Skip to content

Commit

Permalink
Merge pull request #899 from TG1999/ref_url_mandatory
Browse files Browse the repository at this point in the history 
Make URLs mandatory for references #891
  • Loading branch information
@TG1999
TG1999 authored Sep 6, 2022
2 parents 56c952f + 6a142cb commit bf17aa4
Show file tree
Hide file tree
Showing 10 changed files with 1,217 additions and 1,178 deletions.
4 changes: 2 additions & 2 deletions vulnerabilities/importer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,8 +71,8 @@ class Reference:
severities: List[VulnerabilitySeverity] = dataclasses.field(default_factory=list)

def __post_init__(self):
if not any([self.url, self.reference_id]):
raise TypeError
if not self.url:
raise TypeError("Reference must have a url")

def normalized(self):
severities = sorted(self.severities)
Expand Down
4 changes: 3 additions & 1 deletion vulnerabilities/importers/openssl.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,9 @@ def to_advisory_data(xml_issue) -> AdvisoryData:
cve = f"CVE-{cve}"
madeup_alias = f"{madeup_alias}-{cve}"
aliases.append(cve)
references.append(Reference(reference_id=cve))
references.append(
Reference(reference_id=cve, url=f"https://nvd.nist.gov/vuln/detail/{cve}")
)
aliases.append(madeup_alias)

elif info.tag == "affects":
Expand Down
21 changes: 21 additions & 0 deletions vulnerabilities/migrations/0020_auto_20220905_1248.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# Generated by Django 4.0.4 on 2022-09-05 12:48

from django.db import migrations


class Migration(migrations.Migration):

dependencies = [
('vulnerabilities', '0019_alter_vulnerabilityreference_options'),
]

def delete_reference_with_empty_urls(apps, _):
"""
Delete all references with empty URLs.
"""
Reference = apps.get_model("vulnerabilities", "VulnerabilityReference")
Reference.objects.filter(url="").delete()

operations = [
migrations.RunPython(delete_reference_with_empty_urls, migrations.RunPython.noop),
]
18 changes: 18 additions & 0 deletions vulnerabilities/migrations/0021_alter_vulnerabilityreference_url.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# Generated by Django 4.0.4 on 2022-09-05 13:02

from django.db import migrations, models


class Migration(migrations.Migration):

dependencies = [
('vulnerabilities', '0020_auto_20220905_1248'),
]

operations = [
migrations.AlterField(
model_name='vulnerabilityreference',
name='url',
field=models.URLField(help_text='URL to the vulnerability reference', max_length=1024),
),
]
4 changes: 1 addition & 3 deletions vulnerabilities/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,9 +106,7 @@ class VulnerabilityReference(models.Model):
through="VulnerabilityRelatedReference",
)

url = models.URLField(
max_length=1024, help_text="URL to the vulnerability reference", blank=True
)
url = models.URLField(max_length=1024, help_text="URL to the vulnerability reference")
reference_id = models.CharField(
max_length=200,
help_text="An optional reference ID, such as DSA-4465-1 when available",
Expand Down
8 changes: 4 additions & 4 deletions vulnerabilities/tests/test_data/openssl/improver/improver-advisories.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@
"references": [
{
"reference_id": "CVE-2022-0778",
"url": "",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778",
"severities": []
},
{
Expand Down Expand Up @@ -124,7 +124,7 @@
"references": [
{
"reference_id": "CVE-2021-4160",
"url": "",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4160",
"severities": []
},
{
Expand Down Expand Up @@ -178,7 +178,7 @@
"references": [
{
"reference_id": "CVE-2021-4044",
"url": "",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4044",
"severities": []
},
{
Expand Down Expand Up @@ -234,7 +234,7 @@
"references": [
{
"reference_id": "CVE-2020-1971",
"url": "",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1971",
"severities": []
},
{
Expand Down
18 changes: 9 additions & 9 deletions vulnerabilities/tests/test_data/openssl/improver/improver-inferences-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
"references": [
{
"reference_id": "CVE-2022-0778",
"url": "",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778",
"severities": []
},
{
Expand Down Expand Up @@ -199,7 +199,7 @@
"references": [
{
"reference_id": "CVE-2022-0778",
"url": "",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778",
"severities": []
},
{
Expand Down Expand Up @@ -482,7 +482,7 @@
"references": [
{
"reference_id": "CVE-2022-0778",
"url": "",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778",
"severities": []
},
{
Expand Down Expand Up @@ -541,7 +541,7 @@
"references": [
{
"reference_id": "CVE-2021-4160",
"url": "",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4160",
"severities": []
},
{
Expand Down Expand Up @@ -696,7 +696,7 @@
"references": [
{
"reference_id": "CVE-2021-4160",
"url": "",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4160",
"severities": []
},
{
Expand Down Expand Up @@ -971,7 +971,7 @@
"references": [
{
"reference_id": "CVE-2021-4160",
"url": "",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4160",
"severities": []
},
{
Expand Down Expand Up @@ -1030,7 +1030,7 @@
"references": [
{
"reference_id": "CVE-2021-4044",
"url": "",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4044",
"severities": []
},
{
Expand Down Expand Up @@ -1143,7 +1143,7 @@
"references": [
{
"reference_id": "CVE-2020-1971",
"url": "",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1971",
"severities": []
},
{
Expand Down Expand Up @@ -1381,7 +1381,7 @@
"references": [
{
"reference_id": "CVE-2020-1971",
"url": "",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1971",
"severities": []
},
{
Expand Down
Loading

0 comments on commit bf17aa4

Please sign in to comment.