diff --git a/setup.py b/setup.py index c5ca4c23c..0a41d3d2d 100644 --- a/setup.py +++ b/setup.py @@ -1,9 +1,7 @@ #!/usr/bin/env python # -*- encoding: utf-8 -*- -from setuptools import find_packages -from setuptools import setup - +from setuptools import find_packages, setup requirements = [ r.strip() for r in open("requirements.txt") if r.strip() and not r.strip().startswith("#") diff --git a/vulnerabilities/admin.py b/vulnerabilities/admin.py index 71e638a53..3ca0a70fb 100644 --- a/vulnerabilities/admin.py +++ b/vulnerabilities/admin.py @@ -24,9 +24,9 @@ from django.contrib import admin from vulnerabilities.models import ( - PackageRelatedVulnerability, Importer, Package, + PackageRelatedVulnerability, Vulnerability, VulnerabilityReference, VulnerabilitySeverity, diff --git a/vulnerabilities/api.py b/vulnerabilities/api.py index 7649ea0e4..36be0995b 100644 --- a/vulnerabilities/api.py +++ b/vulnerabilities/api.py @@ -28,14 +28,16 @@ from django_filters import rest_framework as filters from drf_spectacular.utils import extend_schema, inline_serializer from packageurl import PackageURL - from rest_framework import serializers, viewsets from rest_framework.decorators import action from rest_framework.response import Response -from vulnerabilities.models import Package -from vulnerabilities.models import Vulnerability -from vulnerabilities.models import VulnerabilityReference -from vulnerabilities.models import VulnerabilitySeverity + +from vulnerabilities.models import ( + Package, + Vulnerability, + VulnerabilityReference, + VulnerabilitySeverity, +) # This serializer is used for the bulk apis, to prevent wrong auto documentation # TODO: Fix the swagger documentation for bulk apis diff --git a/vulnerabilities/data_source.py b/vulnerabilities/data_source.py index 349563520..83539a07a 100644 --- a/vulnerabilities/data_source.py +++ b/vulnerabilities/data_source.py @@ -27,27 +27,19 @@ import tempfile import traceback import xml.etree.ElementTree as ET -from binaryornot.helpers import is_binary_string from datetime import datetime from pathlib import Path -from typing import Any -from typing import ContextManager -from typing import Iterable -from typing import List -from typing import Mapping -from typing import Optional -from typing import Set -from typing import Tuple -from git import Repo, DiffIndex +from typing import Any, ContextManager, Iterable, List, Mapping, Optional, Set, Tuple + +from binaryornot.helpers import is_binary_string +from git import DiffIndex, Repo from packageurl import PackageURL from univers.version_specifier import VersionSpecifier from univers.versions import version_class_by_package_type +from vulnerabilities.helpers import AffectedPackage, is_cve, nearest_patched_package from vulnerabilities.oval_parser import OvalParser from vulnerabilities.severity_systems import ScoringSystem -from vulnerabilities.helpers import is_cve -from vulnerabilities.helpers import nearest_patched_package -from vulnerabilities.helpers import AffectedPackage logger = logging.getLogger(__name__) diff --git a/vulnerabilities/helpers.py b/vulnerabilities/helpers.py index 37fa7d1cb..89379cb24 100644 --- a/vulnerabilities/helpers.py +++ b/vulnerabilities/helpers.py @@ -24,8 +24,7 @@ import dataclasses import json import re -from typing import Optional -from typing import List +from typing import List, Optional import requests import saneyaml diff --git a/vulnerabilities/import_runner.py b/vulnerabilities/import_runner.py index be54d4a61..a01aa4f5f 100644 --- a/vulnerabilities/import_runner.py +++ b/vulnerabilities/import_runner.py @@ -24,17 +24,15 @@ import dataclasses import datetime import logging +import traceback from collections import Counter from itertools import chain -import traceback -from typing import Set -from typing import Tuple +from typing import Set, Tuple from django.core import serializers from vulnerabilities import models -from vulnerabilities.data_source import Advisory, DataSource -from vulnerabilities.data_source import PackageURL +from vulnerabilities.data_source import Advisory, DataSource, PackageURL logger = logging.getLogger(__name__) diff --git a/vulnerabilities/importers/__init__.py b/vulnerabilities/importers/__init__.py index f7387df61..169453007 100644 --- a/vulnerabilities/importers/__init__.py +++ b/vulnerabilities/importers/__init__.py @@ -31,6 +31,7 @@ from vulnerabilities.importers.elixir_security import ElixirSecurityDataSource from vulnerabilities.importers.gentoo import GentooDataSource from vulnerabilities.importers.github import GitHubAPIDataSource +from vulnerabilities.importers.istio import IstioDataSource from vulnerabilities.importers.kaybee import KaybeeDataSource from vulnerabilities.importers.nginx import NginxDataSource from vulnerabilities.importers.npm import NpmDataSource @@ -46,6 +47,5 @@ from vulnerabilities.importers.suse_scores import SUSESeverityScoreDataSource from vulnerabilities.importers.ubuntu import UbuntuDataSource from vulnerabilities.importers.ubuntu_usn import UbuntuUSNDataSource -from vulnerabilities.importers.istio import IstioDataSource # from vulnerabilities.importers.suse_backports import SUSEBackportsDataSource diff --git a/vulnerabilities/importers/alpine_linux.py b/vulnerabilities/importers/alpine_linux.py index 3159689de..1d554e670 100644 --- a/vulnerabilities/importers/alpine_linux.py +++ b/vulnerabilities/importers/alpine_linux.py @@ -21,23 +21,15 @@ # VulnerableCode is a free software code scanning tool from nexB Inc. and others. # Visit https://github.com/nexB/vulnerablecode/ for support and download. from re import IGNORECASE -from typing import Any -from typing import Iterable -from typing import List -from typing import Mapping -from typing import Set +from typing import Any, Iterable, List, Mapping, Set import requests import saneyaml from bs4 import BeautifulSoup from packageurl import PackageURL -from schema import Or -from schema import Regex -from schema import Schema +from schema import Or, Regex, Schema -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import DataSource -from vulnerabilities.data_source import Reference +from vulnerabilities.data_source import Advisory, DataSource, Reference from vulnerabilities.helpers import is_cve BASE_URL = "https://secdb.alpinelinux.org/" diff --git a/vulnerabilities/importers/apache_httpd.py b/vulnerabilities/importers/apache_httpd.py index 0b6e87bea..1e9f52947 100644 --- a/vulnerabilities/importers/apache_httpd.py +++ b/vulnerabilities/importers/apache_httpd.py @@ -27,18 +27,19 @@ import requests from bs4 import BeautifulSoup from packageurl import PackageURL -from univers.versions import MavenVersion from univers.version_specifier import VersionSpecifier +from univers.versions import MavenVersion -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import DataSource -from vulnerabilities.data_source import DataSourceConfiguration -from vulnerabilities.data_source import Reference -from vulnerabilities.data_source import VulnerabilitySeverity +from vulnerabilities.data_source import ( + Advisory, + DataSource, + DataSourceConfiguration, + Reference, + VulnerabilitySeverity, +) +from vulnerabilities.helpers import create_etag, nearest_patched_package from vulnerabilities.package_managers import GitHubTagsAPI from vulnerabilities.severity_systems import scoring_systems -from vulnerabilities.helpers import create_etag -from vulnerabilities.helpers import nearest_patched_package @dataclasses.dataclass diff --git a/vulnerabilities/importers/apache_kafka.py b/vulnerabilities/importers/apache_kafka.py index 105f327f0..a2e38397e 100644 --- a/vulnerabilities/importers/apache_kafka.py +++ b/vulnerabilities/importers/apache_kafka.py @@ -25,14 +25,12 @@ import requests from bs4 import BeautifulSoup from packageurl import PackageURL -from univers.versions import MavenVersion from univers.version_specifier import VersionSpecifier +from univers.versions import MavenVersion -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import DataSource -from