Skip to content

Commit

Permalink
Adjust code with new imports
Browse files Browse the repository at this point in the history 
As part of the importers migrations, adjust to use new class names
for not-yet migrated importers.

This is mostly harmless as the code has not been migrated yet, but at
least most code now uses the proper new class names where possible.

Reference: #597
Signed-off-by: Philippe Ombredanne <[email protected]>
  • Loading branch information
@pombredanne
pombredanne committed Apr 11, 2022
1 parent f2de3d1 commit 6174e68
Show file tree
Hide file tree
Showing 49 changed files with 237 additions and 335 deletions.
4 changes: 2 additions & 2 deletions vulnerabilities/importer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -587,7 +587,7 @@ def get_data_from_xml_doc(self, xml_doc: ET.ElementTree, pkg_metadata={}) -> Lis
version_class = version_class_by_package_type[pkg_metadata["type"]]
version_scheme = version_class.scheme

affected_version_range = VersionSpecifier.from_scheme_version_spec_string(
affected_version_range = VersionRange.from_scheme_version_spec_string(
version_scheme, affected_version_range
)
all_versions = self.pkg_manager_api.get(package_name).valid_versions
Expand Down Expand Up @@ -618,7 +618,7 @@ def get_data_from_xml_doc(self, xml_doc: ET.ElementTree, pkg_metadata={}) -> Lis
)

all_adv.append(
Advisory(
AdvisoryData(
summary=description,
affected_packages=affected_packages,
vulnerability_id=vuln_id,
Expand Down
15 changes: 7 additions & 8 deletions vulnerabilities/importers/apache_httpd.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,22 +21,21 @@
# Visit https://github.com/nexB/vulnerablecode/ for support and download.

import asyncio
import dataclasses
import urllib

import requests
from bs4 import BeautifulSoup
from packageurl import PackageURL
from univers.version_specifier import VersionSpecifier
from univers.version_range import VersionRange
from univers.versions import SemverVersion

from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.importer import Advisory
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import Importer
from vulnerabilities.importer import Reference
from vulnerabilities.importer import VulnerabilitySeverity
from vulnerabilities.package_managers import GitHubTagsAPI
from vulnerabilities.severity_systems import scoring_systems
from vulnerabilities.severity_systems import APACHE_HTTPD


class ApacheHTTPDImporter(Importer):
Expand Down Expand Up @@ -78,7 +77,7 @@ def to_advisory(self, data):
if value:
severities.append(
VulnerabilitySeverity(
system=scoring_systems["apache_httpd"],
system=APACHE_HTTPD,
value=value,
)
)
Expand Down Expand Up @@ -118,7 +117,7 @@ def to_advisory(self, data):
]
)

return Advisory(
return AdvisoryData(
vulnerability_id=cve,
summary=description,
affected_packages=nearest_patched_package(affected_packages, fixed_packages),
Expand All @@ -133,13 +132,13 @@ def to_version_ranges(self, versions_data):
range_expression = version_data["version_affected"]
if range_expression == "<":
fixed_version_ranges.append(
VersionSpecifier.from_scheme_version_spec_string(
VersionRange.from_scheme_version_spec_string(
"semver", ">={}".format(version_value)
)
)
elif range_expression == "=" or range_expression == "?=":
affected_version_ranges.append(
VersionSpecifier.from_scheme_version_spec_string(
VersionRange.from_scheme_version_spec_string(
"semver", "{}".format(version_value)
)
)
Expand Down
12 changes: 6 additions & 6 deletions vulnerabilities/importers/apache_kafka.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,11 @@
import requests
from bs4 import BeautifulSoup
from packageurl import PackageURL
from univers.version_specifier import VersionSpecifier
from univers.version_range import VersionRange
from univers.versions import MavenVersion

from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.importer import Advisory
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import Importer
from vulnerabilities.importer import Reference
from vulnerabilities.package_managers import GitHubTagsAPI
Expand Down Expand Up @@ -93,7 +93,7 @@ def to_advisory(self, advisory_page):
]

advisories.append(
Advisory(
AdvisoryData(
vulnerability_id=cve_id,
summary=cve_description_paragraph.text,
affected_packages=nearest_patched_package(affected_packages, fixed_packages),
Expand All @@ -119,7 +119,7 @@ def to_version_ranges(version_range_text):
lower_bound = f">={lower_bound}"
upper_bound = f"<={upper_bound}"
version_ranges.append(
VersionSpecifier.from_scheme_version_spec_string(
VersionRange.from_scheme_version_spec_string(
"maven", f"{lower_bound},{upper_bound}"
)
)
Expand All @@ -128,12 +128,12 @@ def to_version_ranges(version_range_text):
# eg range_expression == "2.1.1 and later"
range_expression = range_expression.replace("and later", "")
version_ranges.append(
VersionSpecifier.from_scheme_version_spec_string("maven", f">={range_expression}")
VersionRange.from_scheme_version_spec_string("maven", f">={range_expression}")
)

else:
# eg range_expression == "3.0.0"
version_ranges.append(
VersionSpecifier.from_scheme_version_spec_string("maven", range_expression)
VersionRange.from_scheme_version_spec_string("maven", range_expression)
)
return version_ranges
21 changes: 9 additions & 12 deletions vulnerabilities/importers/apache_tomcat.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,19 +21,18 @@
# Visit https://github.com/nexB/vulnerablecode/ for support and download.

