freezegun==1.2.1
frozenlist==1.3.0
gitdb==4.0.9
Expand Down
7 changes: 4 additions & 3 deletions setup.cfg
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[metadata]
name = vulnerablecode
version = 34.0.1
version = 34.0.2
license = Apache-2.0 AND CC-BY-SA-4.0

# description must be on ONE line https://github.com/pypa/setuptools/issues/1390
Expand Down Expand Up @@ -62,11 +62,12 @@ install_requires =
django-filter>=24.0
django-widget-tweaks>=1.5.0
django-crispy-forms>=2.3
crispy-bootstrap4>=2024.1
django-environ>=0.11.0
gunicorn>=23.0.0

# for the API doc
drf-spectacular[sidecar]>=0.27.2
drf-spectacular[sidecar]>=0.24.2

#essentials
packageurl-python>=0.15
Expand All @@ -89,7 +90,7 @@ install_requires =
# networking
GitPython>=3.1.17
requests>=2.25.1
fetchcode>=0.3.0
fetchcode>=0.6.0

#pipeline
aboutcode.pipeline>=0.1.0
Expand Down
6 changes: 1 addition & 5 deletions vulnerabilities/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -685,14 +685,10 @@ def filter_alias(self, queryset, name, value):
return self.queryset.filter(aliases__alias__icontains=alias)


class AliasViewSet(viewsets.ReadOnlyModelViewSet):
class AliasViewSet(VulnerabilityViewSet):
"""
Lookup for vulnerabilities by vulnerability aliases such as a CVE
(https://nvd.nist.gov/general/cve-process).
"""

queryset = Vulnerability.objects.all()
serializer_class = VulnerabilitySerializer
filter_backends = (filters.DjangoFilterBackend,)
filterset_class = AliasFilterSet
throttle_classes = [StaffUserRateThrottle, AnonRateThrottle]
1 change: 1 addition & 0 deletions vulnerabilities/improvers/valid_versions.py
Original file line number Diff line number Diff line change
Expand Up @@ -433,6 +433,7 @@ class GitHubBasicImprover(ValidVersionImprover):
"3.0.0b3-",
"3.0b6dev-r41684",
"-class.-jw.util.version.Version-",
"vulnerabilities",
]
)

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# Generated by Django 4.2.15 on 2024-10-07 12:28

from django.db import migrations, models


class Migration(migrations.Migration):

dependencies = [
("vulnerabilities", "0069_exploit_delete_kev"),
]

operations = [
migrations.AlterField(
model_name="advisory",
name="created_by",
field=models.CharField(
help_text="Fully qualified name of the importer prefixed with themodule name importing the advisory. Eg:vulnerabilities.pipeline.nginx_importer.NginxImporterPipeline",
max_length=100,
),
),
migrations.AlterField(
model_name="packagechangelog",
name="software_version",
field=models.CharField(
default="34.0.2",
help_text="Version of the software at the time of change",
max_length=100,
),
),
migrations.AlterField(
model_name="vulnerabilitychangelog",
name="software_version",
field=models.CharField(
default="34.0.2",
help_text="Version of the software at the time of change",
max_length=100,
),
),
]
Original file line number Diff line number Diff line change
Expand Up @@ -303,6 +303,13 @@ def test_get_package_versions(mock_response):

improver = GitHubBasicImprover()
valid_versions = [
"1.0.1",
"1.0.2",
"1.0.3",
"1.0.4",
"1.1",
"1.1.1",
"1.1.2",
"1.1.3",
"1.1.4",
"1.10",
Expand All @@ -317,7 +324,9 @@ def test_get_package_versions(mock_response):
"1.10a1",
"1.10b1",
"1.10rc1",
"vulnerabilities",
]

result = sorted(
improver.get_package_versions(package_url=PackageURL(type="pypi", name="django"))
)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@ def interesting_advisories(self) -> QuerySet:
)
assert interesting_advisories == advisories

@mock.patch("fetchcode.package_versions.github_response")
@mock.patch("fetchcode.utils.github_response")
def test_NginxBasicImprover_fetch_nginx_version_from_git_tags(self, mock_fetcher):
reponse_files = [
"github-nginx-nginx-0.json",
Expand Down
2 changes: 1 addition & 1 deletion vulnerablecode/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
import warnings
from pathlib import Path

__version__ = "34.0.1"
__version__ = "34.0.2"


def command_line():
Expand Down
2 changes: 2 additions & 0 deletions vulnerablecode/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@
"rest_framework.authtoken",
"widget_tweaks",
"crispy_forms",
"crispy_bootstrap4",
# for API doc
"drf_spectacular",
# required for Django collectstatic discovery
Expand Down Expand Up @@ -196,6 +197,7 @@
str(PROJECT_DIR / "static"),
]

CRISPY_ALLOWED_TEMPLATE_PACKS = "bootstrap4"

CRISPY_TEMPLATE_PACK = "bootstrap4"

Expand Down
2 changes: 1 addition & 1 deletion vulntotal/datasources/github.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
from typing import Iterable

from dotenv import load_dotenv
from fetchcode.package_versions import github_response
from fetchcode.utils import github_response
from packageurl import PackageURL

from vulntotal.validator import DataSource
Expand Down

0 comments on commit 61687c8

Please sign in to comment.