vulnerabilities.data_source import Reference -from vulnerabilities.package_managers import GitHubTagsAPI +from vulnerabilities.data_source import Advisory, DataSource, Reference from vulnerabilities.helpers import nearest_patched_package +from vulnerabilities.package_managers import GitHubTagsAPI GH_PAGE_URL = "https://raw.githubusercontent.com/apache/kafka-site/asf-site/cve-list.html" ASF_PAGE_URL = "https://kafka.apache.org/cve-list" diff --git a/vulnerabilities/importers/apache_tomcat.py b/vulnerabilities/importers/apache_tomcat.py index 42a728840..0d404c145 100644 --- a/vulnerabilities/importers/apache_tomcat.py +++ b/vulnerabilities/importers/apache_tomcat.py @@ -24,19 +24,14 @@ import dataclasses import re - import requests from bs4 import BeautifulSoup +from packageurl import PackageURL from univers.version_specifier import VersionSpecifier from univers.versions import MavenVersion -from packageurl import PackageURL -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import DataSource -from vulnerabilities.data_source import DataSourceConfiguration -from vulnerabilities.data_source import Reference -from vulnerabilities.helpers import create_etag -from vulnerabilities.helpers import nearest_patched_package +from vulnerabilities.data_source import Advisory, DataSource, DataSourceConfiguration, Reference +from vulnerabilities.helpers import create_etag, nearest_patched_package from vulnerabilities.package_managers import MavenVersionAPI diff --git a/vulnerabilities/importers/archlinux.py b/vulnerabilities/importers/archlinux.py index b937a9931..77c61d9c4 100644 --- a/vulnerabilities/importers/archlinux.py +++ b/vulnerabilities/importers/archlinux.py @@ -22,20 +22,19 @@ # Visit https://github.com/nexB/vulnerablecode/ for support and download. import dataclasses import json -from typing import Iterable -from typing import List -from typing import Mapping -from typing import Set +from typing import Iterable, List, Mapping, Set from urllib.request import urlopen from packageurl import PackageURL -from schema import Regex, Schema, Or - -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import DataSource -from vulnerabilities.data_source import DataSourceConfiguration -from vulnerabilities.data_source import Reference -from vulnerabilities.data_source import VulnerabilitySeverity +from schema import Or, Regex, Schema + +from vulnerabilities.data_source import ( + Advisory, + DataSource, + DataSourceConfiguration, + Reference, + VulnerabilitySeverity, +) from vulnerabilities.helpers import nearest_patched_package from vulnerabilities.severity_systems import scoring_systems diff --git a/vulnerabilities/importers/debian.py b/vulnerabilities/importers/debian.py index 8ad54e3a1..410bc6c0c 100644 --- a/vulnerabilities/importers/debian.py +++ b/vulnerabilities/importers/debian.py @@ -23,23 +23,14 @@ import dataclasses import json -from dateutil import parser as dateparser -from typing import Any -from typing import List -from typing import Mapping -from typing import Set +from typing import Any, List, Mapping, Set import requests +from dateutil import parser as dateparser from packageurl import PackageURL -from schema import Optional -from schema import Or -from schema import Regex -from schema import Schema - -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import DataSource -from vulnerabilities.data_source import DataSourceConfiguration -from vulnerabilities.data_source import Reference +from schema import Optional, Or, Regex, Schema + +from vulnerabilities.data_source import Advisory, DataSource, DataSourceConfiguration, Reference from vulnerabilities.helpers import nearest_patched_package diff --git a/vulnerabilities/importers/debian_oval.py b/vulnerabilities/importers/debian_oval.py index e73a1da26..c7dcaeba0 100644 --- a/vulnerabilities/importers/debian_oval.py +++ b/vulnerabilities/importers/debian_oval.py @@ -23,19 +23,16 @@ import asyncio import dataclasses -from typing import Iterable -from typing import List -from typing import Mapping -from typing import Set import xml.etree.ElementTree as ET +from typing import Iterable, List, Mapping, Set +import requests from aiohttp import ClientSession from aiohttp.client_exceptions import ClientResponseError, ServerDisconnectedError -import requests -from vulnerabilities.data_source import OvalDataSource, DataSourceConfiguration -from vulnerabilities.package_managers import DebianVersionAPI +from vulnerabilities.data_source import DataSourceConfiguration, OvalDataSource from vulnerabilities.helpers import create_etag +from vulnerabilities.package_managers import DebianVersionAPI @dataclasses.dataclass diff --git a/vulnerabilities/importers/elixir_security.py b/vulnerabilities/importers/elixir_security.py index fcb3e6c42..3452574c2 100644 --- a/vulnerabilities/importers/elixir_security.py +++ b/vulnerabilities/importers/elixir_security.py @@ -26,11 +26,8 @@ from univers.version_specifier import VersionSpecifier from univers.versions import SemverVersion -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import GitDataSource -from vulnerabilities.data_source import Reference -from vulnerabilities.helpers import load_yaml -from vulnerabilities.helpers import nearest_patched_package +from vulnerabilities.data_source import Advisory, GitDataSource, Reference +from vulnerabilities.helpers import load_yaml, nearest_patched_package from vulnerabilities.package_managers import HexVersionAPI diff --git a/vulnerabilities/importers/gentoo.py b/vulnerabilities/importers/gentoo.py index d9015c0fb..55dbe1230 100644 --- a/vulnerabilities/importers/gentoo.py +++ b/vulnerabilities/importers/gentoo.py @@ -26,9 +26,7 @@ from packageurl import PackageURL -from vulnerabilities.data_source import GitDataSource -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference +from vulnerabilities.data_source import Advisory, GitDataSource, Reference from vulnerabilities.helpers import nearest_patched_package diff --git a/vulnerabilities/importers/github.py b/vulnerabilities/importers/github.py index 9e45c93dc..83877a66c 100644 --- a/vulnerabilities/importers/github.py +++ b/vulnerabilities/importers/github.py @@ -21,32 +21,32 @@ # Visit https://github.com/nexB/vulnerablecode/ for support and download. import asyncio -import os import dataclasses import json -from typing import Set -from typing import Tuple -from typing import List -from typing import Mapping -from typing import Optional +import os +from typing import List, Mapping, Optional, Set, Tuple import requests from packageurl import PackageURL from univers.version_specifier import VersionSpecifier from univers.versions import version_class_by_package_type -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import DataSource -from vulnerabilities.data_source import DataSourceConfiguration -from vulnerabilities.data_source import Reference -from vulnerabilities.data_source import VulnerabilitySeverity -from vulnerabilities.package_managers import MavenVersionAPI -from vulnerabilities.package_managers import NugetVersionAPI -from vulnerabilities.package_managers import ComposerVersionAPI -from vulnerabilities.package_managers import PypiVersionAPI -from vulnerabilities.package_managers import RubyVersionAPI -from vulnerabilities.severity_systems import scoring_systems +from vulnerabilities.data_source import ( + Advisory, + DataSource, + DataSourceConfiguration, + Reference, + VulnerabilitySeverity, +) from vulnerabilities.helpers import nearest_patched_package +from vulnerabilities.package_managers import ( + ComposerVersionAPI, + MavenVersionAPI, + NugetVersionAPI, + PypiVersionAPI, + RubyVersionAPI, +) +from vulnerabilities.severity_systems import scoring_systems # set of all possible values of first '%s' = {'MAVEN','COMPOSER', 'NUGET', 'RUBYGEMS', 'PYPI'} # second '%s' is interesting, it will have the value '' for the first request, diff --git a/vulnerabilities/importers/istio.py b/vulnerabilities/importers/istio.py index 509bde08d..35213da3c 100644 --- a/vulnerabilities/importers/istio.py +++ b/vulnerabilities/importers/istio.py @@ -21,17 +21,14 @@ # Visit https://github.com/nexB/vulnerablecode/ for support and download. import asyncio import re -from typing import List -from typing import Set +from typing import List, Set import saneyaml from packageurl import PackageURL from univers.version_specifier import VersionSpecifier from univers.versions import SemverVersion -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import GitDataSource -from vulnerabilities.data_source import Reference +from vulnerabilities.data_source import Advisory, GitDataSource, Reference from vulnerabilities.helpers import nearest_patched_package from vulnerabilities.package_managers import GitHubTagsAPI diff --git a/vulnerabilities/importers/kaybee.py b/vulnerabilities/importers/kaybee.py index 2f626dc9f..b7c23a491 100644 --- a/vulnerabilities/importers/kaybee.py +++ b/vulnerabilities/importers/kaybee.py @@ -22,11 +22,8 @@ from packageurl import PackageURL -from vulnerabilities.data_source import GitDataSource -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference -from vulnerabilities.helpers import load_yaml -from vulnerabilities.helpers import nearest_patched_package +from vulnerabilities.data_source import Advisory, GitDataSource, Reference +from vulnerabilities.helpers import load_yaml, nearest_patched_package class KaybeeDataSource(GitDataSource): diff --git a/vulnerabilities/importers/nginx.py b/vulnerabilities/importers/nginx.py index e5be6247c..cb4083087 100644 --- a/vulnerabilities/importers/nginx.py +++ b/vulnerabilities/importers/nginx.py @@ -24,17 +24,14 @@ import dataclasses import requests -from packageurl import PackageURL from bs4 import BeautifulSoup +from packageurl import PackageURL from univers.version_specifier import VersionSpecifier from univers.versions import SemverVersion -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import DataSource -from vulnerabilities.data_source import DataSourceConfiguration -from vulnerabilities.data_source import Reference -from vulnerabilities.package_managers import GitHubTagsAPI +from vulnerabilities.data_source import Advisory, DataSource, DataSourceConfiguration, Reference from vulnerabilities.helpers import nearest_patched_package +from vulnerabilities.package_managers import GitHubTagsAPI @dataclasses.dataclass diff --git a/vulnerabilities/importers/npm.py b/vulnerabilities/importers/npm.py index 76c6fbc28..345e57775 100644 --- a/vulnerabilities/importers/npm.py +++ b/vulnerabilities/importers/npm.py @@ -22,26 +22,19 @@ # Visit https://github.com/nexB/vulnerablecode/ for support and download. import asyncio -from typing import Any -from typing import List -from typing import Mapping -from typing import Set -from typing import Tuple +from typing import Any, List, Mapping, Set, Tuple from urllib.error import HTTPError from urllib.parse import quote from urllib.request import urlopen from dateutil.parser import parse +from packageurl import PackageURL from univers.version_specifier import VersionSpecifier from univers.versions import SemverVersion -from packageurl import PackageURL -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import GitDataSource -from vulnerabilities.data_source import Reference +from vulnerabilities.data_source import Advisory, GitDataSource, Reference +from vulnerabilities.helpers import load_json, nearest_patched_package from vulnerabilities.package_managers import NpmVersionAPI -from vulnerabilities.helpers import load_json -from vulnerabilities.helpers import nearest_patched_package NPM_URL = "https://registry.npmjs.org{}" diff --git a/vulnerabilities/importers/nvd.py b/vulnerabilities/importers/nvd.py index 7af45dd4d..6c8f04ce9 100644 --- a/vulnerabilities/importers/nvd.py +++ b/vulnerabilities/importers/nvd.py @@ -23,16 +23,18 @@ import dataclasses import gzip import json -from dateutil import parser as dateparser from datetime import date import requests +from dateutil import parser as dateparser -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import DataSource -from vulnerabilities.data_source import DataSourceConfiguration -from vulnerabilities.data_source import Reference -from vulnerabilities.data_source import VulnerabilitySeverity +from vulnerabilities.data_source import ( + Advisory, + DataSource, + DataSourceConfiguration, + Reference, + VulnerabilitySeverity, +) from vulnerabilities.helpers import create_etag from vulnerabilities.severity_systems import scoring_systems diff --git a/vulnerabilities/importers/openssl.py b/vulnerabilities/importers/openssl.py index 4d090b2ed..9db6456fd 100644 --- a/vulnerabilities/importers/openssl.py +++ b/vulnerabilities/importers/openssl.py @@ -22,18 +22,14 @@ import dataclasses import re -from typing import Set import xml.etree.ElementTree as ET +from typing import Set -from packageurl import PackageURL import requests +from packageurl import PackageURL -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import DataSource -from vulnerabilities.data_source import Reference -from vulnerabilities.data_source import DataSourceConfiguration -from vulnerabilities.helpers import create_etag -from vulnerabilities.helpers import nearest_patched_package +from vulnerabilities.data_source import Advisory, DataSource, DataSourceConfiguration, Reference +from vulnerabilities.helpers import create_etag, nearest_patched_package @dataclasses.dataclass diff --git a/vulnerabilities/importers/postgresql.py b/vulnerabilities/importers/postgresql.py index 39991309e..1ee27c3b8 100644 --- a/vulnerabilities/importers/postgresql.py +++ b/vulnerabilities/importers/postgresql.py @@ -21,16 +21,13 @@ # Visit https://github.com/nexB/vulnerablecode/ for support and download. import dataclasses +import urllib.parse as urlparse +import requests from bs4 import BeautifulSoup from packageurl import PackageURL -import requests -import urllib.parse as urlparse -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import DataSource -from vulnerabilities.data_source import Reference -from vulnerabilities.data_source import VulnerabilitySeverity +from vulnerabilities.data_source import Advisory, DataSource, Reference, VulnerabilitySeverity from vulnerabilities.helpers import nearest_patched_package from vulnerabilities.severity_systems import scoring_systems diff --git a/vulnerabilities/importers/project_kb_msr2019.py b/vulnerabilities/importers/project_kb_msr2019.py index 8b97eccf1..9d92c7fda 100644 --- a/vulnerabilities/importers/project_kb_msr2019.py +++ b/vulnerabilities/importers/project_kb_msr2019.py @@ -29,13 +29,8 @@ # Use `urllib.request` for that purpose. from packageurl import PackageURL - -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import DataSource -from vulnerabilities.data_source import Reference -from vulnerabilities.data_source import DataSourceConfiguration -from vulnerabilities.helpers import create_etag -from vulnerabilities.helpers import is_cve +from vulnerabilities.data_source import Advisory, DataSource, DataSourceConfiguration, Reference +from vulnerabilities.helpers import create_etag, is_cve @dataclasses.dataclass diff --git a/vulnerabilities/importers/redhat.py b/vulnerabilities/importers/redhat.py index 8074841b5..8c9905498 100644 --- a/vulnerabilities/importers/redhat.py +++ b/vulnerabilities/importers/redhat.py @@ -23,13 +23,14 @@ import requests from packageurl import PackageURL -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import DataSource -from vulnerabilities.data_source import DataSourceConfiguration -from vulnerabilities.data_source import Reference -from vulnerabilities.data_source import VulnerabilitySeverity -from vulnerabilities.helpers import nearest_patched_package -from vulnerabilities.helpers import requests_with_5xx_retry +from vulnerabilities.data_source import ( + Advisory, + DataSource, + DataSourceConfiguration, + Reference, + VulnerabilitySeverity, +) +from vulnerabilities.helpers import nearest_patched_package, requests_with_5xx_retry from vulnerabilities.severity_systems import scoring_systems diff --git