Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Refactor] Rename vuln_references to references #377

Merged
merged 1 commit into from
Mar 15, 2021
Merged

[Refactor] Rename vuln_references to references #377

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/how-to-guides/add_new_importer.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ The Building Blocks A.K.A Prerequisites
summary: str
impacted_package_urls: Iterable[PackageURL]
resolved_package_urls: Iterable[PackageURL] = dataclasses.field(default_factory=list)
vuln_references: List[Reference] = dataclasses.field(default_factory=list)
references: List[Reference] = dataclasses.field(default_factory=list)
vulnerability_id: Optional[str] = None

class Reference:
Expand Down
14 changes: 7 additions & 7 deletions vulnerabilities/data_source.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,23 +86,23 @@ class Advisory:
vulnerability_id: Optional[str] = None
impacted_package_urls: Iterable[PackageURL] = dataclasses.field(default_factory=list)
resolved_package_urls: Iterable[PackageURL] = dataclasses.field(default_factory=list)
vuln_references: List[Reference] = dataclasses.field(default_factory=list)
references: List[Reference] = dataclasses.field(default_factory=list)

def normalized(self):
impacted_package_urls = {package_url for package_url in self.impacted_package_urls}
resolved_package_urls = {package_url for package_url in self.resolved_package_urls}
vuln_references = sorted(
self.vuln_references, key=lambda reference: (reference.reference_id, reference.url)
references = sorted(
self.references, key=lambda reference: (reference.reference_id, reference.url)
)
for index, _ in enumerate(self.vuln_references):
vuln_references[index] = vuln_references[index].normalized()
for index, _ in enumerate(self.references):
references[index] = references[index].normalized()

return Advisory(
summary=self.summary,
vulnerability_id=self.vulnerability_id,
impacted_package_urls=impacted_package_urls,
resolved_package_urls=resolved_package_urls,
vuln_references=vuln_references,
references=references,
)


Expand Down Expand Up @@ -566,7 +566,7 @@ def get_data_from_xml_doc(self, xml_doc: ET.ElementTree, pkg_metadata={}) -> Lis
impacted_package_urls=affected_purls,
resolved_package_urls=safe_purls,
vulnerability_id=vuln_id,
vuln_references=references,
references=references,
)
)
return all_adv
2 changes: 1 addition & 1 deletion vulnerabilities/import_runner.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ def process_advisories(data_source: DataSource) -> None:
for advisory in batch:
try:
vuln, vuln_created = _get_or_create_vulnerability(advisory)
for vuln_ref in advisory.vuln_references:
for vuln_ref in advisory.references:
ref, _ = models.VulnerabilityReference.objects.get_or_create(
vulnerability=vuln, reference_id=vuln_ref.reference_id, url=vuln_ref.url
)
Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/alpine_linux.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,7 @@ def _load_advisories(
summary="",
impacted_package_urls=[],
resolved_package_urls=resolved_purls,
vuln_references=references,
references=references,
vulnerability_id=vuln_ids[0] if vuln_ids[0] != "CVE-????-?????" else "",
)
)
Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/apache_kafka.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ def to_advisory(self, advisory_page):
summary=cve_description_paragraph.text,
impacted_package_urls=affected_packages,
resolved_package_urls=fixed_packages,
vuln_references=[
references=[
Reference(url=ASF_PAGE_URL),
Reference(
url=f"https://cve.mitre.org/cgi-bin/cvename.cgi?name={cve_id}",
Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/apache_tomcat.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ def to_advisories(self, apache_tomcat_advisory_html):
impacted_package_urls=affected_packages,
resolved_package_urls=fixed_package,
vulnerability_id=cve_id,
vuln_references=references,
references=references,
)
)

Expand Down
8 changes: 4 additions & 4 deletions vulnerabilities/importers/archlinux.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,8 +108,8 @@ def _parse(self, record) -> List[Advisory]:
)
)

vuln_references = []
vuln_references.append(
references = []
references.append(
Reference(
reference_id=record["name"],
url="https://security.archlinux.org/{}".format(record["name"]),
Expand All @@ -122,7 +122,7 @@ def _parse(self, record) -> List[Advisory]:
)

for ref in record["advisories"]:
vuln_references.append(
references.append(
Reference(
reference_id=ref,
url="https://security.archlinux.org/{}".format(ref),
Expand All @@ -135,7 +135,7 @@ def _parse(self, record) -> List[Advisory]:
summary="",
impacted_package_urls=impacted_purls,
resolved_package_urls=resolved_purls,
vuln_references=vuln_references,
references=references,
)
)

Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/debian.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ def _parse(self, pkg_name: str, records: Mapping[str, Any]) -> List[Advisory]:
summary=record.get("description", ""),
impacted_package_urls=impacted_purls,
resolved_package_urls=resolved_purls,
vuln_references=references,
references=references,
)
)

Expand Down
4 changes: 2 additions & 2 deletions vulnerabilities/importers/elixir_security.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ def process_file(self, path):
PackageURL(name=pkg_name, type="hex", version=version) for version in vuln_pkg_versions
}

vuln_references = [
references = [
Reference(
reference_id=yaml_file["id"],
),
Expand All @@ -140,5 +140,5 @@ def process_file(self, path):
impacted_package_urls=vuln_purls,
resolved_package_urls=safe_purls,
vulnerability_id=cve_id,
vuln_references=vuln_references,
references=references,
)
2 changes: 1 addition & 1 deletion vulnerabilities/importers/gentoo.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ def process_file(self, file):
summary=xml_data["description"],
impacted_package_urls=xml_data["affected_purls"],
resolved_package_urls=xml_data["unaffected_purls"],
vuln_references=vuln_reference,
references=vuln_reference,
)
advisory_list.append(advisory)
return advisory_list
Expand Down
6 changes: 3 additions & 3 deletions vulnerabilities/importers/github.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -216,7 +216,7 @@ def process_response(self) -> List[Advisory]:
unaffected_purls = set()

cve_ids = set()
vuln_references = self.extract_references(adv["node"]["advisory"]["references"])
references = self.extract_references(adv["node"]["advisory"]["references"])
vuln_desc = adv["node"]["advisory"]["summary"]

for identifier in adv["node"]["advisory"]["identifiers"]:
Expand All @@ -226,7 +226,7 @@ def process_response(self) -> List[Advisory]:

# attach the GHSA with severity score
if identifier["type"] == "GHSA":
for ref in vuln_references:
for ref in references:
if ref.reference_id == identifier["value"]:
ref.severities = [
VulnerabilitySeverity(
Expand All @@ -245,7 +245,7 @@ def process_response(self) -> List[Advisory]:
summary=vuln_desc,
impacted_package_urls=affected_purls,
resolved_package_urls=unaffected_purls,
vuln_references=vuln_references,
references=references,
)
)
return adv_list
Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/kaybee.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,5 +70,5 @@ def yaml_file_to_advisory(yaml_path):
summary=summary,
impacted_package_urls=impacted_packages,
resolved_package_urls=resolved_packages,
vuln_references=references,
references=references,
)
2 changes: 1 addition & 1 deletion vulnerabilities/importers/npm.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ def process_file(self, file) -> List[Advisory]:
vulnerability_id=cve_id,
impacted_package_urls=impacted_purls,
resolved_package_urls=resolved_purls,
vuln_references=vuln_reference,
references=vuln_reference,
)
)
return advisories
Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/nvd.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ def to_advisories(self, nvd_data):
yield Advisory(
vulnerability_id=cve_id,
summary=summary,
vuln_references=references,
references=references,
impacted_package_urls=[], # nopep8
)

Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/openssl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ def to_advisories(xml_response: str) -> Set[Advisory]:
summary=summary,
impacted_package_urls=vuln_purls,
resolved_package_urls=safe_purls,
vuln_references=ref_urls,
references=ref_urls,
)
advisories.append(advisory)

Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/postgresql.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ def to_advisories(data):
Advisory(
vulnerability_id=cve_id,
summary=summary,
vuln_references=references,
references=references,
impacted_package_urls=affected_packages,
resolved_package_urls=fixed_packages,
)
Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/project_kb_msr2019.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ def to_advisories(csv_reader):
Advisory(
summary="",
impacted_package_urls=[],
vuln_references=[reference],
references=[reference],
cve_id=vuln_id,
)
)
Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/redhat.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ def to_advisory(advisory_data):
vulnerability_id=advisory_data["CVE"],
summary=advisory_data["bugzilla_description"],
impacted_package_urls=affected_purls,
vuln_references=references,
references=references,
)


Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/retiredotnet.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,5 +98,5 @@ def process_file(self, path) -> List[Advisory]:
impacted_package_urls=affected_purls,
resolved_package_urls=fixed_purls,
vulnerability_id=vuln_id,
vuln_references=vuln_reference,
references=vuln_reference,
)
2 changes: 1 addition & 1 deletion vulnerabilities/importers/ruby.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ def process_file(self, path) -> List[Advisory]:
summary=record.get("description", ""),
impacted_package_urls=impacted_purls,
resolved_package_urls=resolved_purls,
vuln_references=references,
references=references,
vulnerability_id=cve_id,
)

Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/rust.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ def _load_advisory(self, path: str) -> Optional[Advisory]:
impacted_package_urls=impacted_purls,
resolved_package_urls=resolved_purls,
vulnerability_id=cve_id,
vuln_references=references,
references=references,
)


Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/safety_db.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ def updated_advisories(self) -> Set[Advisory]:
Advisory(
vulnerability_id=cve_id,
summary=advisory["advisory"],
vuln_references=reference,
references=reference,
impacted_package_urls=impacted_purls,
resolved_package_urls=resolved_purls,
)
Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/suse_scores.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ def to_advisory(score_data):
vulnerability_id=cve_id,
summary="",
impacted_package_urls=[],
vuln_references=[Reference(url=URL, severities=severities)],
references=[Reference(url=URL, severities=severities)],
)
)
return advisories
2 changes: 1 addition & 1 deletion vulnerabilities/importers/ubuntu_usn.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ def to_advisories(usn_db):
impacted_package_urls=[],
resolved_package_urls=safe_purls,
summary="",
vuln_references=[reference],
references=[reference],
)
)

Expand Down
12 changes: 6 additions & 6 deletions vulnerabilities/tests/test_alpine.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ def test__process_link(self):
subpath=None,
)
},
vuln_references=[],
references=[],
vulnerability_id="CVE-2019-14904",
),
Advisory(
Expand All @@ -72,7 +72,7 @@ def test__process_link(self):
subpath=None,
)
},
vuln_references=[],
references=[],
vulnerability_id="CVE-2019-14905",
),
Advisory(
Expand All @@ -88,7 +88,7 @@ def test__process_link(self):
subpath=None,
)
},
vuln_references=[],
references=[],
vulnerability_id="CVE-2019-14846",
),
Advisory(
Expand All @@ -104,7 +104,7 @@ def test__process_link(self):
subpath=None,
)
},
vuln_references=[],
references=[],
vulnerability_id="CVE-2019-14856",
),
Advisory(
Expand All @@ -120,7 +120,7 @@ def test__process_link(self):
subpath=None,
)
},
vuln_references=[],
references=[],
vulnerability_id="CVE-2019-14858",
),
Advisory(
Expand All @@ -136,7 +136,7 @@ def test__process_link(self):
subpath=None,
)
},
vuln_references=[
references=[
Reference(
url="https://xenbits.xen.org/xsa/advisory-295.html", reference_id="XSA-295"
)
Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/tests/test_apache_kafka.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ def test_to_advisory(self):
subpath=None,
)
],
vuln_references=[
references=[
Reference(url="https://kafka.apache.org/cve-list", reference_id=""),
Reference(
url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17196",
Expand Down
8 changes: 4 additions & 4 deletions vulnerabilities/tests/test_apache_tomcat.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ def test_to_advisories(self):
subpath=None,
)
],
vuln_references=[
references=[
Reference(
url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0763",
reference_id="",
Expand Down Expand Up @@ -112,7 +112,7 @@ def test_to_advisories(self):
subpath=None,
)
],
vuln_references=[
references=[
Reference(
url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5351",
reference_id="",
Expand Down Expand Up @@ -158,7 +158,7 @@ def test_to_advisories(self):
subpath=None,
)
],
vuln_references=[
references=[
Reference(
url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0706",
reference_id="",
Expand Down Expand Up @@ -192,7 +192,7 @@ def test_to_advisories(self):
subpath=None,
)
],
vuln_references=[
references=[
Reference(
url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714",
reference_id="",
Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/tests/test_elixir_security.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ def test_process_file(self):
version="0.5.2",
),
},
vuln_references=[
references=[
Reference(
reference_id="2aae6e3a-24a3-4d5f-86ff-b964eaf7c6d1",
),
Expand Down
Loading