From 06c793c0d3936e2d3e6e48dfa4ed38dbf51497b6 Mon Sep 17 00:00:00 2001
From: Hritik Vijay <hritikxx8@gmail.com>
Date: Tue, 25 Jan 2022 17:55:50 +0530
Subject: [PATCH] Teeny weeny fixes

See diff please

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
Co-authored-by: Philippe Ombredanne <pombredanne@gmail.com>
---
 vulnerabilities/data_source.py                 |  1 -
 vulnerabilities/importers/nginx.py             |  4 ++--
 vulnerabilities/improve_runner.py              |  3 ++-
 vulnerabilities/improvers/__init__.py          |  4 ++--
 vulnerabilities/improvers/default.py           | 10 +++++++---
 vulnerabilities/management/commands/improve.py |  6 ++----
 vulnerabilities/models.py                      |  6 +++---
 7 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/vulnerabilities/data_source.py b/vulnerabilities/data_source.py
index 9794a8663..1882a41f6 100644
--- a/vulnerabilities/data_source.py
+++ b/vulnerabilities/data_source.py
@@ -152,7 +152,6 @@ def merge(affected_packages: Iterable):
                 fixed_versions.add(pkg.fixed_version)
             purls.add(pkg.package)
         if len(purls) > 1:
-            print(affected_packages)
             raise TypeError("Cannot merge with different purls", purls)
         return purls.pop(), affected_version_ranges, fixed_versions
 
diff --git a/vulnerabilities/importers/nginx.py b/vulnerabilities/importers/nginx.py
index 188024430..a24f9c457 100644
--- a/vulnerabilities/importers/nginx.py
+++ b/vulnerabilities/importers/nginx.py
@@ -58,7 +58,7 @@ class NginxDataSourceConfiguration(DataSourceConfiguration):
 class NginxDataSource(DataSource):
     CONFIG_CLASS = NginxDataSourceConfiguration
 
-    url = "http://nginx.org/en/security_advisories.html"
+    url = "https://nginx.org/en/security_advisories.html"
 
     def advisory_data(self) -> Iterable[AdvisoryData]:
         data = requests.get(self.url).content
@@ -239,7 +239,7 @@ def set_api(self):
         while self.version_api.cache["nginx/nginx"]:
             version = self.version_api.cache["nginx/nginx"].pop()
             normalized_version = Version(
-                version.value.replace("release-", ""), version.release_date
+                value=version.value.replace("release-", ""), release_date=version.release_date
             )
             normalized_versions.add(normalized_version)
         self.version_api.cache["nginx/nginx"] = normalized_versions
diff --git a/vulnerabilities/improve_runner.py b/vulnerabilities/improve_runner.py
index c43d4a646..77fe50f10 100644
--- a/vulnerabilities/improve_runner.py
+++ b/vulnerabilities/improve_runner.py
@@ -16,7 +16,8 @@
 
 
 class ImproveRunner:
-    """ImproveRunner is responsible for populating the database with any
+    """
+    ImproveRunner is responsible for populating the database with any
     consumable data. It does so in its ``run`` method by invoking the given
     improver and parsing the returned Inferences into proper database fields
     """
diff --git a/vulnerabilities/improvers/__init__.py b/vulnerabilities/improvers/__init__.py
index b214f88e6..6f036a63c 100644
--- a/vulnerabilities/improvers/__init__.py
+++ b/vulnerabilities/improvers/__init__.py
@@ -1,5 +1,5 @@
-from . import default
-from .. import importers
+from vulnerabilities.improvers import default
+from vulnerabilities import importers
 
 IMPROVER_REGISTRY = [default.DefaultImprover, importers.nginx.NginxBasicImprover]
 
diff --git a/vulnerabilities/improvers/default.py b/vulnerabilities/improvers/default.py
index f44a7d2f7..d3c4b9745 100644
--- a/vulnerabilities/improvers/default.py
+++ b/vulnerabilities/improvers/default.py
@@ -40,7 +40,7 @@ def get_inferences(self, advisory_data: AdvisoryData) -> Iterable[Inference]:
 
 def get_exact_purls(affected_package: AffectedPackage) -> (List[PackageURL], PackageURL):
     """
-    Return purls for fixed and affected packages contained in the given
+    Return a list of affected purls and the fixed package found in the ``affected_package``
     AffectedPackage disregarding any ranges.
 
     Only exact version constraints (ie with an equality) are considered
@@ -52,8 +52,12 @@ def get_exact_purls(affected_package: AffectedPackage) -> (List[PackageURL], Pac
     ...     "affected_version_range": vers,
     ...     "fixed_version": "5.0.0"
     ... })
-    >>> get_exact_purls(affected_package)
-    ([PackageURL(type='turtle', namespace=None, name='green', version='2.0.0', qualifiers={}, subpath=None)], PackageURL(type='turtle', namespace=None, name='green', version='5.0.0', qualifiers={}, subpath=None))
+    >>> got = get_exact_purls(affected_package)
+    >>> expected = (
+    ...     [PackageURL(type='turtle', namespace=None, name='green', version='2.0.0', qualifiers={}, subpath=None)],
+    ...      PackageURL(type='turtle', namespace=None, name='green', version='5.0.0', qualifiers={}, subpath=None)
+    ... )
+    >>> assert expected == got
     """
     affected_purls = set()
     all_constraints = affected_package.affected_version_range.constraints
diff --git a/vulnerabilities/management/commands/improve.py b/vulnerabilities/management/commands/improve.py
index 1c61f26b6..66bce82e9 100644
--- a/vulnerabilities/management/commands/improve.py
+++ b/vulnerabilities/management/commands/improve.py
@@ -65,10 +65,8 @@ def handle(self, *args, **options):
         self.improve_data(valid_sources(sources))
 
     def list_sources(self):
-        improvers = [
-            f"{improver.__module__}.{improver.__qualname__}" for improver in IMPROVER_REGISTRY
-        ]
-        self.stdout.write("Vulnerability data can be processed by these available improvers:")
+        improvers = [improver.qualified_name() for improver in IMPROVER_REGISTRY]
+        self.stdout.write("Vulnerability data can be processed by these available improvers:\n")
         self.stdout.write("\n".join(improvers))
 
     def improve_data(self, improvers):
diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
index c00bdeaf5..cb2875bac 100644
--- a/vulnerabilities/models.py
+++ b/vulnerabilities/models.py
@@ -114,7 +114,7 @@ def severities(self):
         return VulnerabilitySeverity.objects.filter(reference=self.id)
 
     class Meta:
-        unique_together = ("vulnerability", "url", "reference_id")
+        unique_together = ("vulnerability", "url", "reference_id",)
 
     def __str__(self):
         reference_id = " {self.reference_id}" if self.reference_id else ""
@@ -229,7 +229,7 @@ def update_or_create(self):
         Create if doesn't exist
         """
         try:
-            existing = self.__class__.objects.get(
+            existing = PackageRelatedVulnerability.objects.get(
                 vulnerability=self.vulnerability, package=self.package
             )
             if self.confidence > existing.confidence:
@@ -244,7 +244,7 @@ def update_or_create(self):
                 )
 
         except self.DoesNotExist:
-            self.__class__.objects.create(
+            PackageRelatedVulnerability.objects.create(
                 vulnerability=self.vulnerability,
                 created_by=self.created_by,
                 package=self.package,