a/vulnerabilities/importers/retiredotnet.py b/vulnerabilities/importers/retiredotnet.py index 25e08b04d..4c1e7660c 100644 --- a/vulnerabilities/importers/retiredotnet.py +++ b/vulnerabilities/importers/retiredotnet.py @@ -22,14 +22,11 @@ import json import re -from typing import Set -from typing import List +from typing import List, Set from packageurl import PackageURL -from vulnerabilities.data_source import GitDataSource -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference +from vulnerabilities.data_source import Advisory, GitDataSource, Reference from vulnerabilities.helpers import AffectedPackage diff --git a/vulnerabilities/importers/ruby.py b/vulnerabilities/importers/ruby.py index a801a5f81..f935d38a0 100644 --- a/vulnerabilities/importers/ruby.py +++ b/vulnerabilities/importers/ruby.py @@ -21,19 +21,15 @@ # Visit https://github.com/nexB/vulnerablecode/ for support and download. import asyncio -from typing import Set -from typing import List +from typing import List, Set from packageurl import PackageURL from univers.version_specifier import VersionSpecifier from univers.versions import SemverVersion -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import GitDataSource -from vulnerabilities.data_source import Reference +from vulnerabilities.data_source import Advisory, GitDataSource, Reference +from vulnerabilities.helpers import load_yaml, nearest_patched_package from vulnerabilities.package_managers import RubyVersionAPI -from vulnerabilities.helpers import load_yaml -from vulnerabilities.helpers import nearest_patched_package class RubyDataSource(GitDataSource): diff --git a/vulnerabilities/importers/rust.py b/vulnerabilities/importers/rust.py index 557ff7d06..3284beb11 100644 --- a/vulnerabilities/importers/rust.py +++ b/vulnerabilities/importers/rust.py @@ -22,22 +22,16 @@ import asyncio from itertools import chain -from typing import Optional -from typing import List -from typing import Set -from typing import Tuple +from typing import List, Optional, Set, Tuple import toml +from packageurl import PackageURL from univers.version_specifier import VersionSpecifier from univers.versions import SemverVersion -from packageurl import PackageURL - -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import GitDataSource -from vulnerabilities.data_source import Reference -from vulnerabilities.package_managers import CratesVersionAPI +from vulnerabilities.data_source import Advisory, GitDataSource, Reference from vulnerabilities.helpers import nearest_patched_package +from vulnerabilities.package_managers import CratesVersionAPI class RustDataSource(GitDataSource): diff --git a/vulnerabilities/importers/safety_db.py b/vulnerabilities/importers/safety_db.py index 97ea5ae64..3d47b3c6a 100755 --- a/vulnerabilities/importers/safety_db.py +++ b/vulnerabilities/importers/safety_db.py @@ -25,29 +25,19 @@ import asyncio import dataclasses -import re import logging -from typing import Any -from typing import Iterable -from typing import Mapping -from typing import Set -from typing import Tuple +import re +from typing import Any, Iterable, Mapping, Set, Tuple import requests -from univers.version_specifier import VersionSpecifier -from univers.versions import PYPIVersion -from univers.versions import InvalidVersion from packageurl import PackageURL -from schema import Or -from schema import Regex -from schema import Schema - -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import DataSource -from vulnerabilities.data_source import DataSourceConfiguration -from vulnerabilities.data_source import Reference -from vulnerabilities.package_managers import PypiVersionAPI +from schema import Or, Regex, Schema +from univers.version_specifier import VersionSpecifier +from univers.versions import InvalidVersion, PYPIVersion + +from vulnerabilities.data_source import Advisory, DataSource, DataSourceConfiguration, Reference from vulnerabilities.helpers import nearest_patched_package +from vulnerabilities.package_managers import PypiVersionAPI logger = logging.getLogger(__name__) diff --git a/vulnerabilities/importers/suse_backports.py b/vulnerabilities/importers/suse_backports.py index c80d25969..3fad3b796 100644 --- a/vulnerabilities/importers/suse_backports.py +++ b/vulnerabilities/importers/suse_backports.py @@ -26,9 +26,7 @@ from bs4 import BeautifulSoup from packageurl import PackageURL -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import DataSource -from vulnerabilities.data_source import DataSourceConfiguration +from vulnerabilities.data_source import Advisory, DataSource, DataSourceConfiguration from vulnerabilities.helpers import create_etag diff --git a/vulnerabilities/importers/suse_scores.py b/vulnerabilities/importers/suse_scores.py index 3d853b0ce..98889334f 100644 --- a/vulnerabilities/importers/suse_scores.py +++ b/vulnerabilities/importers/suse_scores.py @@ -20,10 +20,7 @@ # VulnerableCode is a free software tool from nexB Inc. and others. # Visit https://github.com/nexB/vulnerablecode/ for support and download. -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import DataSource -from vulnerabilities.data_source import Reference -from vulnerabilities.data_source import VulnerabilitySeverity +from vulnerabilities.data_source import Advisory, DataSource, Reference, VulnerabilitySeverity from vulnerabilities.helpers import fetch_yaml from vulnerabilities.severity_systems import scoring_systems diff --git a/vulnerabilities/importers/ubuntu.py b/vulnerabilities/importers/ubuntu.py index dadc4e15d..b538530c6 100644 --- a/vulnerabilities/importers/ubuntu.py +++ b/vulnerabilities/importers/ubuntu.py @@ -25,19 +25,16 @@ import bz2 import dataclasses import logging -from typing import Iterable -from typing import List -from typing import Mapping -from typing import Set import xml.etree.ElementTree as ET +from typing import Iterable, List, Mapping, Set +import requests from aiohttp import ClientSession from aiohttp.client_exceptions import ClientResponseError -import requests -from vulnerabilities.data_source import OvalDataSource, DataSourceConfiguration -from vulnerabilities.package_managers import LaunchpadVersionAPI +from vulnerabilities.data_source import DataSourceConfiguration, OvalDataSource from vulnerabilities.helpers import create_etag +from vulnerabilities.package_managers import LaunchpadVersionAPI logger = logging.getLogger(__name__) diff --git a/vulnerabilities/importers/ubuntu_usn.py b/vulnerabilities/importers/ubuntu_usn.py index 2810b19a0..4157aa90a 100644 --- a/vulnerabilities/importers/ubuntu_usn.py +++ b/vulnerabilities/importers/ubuntu_usn.py @@ -27,11 +27,8 @@ import requests from packageurl import PackageURL -from vulnerabilities.data_source import DataSource -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference -from vulnerabilities.helpers import create_etag -from vulnerabilities.helpers import is_cve +from vulnerabilities.data_source import Advisory, DataSource, Reference +from vulnerabilities.helpers import create_etag, is_cve @dataclasses.dataclass diff --git a/vulnerabilities/lib_oval.py b/vulnerabilities/lib_oval.py index 80366364e..49f80a26a 100644 --- a/vulnerabilities/lib_oval.py +++ b/vulnerabilities/lib_oval.py @@ -93,13 +93,12 @@ - Redo getter/setter for OvalRepository status elements. """ -import os, xml.etree +import datetime +import os +import xml.etree from xml.etree import ElementTree from xml.etree.ElementTree import Element -import datetime - - # __docformat__ = "Epytext en" diff --git a/vulnerabilities/management/commands/import.py b/vulnerabilities/management/commands/import.py index 3a76fce09..b567eb2ae 100644 --- a/vulnerabilities/management/commands/import.py +++ b/vulnerabilities/management/commands/import.py @@ -21,15 +21,14 @@ # VulnerableCode is a free software code scanning tool from nexB Inc. and others. # Visit https://github.com/nexB/vulnerablecode/ for support and download. -from datetime import datetime import traceback +from datetime import datetime -from django.core.management.base import