Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix pysec importer #739

Merged
merged 2 commits into from
May 20, 2022
Merged

Fix pysec importer #739

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ee1f0cf
Fix pysec importer
TG1999 May 20, 2022
ad96935
Add build_description in utils
TG1999 May 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions vulnerabilities/importer.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,12 +43,12 @@
from univers.version_range import VersionRange
from univers.versions import Version

from vulnerabilities.helpers import classproperty
from vulnerabilities.helpers import evolve_purl
from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.oval_parser import OvalParser
from vulnerabilities.severity_systems import SCORING_SYSTEMS
from vulnerabilities.severity_systems import ScoringSystem
from vulnerabilities.utils import classproperty
from vulnerabilities.utils import evolve_purl
from vulnerabilities.utils import nearest_patched_package

logger = logging.getLogger(__name__)

Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/alpine_linux.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@
from packageurl import PackageURL
from univers.versions import AlpineLinuxVersion

from vulnerabilities.helpers import is_cve
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import AffectedPackage
from vulnerabilities.importer import Importer
Expand All @@ -44,6 +43,7 @@
from vulnerabilities.references import WireSharkReference
from vulnerabilities.references import XsaReference
from vulnerabilities.references import ZbxReference
from vulnerabilities.utils import is_cve

LOGGER = logging.getLogger(__name__)
BASE_URL = "https://secdb.alpinelinux.org/"
Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/apache_httpd.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,13 +29,13 @@
from univers.version_range import VersionRange
from univers.versions import SemverVersion

from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import Importer
from vulnerabilities.importer import Reference
from vulnerabilities.importer import VulnerabilitySeverity
from vulnerabilities.package_managers import GitHubTagsAPI
from vulnerabilities.severity_systems import APACHE_HTTPD
from vulnerabilities.utils import nearest_patched_package


class ApacheHTTPDImporter(Importer):
Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/apache_kafka.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,11 @@
from univers.version_range import VersionRange
from univers.versions import MavenVersion

from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import Importer
from vulnerabilities.importer import Reference
from vulnerabilities.package_managers import GitHubTagsAPI
from vulnerabilities.utils import nearest_patched_package

GH_PAGE_URL = "https://raw.githubusercontent.com/apache/kafka-site/asf-site/cve-list.html"
ASF_PAGE_URL = "https://kafka.apache.org/cve-list"
Expand Down
4 changes: 2 additions & 2 deletions vulnerabilities/importers/apache_tomcat.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,12 @@
from univers.versions import MavenVersion
from univers.versions import SemverVersion

from vulnerabilities.helpers import create_etag
from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import Importer
from vulnerabilities.importer import Reference
from vulnerabilities.package_managers import MavenVersionAPI
from vulnerabilities.utils import create_etag
from vulnerabilities.utils import nearest_patched_package


class ApacheTomcatImporter(Importer):
Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/archlinux.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,11 +31,11 @@
from packageurl import PackageURL

from vulnerabilities import severity_systems
from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import Importer
from vulnerabilities.importer import Reference
from vulnerabilities.importer import VulnerabilitySeverity
from vulnerabilities.utils import nearest_patched_package


class ArchlinuxImporter(Importer):
Expand Down
10 changes: 5 additions & 5 deletions vulnerabilities/importers/debian.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,6 @@
from univers.version_range import DebianVersionRange
from univers.versions import DebianVersion

from vulnerabilities.helpers import AffectedPackage as LegacyAffectedPackage
from vulnerabilities.helpers import dedupe
from vulnerabilities.helpers import get_affected_packages_by_patched_package
from vulnerabilities.helpers import get_item
from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import AffectedPackage
from vulnerabilities.importer import Importer
Expand All @@ -47,6 +42,11 @@
from vulnerabilities.improver import Improver
from vulnerabilities.improver import Inference
from vulnerabilities.models import Advisory
from vulnerabilities.utils import AffectedPackage as LegacyAffectedPackage
from vulnerabilities.utils import dedupe
from vulnerabilities.utils import get_affected_packages_by_patched_package
from vulnerabilities.utils import get_item
from vulnerabilities.utils import nearest_patched_package

logger = logging.getLogger(__name__)

Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/debian_oval.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,9 @@

import requests

from vulnerabilities.helpers import create_etag
from vulnerabilities.importer import OvalImporter
from vulnerabilities.package_managers import DebianVersionAPI
from vulnerabilities.utils import create_etag


class DebianOvalImporter(OvalImporter):
Expand Down
4 changes: 2 additions & 2 deletions vulnerabilities/importers/elixir_security.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,12 @@
from univers.version_range import VersionRange
from univers.versions import SemverVersion

from vulnerabilities.helpers import load_yaml
from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import GitImporter
from vulnerabilities.importer import Reference
from vulnerabilities.package_managers import HexVersionAPI
from vulnerabilities.utils import load_yaml
from vulnerabilities.utils import nearest_patched_package


class ElixirSecurityImporter(GitImporter):
Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/gentoo.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,10 @@

from packageurl import PackageURL

from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import GitImporter
from vulnerabilities.importer import Reference
from vulnerabilities.utils import nearest_patched_package


class GentooImporter(GitImporter):
Expand Down
12 changes: 6 additions & 6 deletions vulnerabilities/importers/github.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,8 @@
from univers.version_range import VersionRange
from univers.version_range import build_range_from_github_advisory_constraint