import asyncio
import dataclasses
import re

import requests
from bs4 import BeautifulSoup
from packageurl import PackageURL
from univers.version_specifier import VersionSpecifier
from univers.version_range import MavenVersionRange
from univers.versions import MavenVersion
from univers.versions import SemverVersion

from vulnerabilities.helpers import create_etag
from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.importer import Advisory
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import Importer
from vulnerabilities.importer import Reference
from vulnerabilities.package_managers import MavenVersionAPI
Expand Down Expand Up @@ -113,7 +112,7 @@ def to_advisories(self, apache_tomcat_advisory_html):
]

advisories.append(
Advisory(
AdvisoryData(
summary="",
affected_packages=nearest_patched_package(affected_packages, fixed_package),
vulnerability_id=cve_id,
Expand All @@ -126,19 +125,19 @@ def to_advisories(self, apache_tomcat_advisory_html):

def parse_version_ranges(string):
"""
This method yields VersionSpecifier objects obtained by
This method yields VersionRange objects obtained by
parsing `string`.
>>> list(parse_version_ranges("Affects: 9.0.0.M1 to 9.0.0.M9")) == [
... VersionSpecifier.from_scheme_version_spec_string('maven','<=9.0.0.M9,>=9.0.0.M1')
... VersionRange.from_scheme_version_spec_string('maven','<=9.0.0.M9,>=9.0.0.M1')
... ]
True
>>> list(parse_version_ranges("Affects: 9.0.0.M1")) == [
... VersionSpecifier.from_scheme_version_spec_string('maven','>=9.0.0.M1,<=9.0.0.M1')
... VersionRange.from_scheme_version_spec_string('maven','>=9.0.0.M1,<=9.0.0.M1')
... ]
True
>>> list(parse_version_ranges("Affects: 9.0.0.M1 to 9.0.0.M9, 1.2.3 to 3.4.5")) == [
... VersionSpecifier.from_scheme_version_spec_string('maven','<=9.0.0.M9,>=9.0.0.M1'),
... VersionSpecifier.from_scheme_version_spec_string('maven','<=3.4.5,>=1.2.3')
... VersionRange.from_scheme_version_spec_string('maven','<=9.0.0.M9,>=9.0.0.M1'),
... VersionRange.from_scheme_version_spec_string('maven','<=3.4.5,>=1.2.3')
... ]
True
"""
Expand All @@ -152,6 +151,4 @@ def parse_version_ranges(string):
else:
lower_bound = upper_bound = version_range

yield VersionSpecifier.from_scheme_version_spec_string(
"maven", f">={lower_bound},<={upper_bound}"
)
yield MavenVersionRange.from_native(f">={lower_bound},<={upper_bound}")
10 changes: 5 additions & 5 deletions vulnerabilities/importers/archlinux.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,19 +30,19 @@

from packageurl import PackageURL

from vulnerabilities import severity_systems
from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.importer import Advisory
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import Importer
from vulnerabilities.importer import Reference
from vulnerabilities.importer import VulnerabilitySeverity
from vulnerabilities.severity_systems import scoring_systems


class ArchlinuxImporter(Importer):
def __enter__(self):
self._api_response = self._fetch()

def updated_advisories(self) -> Set[Advisory]:
def updated_advisories(self) -> Set[AdvisoryData]:
advisories = []

for record in self._api_response:
Expand All @@ -54,7 +54,7 @@ def _fetch(self) -> Iterable[Mapping]:
with urlopen(self.config.archlinux_tracker_url) as response:
return json.load(response)

def _parse(self, record) -> List[Advisory]:
def _parse(self, record) -> List[AdvisoryData]:
advisories = []

for cve_id in record["issues"]:
Expand Down Expand Up @@ -88,7 +88,7 @@ def _parse(self, record) -> List[Advisory]:
url="https://security.archlinux.org/{}".format(record["name"]),
severities=[
VulnerabilitySeverity(
system=scoring_systems["avgs"], value=record["severity"]
system=severity_systems.ARCHLINUX, value=record["severity"]
)
],
)
Expand Down
8 changes: 4 additions & 4 deletions vulnerabilities/importers/debian.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
from packageurl import PackageURL

from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.importer import Advisory
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import Importer
from vulnerabilities.importer import Reference

Expand All @@ -45,7 +45,7 @@ def __enter__(self):
else:
self._api_response = {}

def updated_advisories(self) -> Set[Advisory]:
def updated_advisories(self) -> Set[AdvisoryData]:
advisories = []

for pkg_name, records in self._api_response.items():
Expand All @@ -56,7 +56,7 @@ def updated_advisories(self) -> Set[Advisory]:
def _fetch(self) -> Mapping[str, Any]:
return requests.get(self.config.debian_tracker_url).json()

def _parse(self, pkg_name: str, records: Mapping[str, Any]) -> List[Advisory]:
def _parse(self, pkg_name: str, records: Mapping[str, Any]) -> List[AdvisoryData]:
advisories = []
ignored_versions = {"3.8.20-4."}