BaseCommand -from django.core.management.base import CommandError +from django.core.management.base import BaseCommand, CommandError -from vulnerabilities.models import Importer from vulnerabilities.import_runner import ImportRunner from vulnerabilities.importer_yielder import load_importers +from vulnerabilities.models import Importer class Command(BaseCommand): diff --git a/vulnerabilities/migrations/0001_initial.py b/vulnerabilities/migrations/0001_initial.py index cb18d9680..21684b76f 100644 --- a/vulnerabilities/migrations/0001_initial.py +++ b/vulnerabilities/migrations/0001_initial.py @@ -1,8 +1,8 @@ # Generated by Django 3.0.7 on 2021-02-18 06:13 import django.contrib.postgres.fields.jsonb -from django.db import migrations, models import django.db.models.deletion +from django.db import migrations, models class Migration(migrations.Migration): diff --git a/vulnerabilities/migrations/0002_add_patched_package.py b/vulnerabilities/migrations/0002_add_patched_package.py index d2024a2f7..716540949 100644 --- a/vulnerabilities/migrations/0002_add_patched_package.py +++ b/vulnerabilities/migrations/0002_add_patched_package.py @@ -1,7 +1,7 @@ # Generated by Django 3.0.13 on 2021-04-04 06:32 -from django.db import migrations, models import django.db.models.deletion +from django.db import migrations, models class Migration(migrations.Migration): diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py index b8d256115..671e23953 100644 --- a/vulnerabilities/models.py +++ b/vulnerabilities/models.py @@ -23,12 +23,12 @@ import importlib from datetime import datetime -from django.db import models import django.contrib.postgres.fields as pgfields from django.core.exceptions import ValidationError +from django.db import models from django.utils.translation import ugettext_lazy as _ -from packageurl.contrib.django.models import PackageURLMixin from packageurl import PackageURL +from packageurl.contrib.django.models import PackageURLMixin from vulnerabilities.data_source import DataSource from vulnerabilities.severity_systems import scoring_systems diff --git a/vulnerabilities/oval_parser.py b/vulnerabilities/oval_parser.py index 059df3d9b..86c87a472 100755 --- a/vulnerabilities/oval_parser.py +++ b/vulnerabilities/oval_parser.py @@ -21,18 +21,10 @@ # Visit https://github.com/nexB/vulnerablecode/ for support and download. import re -from typing import Optional -from typing import List -from typing import Dict -from typing import Tuple -from typing import Set import xml.etree.ElementTree as ET +from typing import Dict, List, Optional, Set, Tuple -from vulnerabilities.lib_oval import OvalDefinition -from vulnerabilities.lib_oval import OvalDocument -from vulnerabilities.lib_oval import OvalObject -from vulnerabilities.lib_oval import OvalState -from vulnerabilities.lib_oval import OvalTest +from vulnerabilities.lib_oval import OvalDefinition, OvalDocument, OvalObject, OvalState, OvalTest class OvalParser: diff --git a/vulnerabilities/package_managers.py b/vulnerabilities/package_managers.py index 501949201..bc5ef8d72 100644 --- a/vulnerabilities/package_managers.py +++ b/vulnerabilities/package_managers.py @@ -21,15 +21,12 @@ # Visit https://github.com/nexB/vulnerablecode/ for support and download. import asyncio -from json import JSONDecodeError -from typing import Mapping -from typing import Set -from typing import List import xml.etree.ElementTree as ET +from json import JSONDecodeError +from typing import List, Mapping, Set from aiohttp import ClientSession -from aiohttp.client_exceptions import ClientResponseError -from aiohttp.client_exceptions import ServerDisconnectedError +from aiohttp.client_exceptions import ClientResponseError, ServerDisconnectedError class VersionAPI: diff --git a/vulnerabilities/tests/test_alpine.py b/vulnerabilities/tests/test_alpine.py index 8b1e75a0a..fdb0ad0d1 100644 --- a/vulnerabilities/tests/test_alpine.py +++ b/vulnerabilities/tests/test_alpine.py @@ -22,14 +22,11 @@ # Visit https://github.com/nexB/vulnerablecode/ for support and download. import os from unittest import TestCase -from unittest.mock import MagicMock -from unittest.mock import patch +from unittest.mock import MagicMock, patch -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference +from vulnerabilities.data_source import Advisory, Reference from vulnerabilities.importers.alpine_linux import AlpineDataSource - BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data", "alpine", "v3.11") diff --git a/vulnerabilities/tests/test_apache_httpd.py b/vulnerabilities/tests/test_apache_httpd.py index 384696646..c84ab20e9 100644 --- a/vulnerabilities/tests/test_apache_httpd.py +++ b/vulnerabilities/tests/test_apache_httpd.py @@ -20,20 +20,18 @@ # VulnerableCode is a free software from nexB Inc. and others. # Visit https://github.com/nexB/vulnerablecode/ for support and download. -import os import json +import os from unittest import TestCase from packageurl import PackageURL from univers.version_specifier import VersionSpecifier -from vulnerabilities.data_source import Reference -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import VulnerabilitySeverity +from vulnerabilities.data_source import Advisory, Reference, VulnerabilitySeverity +from vulnerabilities.helpers import AffectedPackage +from vulnerabilities.importers.apache_httpd import ApacheHTTPDDataSource from vulnerabilities.package_managers import GitHubTagsAPI from vulnerabilities.severity_systems import scoring_systems -from vulnerabilities.importers.apache_httpd import ApacheHTTPDDataSource -from vulnerabilities.helpers import AffectedPackage BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data", "apache_httpd", "CVE-1999-1199.json") diff --git a/vulnerabilities/tests/test_apache_kafka.py b/vulnerabilities/tests/test_apache_kafka.py index a2435b425..a53163942 100644 --- a/vulnerabilities/tests/test_apache_kafka.py +++ b/vulnerabilities/tests/test_apache_kafka.py @@ -26,12 +26,10 @@ from packageurl import PackageURL from univers.version_specifier import VersionSpecifier -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference -from vulnerabilities.package_managers import GitHubTagsAPI -from vulnerabilities.importers.apache_kafka import ApacheKafkaDataSource -from vulnerabilities.importers.apache_kafka import to_version_ranges +from vulnerabilities.data_source import Advisory, Reference from vulnerabilities.helpers import AffectedPackage +from vulnerabilities.importers.apache_kafka import ApacheKafkaDataSource, to_version_ranges +from vulnerabilities.package_managers import GitHubTagsAPI BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data", "apache_kafka", "cve-list.html") diff --git a/vulnerabilities/tests/test_apache_tomcat.py b/vulnerabilities/tests/test_apache_tomcat.py index 290ca3652..760f311b9 100644 --- a/vulnerabilities/tests/test_apache_tomcat.py +++ b/vulnerabilities/tests/test_apache_tomcat.py @@ -21,16 +21,14 @@ # Visit https://github.com/nexB/vulnerablecode/ for support and download. import os -from unittest.mock import MagicMock -from unittest.mock import patch from unittest import TestCase +from unittest.mock import MagicMock, patch from packageurl import PackageURL -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference -from vulnerabilities.importers.apache_tomcat import ApacheTomcatDataSource +from vulnerabilities.data_source import Advisory, Reference from vulnerabilities.helpers import AffectedPackage +from vulnerabilities.importers.apache_tomcat import ApacheTomcatDataSource BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data", "apache_tomcat", "security-9.html") diff --git a/vulnerabilities/tests/test_api.py b/vulnerabilities/tests/test_api.py index 98966a572..996f87af8 100644 --- a/vulnerabilities/tests/test_api.py +++ b/vulnerabilities/tests/test_api.py @@ -29,12 +29,10 @@ from django.test import TestCase from django.test.client import RequestFactory +from rest_framework.test import APIClient, APIRequestFactory from vulnerabilities.api import PackageSerializer from