from vulnerabilities import helpers
from vulnerabilities import severity_systems
from vulnerabilities.helpers import AffectedPackage as LegacyAffectedPackage
from vulnerabilities.helpers import get_affected_packages_by_patched_package
from vulnerabilities.helpers import get_item
from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities import utils
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import AffectedPackage
from vulnerabilities.importer import Importer
Expand All @@ -56,6 +52,10 @@
from vulnerabilities.package_managers import PypiVersionAPI
from vulnerabilities.package_managers import RubyVersionAPI
from vulnerabilities.package_managers import VersionAPI
from vulnerabilities.utils import AffectedPackage as LegacyAffectedPackage
from vulnerabilities.utils import get_affected_packages_by_patched_package
from vulnerabilities.utils import get_item
from vulnerabilities.utils import nearest_patched_package

logger = logging.getLogger(__name__)

Expand Down Expand Up @@ -191,7 +191,7 @@ def advisory_data(self) -> Iterable[AdvisoryData]:
end_cursor_exp = ""
while True:
graphql_query = {"query": GRAPHQL_QUERY_TEMPLATE % (ecosystem, end_cursor_exp)}
response = helpers.fetch_github_graphql_query(graphql_query)
response = utils.fetch_github_graphql_query(graphql_query)

page_info = get_item(response, "data", "securityVulnerabilities", "pageInfo")
end_cursor = get_item(page_info, "endCursor")
Expand Down
4 changes: 2 additions & 2 deletions vulnerabilities/importers/istio.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,12 @@
from univers.version_range import VersionRange
from univers.versions import SemverVersion

from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.helpers import split_markdown_front_matter
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import GitImporter
from vulnerabilities.importer import Reference
from vulnerabilities.package_managers import GitHubTagsAPI
from vulnerabilities.utils import nearest_patched_package
from vulnerabilities.utils import split_markdown_front_matter

is_release = re.compile(r"^[\d.]+$", re.IGNORECASE).match

Expand Down
4 changes: 2 additions & 2 deletions vulnerabilities/importers/kaybee.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,11 @@

from packageurl import PackageURL

from vulnerabilities.helpers import load_yaml
from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import GitImporter
from vulnerabilities.importer import Reference
from vulnerabilities.utils import load_yaml
from vulnerabilities.utils import nearest_patched_package


class KaybeeImporter(GitImporter):
Expand Down
4 changes: 2 additions & 2 deletions vulnerabilities/importers/mozilla.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,12 @@
from packageurl import PackageURL

from vulnerabilities import severity_systems
from vulnerabilities.helpers import is_cve
from vulnerabilities.helpers import split_markdown_front_matter
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import GitImporter
from vulnerabilities.importer import Reference
from vulnerabilities.importer import VulnerabilitySeverity
from vulnerabilities.utils import is_cve
from vulnerabilities.utils import split_markdown_front_matter

REPOSITORY = "mozilla/foundation-security-advisories"
MFSA_FILENAME_RE = re.compile(r"mfsa(\d{4}-\d{2,3})\.(md|yml)$")
Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/nginx.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@
from univers.version_range import NginxVersionRange
from univers.versions import SemverVersion

from vulnerabilities.helpers import evolve_purl
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import AffectedPackage
from vulnerabilities.importer import Importer
Expand All @@ -45,6 +44,7 @@
from vulnerabilities.package_managers import GitHubTagsAPI
from vulnerabilities.package_managers import PackageVersion
from vulnerabilities.severity_systems import GENERIC
from vulnerabilities.utils import evolve_purl

logger = logging.getLogger(__name__)

Expand Down
4 changes: 2 additions & 2 deletions vulnerabilities/importers/npm.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,12 +33,12 @@
from univers.version_range import VersionRange
from univers.versions import SemverVersion

from vulnerabilities.helpers import load_json
from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import GitImporter
from vulnerabilities.importer import Reference
from vulnerabilities.package_managers import NpmVersionAPI
from vulnerabilities.utils import load_json
from vulnerabilities.utils import nearest_patched_package

NPM_URL = "https://registry.npmjs.org{}"

Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/nvd.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,14 @@
from django.db.models.query import QuerySet

from vulnerabilities import severity_systems
from vulnerabilities.helpers import get_item
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import Importer
from vulnerabilities.importer import Reference
from vulnerabilities.importer import VulnerabilitySeverity
from vulnerabilities.improver import Improver
from vulnerabilities.improver import Inference
from vulnerabilities.models import Advisory
from vulnerabilities.utils import get_item


class NVDImporter(Importer):
Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/importers/postgresql.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,11 @@
from packageurl import PackageURL

from vulnerabilities import severity_systems
from vulnerabilities.helpers import nearest_patched_package
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import Importer
from vulnerabilities.importer import Reference
from vulnerabilities.importer import VulnerabilitySeverity
from vulnerabilities.utils import nearest_patched_package


class PostgreSQLImporter(Importer):
Expand Down
4 changes: 2 additions & 2 deletions vulnerabilities/importers/project_kb_msr2019.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,11 @@
import csv
import urllib.request

from vulnerabilities.helpers import create_etag
from vulnerabilities.helpers import is_cve
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import Importer
from vulnerabilities.importer import Reference
from vulnerabilities.utils import create_etag
from vulnerabilities.utils import is_cve

# Reading CSV file from a url using `requests` is bit too complicated.
# Use `urllib.request` for that purpose.
Expand Down
Loading