Expand Down Expand Up @@ -111,7 +111,7 @@ def _parse(self, pkg_name: str, records: Mapping[str, Any]) -> List[Advisory]:
bug_url = f"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug={debianbug}"
references.append(Reference(url=bug_url, reference_id=debianbug))
advisories.append(
Advisory(
AdvisoryData(
vulnerability_id=cve_id,
affected_packages=nearest_patched_package(impacted_purls, resolved_purls),
summary=record.get("description", ""),
Expand Down
1 change: 0 additions & 1 deletion vulnerabilities/importers/debian_oval.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@


import asyncio
import dataclasses
import xml.etree.ElementTree as ET

import requests
Expand Down
11 changes: 5 additions & 6 deletions vulnerabilities/importers/elixir_security.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,12 @@
from typing import Set

from packageurl import PackageURL
from univers.version_specifier import VersionSpecifier
from univers.version_range import VersionRange
from univers.versions import SemverVersion

from vulnerabilities.helpers import load_yaml
from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.importer import Advisory
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import GitImporter
from vulnerabilities.importer import Reference
from vulnerabilities.package_managers import HexVersionAPI
Expand All @@ -48,7 +48,7 @@ def __enter__(self):
def set_api(self, packages):
asyncio.run(self.pkg_manager_api.load_api(packages))

def updated_advisories(self) -> Set[Advisory]:
def updated_advisories(self) -> Set[AdvisoryData]:
files = self._updated_files.union(self._added_files)
advisories = []
for f in files:
Expand Down Expand Up @@ -78,8 +78,7 @@ def get_versions_for_pkg_from_range_list(self, version_range_list, pkg_name):
if not version_range_list:
return [], all_version_list
version_ranges = [
VersionSpecifier.from_scheme_version_spec_string("semver", r)
for r in version_range_list
VersionRange.from_scheme_version_spec_string("semver", r) for r in version_range_list
]
for version in all_version_list:
version_obj = SemverVersion(version)
Expand Down Expand Up @@ -130,7 +129,7 @@ def process_file(self, path):
),
]

return Advisory(
return AdvisoryData(
summary=yaml_file["description"],
affected_packages=nearest_patched_package(vuln_purls, safe_purls),
vulnerability_id=cve_id,
Expand Down
6 changes: 3 additions & 3 deletions vulnerabilities/importers/gentoo.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
from packageurl import PackageURL

from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.importer import Advisory
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import GitImporter
from vulnerabilities.importer import Reference

Expand All @@ -41,7 +41,7 @@ def __enter__(self):
recursive=True, file_ext="xml"
)

def updated_advisories(self) -> Set[Advisory]:
def updated_advisories(self) -> Set[AdvisoryData]:
files = self._updated_files.union(self._added_files)
advisories = []
for f in files:
Expand Down Expand Up @@ -79,7 +79,7 @@ def process_file(self, file):
# It is very inefficient, to create new Advisory for each CVE
# this way, but there seems no alternative.
for cve in xml_data["cves"]:
advisory = Advisory(
advisory = AdvisoryData(
vulnerability_id=cve,
summary=xml_data["description"],
affected_packages=nearest_patched_package(
Expand Down
11 changes: 5 additions & 6 deletions vulnerabilities/importers/istio.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,12 +27,12 @@
import saneyaml
from dateutil import parser
from packageurl import PackageURL
from univers.version_specifier import VersionSpecifier
from univers.version_range import VersionRange
from univers.versions import SemverVersion

from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.helpers import split_markdown_front_matter
from vulnerabilities.importer import Advisory
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import GitImporter
from vulnerabilities.importer import Reference
from vulnerabilities.package_managers import GitHubTagsAPI
Expand All @@ -54,7 +54,7 @@ def __enter__(self):
def set_api(self):
asyncio.run(self.version_api.load_api(["istio/istio"]))

def updated_advisories(self) -> Set[Advisory]:
def updated_advisories(self) -> Set[AdvisoryData]:
files = self._added_files.union(self._updated_files)
advisories = []
for f in files:
Expand All @@ -76,8 +76,7 @@ def get_pkg_versions_from_ranges(self, version_range_list, release_date):
safe_pkg_versions = []
vuln_pkg_versions = []
version_ranges = [
VersionSpecifier.from_scheme_version_spec_string("semver", r)
for r in version_range_list
VersionRange.from_scheme_version_spec_string("semver", r) for r in version_range_list
]
for version in all_version:
version_obj = SemverVersion(version)
Expand Down Expand Up @@ -165,7 +164,7 @@ def process_file(self, path):
affected_packages.extend(nearest_patched_package(vuln_purls_github, safe_purls_github))

advisories.append(
Advisory(
AdvisoryData(
vulnerability_id=cve_id,
summary=data["description"],
affected_packages=affected_packages,
Expand Down
Loading

0 comments on commit 6174e68

Please sign in to comment.