vulnerabilities.models import Package -from rest_framework.test import APIRequestFactory -from rest_framework.test import APIClient - BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data/") diff --git a/vulnerabilities/tests/test_data_source.py b/vulnerabilities/tests/test_data_source.py index 9ad19cd93..665500885 100644 --- a/vulnerabilities/tests/test_data_source.py +++ b/vulnerabilities/tests/test_data_source.py @@ -23,19 +23,21 @@ import os import shutil import tempfile +import xml.etree.ElementTree as ET import zipfile from unittest import TestCase -from unittest.mock import MagicMock -from unittest.mock import patch -import xml.etree.ElementTree as ET +from unittest.mock import MagicMock, patch import git - import pytest from packageurl import PackageURL -from vulnerabilities.data_source import GitDataSource, _include_file, OvalDataSource -from vulnerabilities.data_source import InvalidConfigurationError +from vulnerabilities.data_source import ( + GitDataSource, + InvalidConfigurationError, + OvalDataSource, + _include_file, +) from vulnerabilities.oval_parser import OvalParser BASE_DIR = os.path.dirname(os.path.abspath(__file__)) diff --git a/vulnerabilities/tests/test_debian.py b/vulnerabilities/tests/test_debian.py index e67511b36..dccbc96e5 100644 --- a/vulnerabilities/tests/test_debian.py +++ b/vulnerabilities/tests/test_debian.py @@ -22,8 +22,7 @@ # Visit https://github.com/nexB/vulnerablecode/ for support and download. import json import os -from unittest.mock import patch -from unittest.mock import MagicMock +from unittest.mock import MagicMock, patch from django.test import TestCase diff --git a/vulnerabilities/tests/test_debian_oval.py b/vulnerabilities/tests/test_debian_oval.py index e7b298834..7099a71c1 100644 --- a/vulnerabilities/tests/test_debian_oval.py +++ b/vulnerabilities/tests/test_debian_oval.py @@ -1,14 +1,13 @@ import os import unittest -from unittest.mock import patch import xml.etree.ElementTree as ET +from unittest.mock import patch from packageurl import PackageURL -from vulnerabilities.importers.debian_oval import DebianOvalDataSource from vulnerabilities.data_source import Advisory from vulnerabilities.helpers import AffectedPackage - +from vulnerabilities.importers.debian_oval import DebianOvalDataSource BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data/") diff --git a/vulnerabilities/tests/test_elixir_security.py b/vulnerabilities/tests/test_elixir_security.py index 774a2209f..3494379d4 100644 --- a/vulnerabilities/tests/test_elixir_security.py +++ b/vulnerabilities/tests/test_elixir_security.py @@ -26,11 +26,10 @@ from packageurl import PackageURL -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference +from vulnerabilities.data_source import Advisory, Reference +from vulnerabilities.helpers import AffectedPackage from vulnerabilities.importers.elixir_security import ElixirSecurityDataSource from vulnerabilities.package_managers import HexVersionAPI -from vulnerabilities.helpers import AffectedPackage BASE_DIR = os.path.dirname(os.path.abspath(__file__)) diff --git a/vulnerabilities/tests/test_gentoo.py b/vulnerabilities/tests/test_gentoo.py index 1cafb7b86..d74dbc3bd 100644 --- a/vulnerabilities/tests/test_gentoo.py +++ b/vulnerabilities/tests/test_gentoo.py @@ -28,11 +28,9 @@ from packageurl import PackageURL -from vulnerabilities.importers.gentoo import GentooDataSource -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference +from vulnerabilities.data_source import Advisory, Reference from vulnerabilities.helpers import AffectedPackage - +from vulnerabilities.importers.gentoo import GentooDataSource BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data/gentoo/glsa-201709-09.xml") diff --git a/vulnerabilities/tests/test_github.py b/vulnerabilities/tests/test_github.py index 3306b75a5..1af145eaf 100644 --- a/vulnerabilities/tests/test_github.py +++ b/vulnerabilities/tests/test_github.py @@ -20,29 +20,21 @@ # VulnerableCode is a free software code scanning tool from nexB Inc. and others. # Visit https://github.com/nexB/vulnerablecode/ for support and download. -import os import json -from unittest import TestCase -from unittest.mock import patch -from unittest.mock import MagicMock -from unittest.mock import call +import os import xml.etree.ElementTree as ET from collections import OrderedDict +from unittest import TestCase +from unittest.mock import MagicMock, call, patch -from requests.models import Response from packageurl import PackageURL +from requests.models import Response -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference -from vulnerabilities.data_source import VulnerabilitySeverity -from vulnerabilities.importers.github import GitHubAPIDataSource -from vulnerabilities.package_managers import MavenVersionAPI -from vulnerabilities.package_managers import NugetVersionAPI -from vulnerabilities.package_managers import ComposerVersionAPI -from vulnerabilities.severity_systems import ScoringSystem -from vulnerabilities.importers.github import GitHubTokenError -from vulnerabilities.importers.github import query +from vulnerabilities.data_source import Advisory, Reference, VulnerabilitySeverity from vulnerabilities.helpers import AffectedPackage +from vulnerabilities.importers.github import GitHubAPIDataSource, GitHubTokenError, query +from vulnerabilities.package_managers import ComposerVersionAPI, MavenVersionAPI, NugetVersionAPI +from vulnerabilities.severity_systems import ScoringSystem BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data") diff --git a/vulnerabilities/tests/test_helpers.py b/vulnerabilities/tests/test_helpers.py index 994d6659e..72e659d27 100644 --- a/vulnerabilities/tests/test_helpers.py +++ b/vulnerabilities/tests/test_helpers.py @@ -22,8 +22,7 @@ import dataclasses from unittest import TestCase -from unittest.mock import patch -from unittest.mock import MagicMock +from unittest.mock import MagicMock, patch from vulnerabilities.data_source import DataSource from vulnerabilities.helpers import create_etag diff --git a/vulnerabilities/tests/test_import_cmd.py b/vulnerabilities/tests/test_import_cmd.py index c937e211b..b30ce04e0 100644 --- a/vulnerabilities/tests/test_import_cmd.py +++ b/vulnerabilities/tests/test_import_cmd.py @@ -20,13 +20,13 @@ # VulnerableCode is a free software tool from nexB Inc. and others. # Visit https://github.com/nexB/vulnerablecode/ for support and download. -from unittest.mock import patch from io import StringIO +from unittest.mock import patch +import pytest from django.core.management import call_command from django.core.management.base import CommandError from django.test import TestCase -import pytest from vulnerabilities.models import Importer diff --git a/vulnerabilities/tests/test_import_runner.py b/vulnerabilities/tests/test_import_runner.py index e0810357f..26a6b2efa 100644 --- a/vulnerabilities/tests/test_import_runner.py +++ b/vulnerabilities/tests/test_import_runner.py @@ -25,12 +25,9 @@ from datetime import datetime from vulnerabilities import models -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import DataSource -from vulnerabilities.data_source import PackageURL -from vulnerabilities.data_source import Reference -from vulnerabilities.import_runner import ImportRunner +from vulnerabilities.data_source import Advisory, DataSource, PackageURL, Reference from vulnerabilities.helpers import AffectedPackage +from vulnerabilities.import_runner import ImportRunner # from vulnerabilities.import_runner import _insert_vulnerabilities_and_references diff --git a/vulnerabilities/tests/test_istio.py b/vulnerabilities/tests/test_istio.py index f17dc64ed..8e8d12aa9 100644 --- a/vulnerabilities/tests/test_istio.py +++ b/vulnerabilities/tests/test_istio.py @@ -27,9 +27,9 @@ from packageurl import PackageURL from vulnerabilities.data_source import Advisory, Reference +from vulnerabilities.helpers import AffectedPackage from vulnerabilities.importers.istio import IstioDataSource from vulnerabilities.package_managers import GitHubTagsAPI -from vulnerabilities.helpers import AffectedPackage BASE_DIR = os.path.dirname(os.path.abspath(__file__)) diff --git a/vulnerabilities/tests/test_msr2019.py b/vulnerabilities/tests/test_msr2019.py index 8976b4200..dc0f4ef39 100644 --- a/vulnerabilities/tests/test_msr2019.py +++ b/vulnerabilities/tests/test_msr2019.py @@ -27,11 +27,9 @@ from packageurl import PackageURL -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference +from vulnerabilities.data_source import Advisory, Reference from vulnerabilities.importers import ProjectKBMSRDataSource - BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data/kbmsr2019", "test_msr_data.csv") diff --git a/vulnerabilities/tests/test_nginx.py b/vulnerabilities/tests/test_nginx.py index 38551a46b..12272b0b5 100644 --- a/vulnerabilities/tests/test_nginx.py +++ b/vulnerabilities/tests/test_nginx.py @@ -26,12 +26,10 @@ from packageurl import PackageURL -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference +from vulnerabilities.data_source import Advisory, Reference +from vulnerabilities.helpers import AffectedPackage from vulnerabilities.importers.nginx import NginxDataSource from vulnerabilities.package_managers import GitHubTagsAPI -from vulnerabilities.helpers import AffectedPackage - BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data/nginx", "security_advisories.html") diff --git a/vulnerabilities/tests/test_npm.py b/vulnerabilities/tests/test_npm.py index 953cb1d96..43b8ec97d 100644 --- a/vulnerabilities/tests/test_npm.py +++ b/vulnerabilities/tests/test_npm.py @@ -24,15 +24,15 @@ import os import shutil import tempfile -from unittest.mock import patch import zipfile +from unittest.mock import patch from django.test import TestCase from vulnerabilities import models from vulnerabilities.import_runner import ImportRunner -from vulnerabilities.package_managers import NpmVersionAPI from vulnerabilities.importers.npm import categorize_versions +from vulnerabilities.package_managers import NpmVersionAPI BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data/") diff --git a/vulnerabilities/tests/test_nvd.py b/vulnerabilities/tests/test_nvd.py index d8d75a47c..9f5ac17a3 100644 --- a/vulnerabilities/tests/test_nvd.py +++ b/vulnerabilities/tests/test_nvd.py @@ -20,18 +20,16 @@ # VulnerableCode is a free software from nexB Inc. and others. # Visit https://github.com/nexB/vulnerablecode/ for support and download. -import os import json +import os +from unittest import TestCase + from dateutil import parser as dateparser -from unittest import TestCase +from vulnerabilities.data_source import Advisory, Reference, VulnerabilitySeverity from vulnerabilities.importers import NVDDataSource -from vulnerabilities.data_source import Reference -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import VulnerabilitySeverity from vulnerabilities.severity_systems import scoring_systems - BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data/nvd/nvd_test.json") diff --git a/vulnerabilities/tests/test_openssl.py b/vulnerabilities/tests/test_openssl.py index 093573ceb..62bb8f19b 100644 --- a/vulnerabilities/tests/test_openssl.py +++ b/vulnerabilities/tests/test_openssl.py @@ -26,10 +26,9 @@ from packageurl import PackageURL -from vulnerabilities.importers.openssl import OpenSSLDataSource -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference +from vulnerabilities.data_source import Advisory, Reference from vulnerabilities.helpers import AffectedPackage +from vulnerabilities.importers.openssl import OpenSSLDataSource BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data/", "openssl_xml_data.xml") diff --git a/vulnerabilities/tests/test_package_managers.py b/vulnerabilities/tests/test_package_managers.py index a74a46907..5b5f3c69b 100644 --- a/vulnerabilities/tests/test_package_managers.py +++ b/vulnerabilities/tests/test_package_managers.py @@ -21,17 +21,15 @@ # Visit https://github.com/nexB/vulnerablecode/ for support and download. import asyncio -import os import json -from unittest import TestCase -from unittest.mock import patch -from unittest.mock import MagicMock, AsyncMock +import os import xml.etree.ElementTree as ET +from unittest import TestCase +from unittest.mock import AsyncMock, MagicMock, patch + from aiohttp import test_utils -from vulnerabilities.package_managers import ComposerVersionAPI -from vulnerabilities.package_managers import MavenVersionAPI -from vulnerabilities.package_managers import NugetVersionAPI +from vulnerabilities.package_managers import ComposerVersionAPI, MavenVersionAPI, NugetVersionAPI BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data") diff --git a/vulnerabilities/tests/test_postgresql.py b/vulnerabilities/tests/test_postgresql.py index e903ab67b..818ea4c4f 100644 --- a/vulnerabilities/tests/test_postgresql.py +++ b/vulnerabilities/tests/test_postgresql.py @@ -25,14 +25,11 @@ from packageurl import PackageURL -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference -from vulnerabilities.data_source import VulnerabilitySeverity -from vulnerabilities.importers.postgresql import to_advisories +from vulnerabilities.data_source import Advisory, Reference, VulnerabilitySeverity from vulnerabilities.helpers import AffectedPackage +from vulnerabilities.importers.postgresql import to_advisories from vulnerabilities.severity_systems import ScoringSystem - BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data/postgresql", "advisories.html") diff --git a/vulnerabilities/tests/test_redhat_importer.py b/vulnerabilities/tests/test_redhat_importer.py index 01b9aacae..ac1816f3f 100644 --- a/vulnerabilities/tests/test_redhat_importer.py +++ b/vulnerabilities/tests/test_redhat_importer.py @@ -28,13 +28,9 @@ from packageurl import PackageURL import vulnerabilities.importers.redhat as redhat -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference -from vulnerabilities.data_source import VulnerabilitySeverity -from vulnerabilities.severity_systems import ScoringSystem -from vulnerabilities.severity_systems import scoring_systems +from vulnerabilities.data_source import Advisory, Reference, VulnerabilitySeverity from vulnerabilities.helpers import AffectedPackage - +from vulnerabilities.severity_systems import ScoringSystem, scoring_systems BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data/", "redhat.json") diff --git a/vulnerabilities/tests/test_retiredotnet.py b/vulnerabilities/tests/test_retiredotnet.py index 6f6bbde59..779a9633b 100644 --- a/vulnerabilities/tests/test_retiredotnet.py +++ b/vulnerabilities/tests/test_retiredotnet.py @@ -21,15 +21,14 @@ # Visit https://github.com/nexB/vulnerablecode/ for support and download. import os -from unittest import TestCase from collections import OrderedDict +from unittest import TestCase from packageurl import PackageURL -from vulnerabilities.importers.retiredotnet import RetireDotnetDataSource -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference +from vulnerabilities.data_source import Advisory, Reference from vulnerabilities.helpers import AffectedPackage +from vulnerabilities.importers.retiredotnet import RetireDotnetDataSource BASE_DIR = os.path.dirname(os.path.abspath(__file__)) diff --git a/vulnerabilities/tests/test_ruby.py b/vulnerabilities/tests/test_ruby.py index 664f001ed..1e6467516 100644 --- a/vulnerabilities/tests/test_ruby.py +++ b/vulnerabilities/tests/test_ruby.py @@ -22,18 +22,16 @@ import os import pathlib -from unittest.mock import patch -from unittest import TestCase from collections import OrderedDict +from unittest import TestCase +from unittest.mock import patch from packageurl import PackageURL +from vulnerabilities.data_source import Advisory, GitDataSourceConfiguration, Reference +from vulnerabilities.helpers import AffectedPackage from vulnerabilities.importers.ruby import RubyDataSource -from vulnerabilities.data_source import GitDataSourceConfiguration -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference from vulnerabilities.package_managers import RubyVersionAPI -from vulnerabilities.helpers import AffectedPackage BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data", "ruby") diff --git a/vulnerabilities/tests/test_rust.py b/vulnerabilities/tests/test_rust.py index f563ccc5e..10c1b9f31 100644 --- a/vulnerabilities/tests/test_rust.py +++ b/vulnerabilities/tests/test_rust.py @@ -25,12 +25,9 @@ from packageurl import PackageURL from univers.version_specifier import VersionSpecifier -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference -from vulnerabilities.importers.rust import categorize_versions -from vulnerabilities.importers.rust import get_advisory_data -from vulnerabilities.importers.rust import RustDataSource +from vulnerabilities.data_source import Advisory, Reference from vulnerabilities.helpers import AffectedPackage +from vulnerabilities.importers.rust import RustDataSource, categorize_versions, get_advisory_data BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data/rust") diff --git a/vulnerabilities/tests/test_safety_db.py b/vulnerabilities/tests/test_safety_db.py index 20bbc87b2..2434de17b 100644 --- a/vulnerabilities/tests/test_safety_db.py +++ b/vulnerabilities/tests/test_safety_db.py @@ -22,17 +22,18 @@ # Visit https://github.com/nexB/vulnerablecode/ for support and download. import json import os -from unittest.mock import patch from unittest import TestCase +from unittest.mock import patch from packageurl import PackageURL -from vulnerabilities.importers.safety_db import PypiVersionAPI -from vulnerabilities.importers.safety_db import categorize_versions -from vulnerabilities.importers.safety_db import SafetyDbDataSource -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference +from vulnerabilities.data_source import Advisory, Reference from vulnerabilities.helpers import AffectedPackage +from vulnerabilities.importers.safety_db import ( + PypiVersionAPI, + SafetyDbDataSource, + categorize_versions, +) BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data", "safety_db") diff --git a/vulnerabilities/tests/test_suse.py b/vulnerabilities/tests/test_suse.py index a4695d826..84753e09f 100644 --- a/vulnerabilities/tests/test_suse.py +++ b/vulnerabilities/tests/test_suse.py @@ -2,10 +2,8 @@ import unittest import xml.etree.ElementTree as ET - from vulnerabilities.oval_parser import OvalParser - BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data/") diff --git a/vulnerabilities/tests/test_suse_scores.py b/vulnerabilities/tests/test_suse_scores.py index f136ddb6b..e9973e88b 100644 --- a/vulnerabilities/tests/test_suse_scores.py +++ b/vulnerabilities/tests/test_suse_scores.py @@ -23,11 +23,9 @@ import os from unittest import TestCase -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference -from vulnerabilities.data_source import VulnerabilitySeverity -from vulnerabilities.importers.suse_scores import SUSESeverityScoreDataSource +from vulnerabilities.data_source import Advisory, Reference, VulnerabilitySeverity from vulnerabilities.helpers import load_yaml +from vulnerabilities.importers.suse_scores import SUSESeverityScoreDataSource from vulnerabilities.severity_systems import ScoringSystem BASE_DIR = os.path.dirname(os.path.abspath(__file__)) diff --git a/vulnerabilities/tests/test_ubuntu.py b/vulnerabilities/tests/test_ubuntu.py index 16d1f217b..92e6c026c 100644 --- a/vulnerabilities/tests/test_ubuntu.py +++ b/vulnerabilities/tests/test_ubuntu.py @@ -1,19 +1,16 @@ +import asyncio import os import unittest -from unittest.mock import patch -from unittest.mock import MagicMock import xml.etree.ElementTree as ET from collections import OrderedDict -import asyncio +from unittest.mock import MagicMock, patch from packageurl import PackageURL -from vulnerabilities.oval_parser import OvalParser -from vulnerabilities.importers.ubuntu import UbuntuDataSource -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference +from vulnerabilities.data_source import Advisory, Reference from vulnerabilities.helpers import AffectedPackage - +from vulnerabilities.importers.ubuntu import UbuntuDataSource +from vulnerabilities.oval_parser import OvalParser BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data/") diff --git a/vulnerabilities/tests/test_ubuntu_usn.py b/vulnerabilities/tests/test_ubuntu_usn.py index 7d94781eb..15c77f2e7 100644 --- a/vulnerabilities/tests/test_ubuntu_usn.py +++ b/vulnerabilities/tests/test_ubuntu_usn.py @@ -21,19 +21,16 @@ # Visit https://github.com/nexB/vulnerablecode/ for support and download. import bz2 -from collections import OrderedDict import json import os +from collections import OrderedDict from unittest import TestCase -from unittest.mock import MagicMock -from unittest.mock import patch +from unittest.mock import MagicMock, patch from packageurl import PackageURL -from vulnerabilities.data_source import Advisory -from vulnerabilities.data_source import Reference import vulnerabilities.importers.ubuntu_usn as ubuntu_usn - +from vulnerabilities.data_source import Advisory, Reference BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data/", "ubuntu_usn_db", "database-all.json.bz2") diff --git a/vulnerabilities/tests/test_upstream.py b/vulnerabilities/tests/test_upstream.py index a875f570e..75b0cd953 100644 --- a/vulnerabilities/tests/test_upstream.py +++ b/vulnerabilities/tests/test_upstream.py @@ -1,4 +1,5 @@ import pytest + from vulnerabilities import importers from vulnerabilities.importer_yielder import IMPORTER_REGISTRY diff --git a/vulnerabilities/views.py b/vulnerabilities/views.py index 8757239d7..8eea1266f 100644 --- a/vulnerabilities/views.py +++ b/vulnerabilities/views.py @@ -25,17 +25,13 @@ from django.core.paginator import Paginator from django.db.models import Count from django.http import HttpResponse -from django.shortcuts import render, redirect +from django.shortcuts import redirect, render from django.urls import reverse from django.views import View +from django.views.generic.edit import CreateView, DeleteView, UpdateView from django.views.generic.list import ListView -from django.views.generic.edit import UpdateView -from django.views.generic.edit import CreateView -from django.views.generic.edit import DeleteView - -from vulnerabilities import forms -from vulnerabilities import models +from vulnerabilities import forms, models from vulnerablecode.settings import ENABLE_CURATION diff --git a/vulnerablecode/urls.py b/vulnerablecode/urls.py index ad8f2ce23..e2f8c4074 100644 --- a/vulnerablecode/urls.py +++ b/vulnerablecode/urls.py @@ -27,19 +27,19 @@ from rest_framework import permissions from rest_framework.routers import DefaultRouter - -from vulnerabilities.api import PackageViewSet -from vulnerabilities.api import VulnerabilityViewSet -from vulnerabilities.views import HomePage -from vulnerabilities.views import PackageSearchView -from vulnerabilities.views import PackageUpdate -from vulnerabilities.views import PackageCreate -from vulnerabilities.views import PackageRelatedVulnerablityDelete -from vulnerabilities.views import PackageRelatedVulnerablityCreate -from vulnerabilities.views import VulnerabilityDetails -from vulnerabilities.views import VulnerabilitySearchView -from vulnerabilities.views import VulnerabilityCreate -from vulnerabilities.views import VulnerabilityReferenceCreate +from vulnerabilities.api import PackageViewSet, VulnerabilityViewSet +from vulnerabilities.views import ( + HomePage, + PackageCreate, + PackageRelatedVulnerablityCreate, + PackageRelatedVulnerablityDelete, + PackageSearchView, + PackageUpdate, + VulnerabilityCreate, + VulnerabilityDetails, + VulnerabilityReferenceCreate, + VulnerabilitySearchView, +) from vulnerablecode.settings import ENABLE_CURATION diff --git a/vulnerablecode/wsgi.py b/vulnerablecode/wsgi.py index c54bd22ee..ba292100b 100644 --- a/vulnerablecode/wsgi.py +++ b/vulnerablecode/wsgi.py @@ -10,10 +10,8 @@ import os from django.core.wsgi import get_wsgi_application - from whitenoise import WhiteNoise - os.environ.setdefault("DJANGO_SETTINGS_MODULE", "vulnerablecode.settings") application = get_wsgi_application()