diff --git a/vulnerabilities/importers/ubuntu_usn.py b/vulnerabilities/importers/ubuntu_usn.py index 32cccaee1..2810b19a0 100644 --- a/vulnerabilities/importers/ubuntu_usn.py +++ b/vulnerabilities/importers/ubuntu_usn.py @@ -67,10 +67,6 @@ def to_advisories(usn_db): advisories = [] for usn in usn_db: reference = get_usn_references(usn_db[usn]["id"]) - for release in usn_db[usn]["releases"]: - pkg_dict = usn_db[usn]["releases"][release] - safe_purls = get_purls(pkg_dict) - for cve in usn_db[usn].get("cves", [""]): # The db sometimes contains entries like # {'cves': ['python-pgsql vulnerabilities', 'CVE-2006-2313', 'CVE-2006-2314']} @@ -81,8 +77,6 @@ def to_advisories(usn_db): advisories.append( Advisory( vulnerability_id=cve, - impacted_package_urls=[], - resolved_package_urls=safe_purls, summary="", references=[reference], ) @@ -100,39 +94,3 @@ def fetch(url): raw_data = bz2.decompress(response) return json.loads(raw_data) - - -def get_purls(pkg_dict): - purls = set() - for pkg_name in pkg_dict.get("sources", []): - version = pkg_dict["sources"][pkg_name]["version"] - # The db sometimes contains entries like {'postgresql': {'version': ''}} - # This `if` ignores such entries - if not version: - continue - - purls.add( - PackageURL( - name=pkg_name, - version=version, - type="deb", - namespace="ubuntu", - ) - ) - - for pkg_name in pkg_dict["binaries"]: - version = pkg_dict["binaries"][pkg_name]["version"] - # The db sometimes contains entries like {'postgresql': {'version': ''}} - # This `if` ignores such entries - if not version: - continue - - purls.add( - PackageURL( - name=pkg_name, - version=version, - type="deb", - namespace="ubuntu", - ) - ) - return purls diff --git a/vulnerabilities/tests/test_ubuntu_usn.py b/vulnerabilities/tests/test_ubuntu_usn.py index 7e2529f4f..7d94781eb 100644 --- a/vulnerabilities/tests/test_ubuntu_usn.py +++ b/vulnerabilities/tests/test_ubuntu_usn.py @@ -65,95 +65,11 @@ def test_fetch(self): with patch("vulnerabilities.importers.ubuntu_usn.requests.get", return_value=mock_response): assert ubuntu_usn.fetch("www.db.com") == self.db - def test_get_purls(self): - - eg_pkg_dict_1 = self.db["763-1"]["releases"]["hardy"] - eg_pkg_dict_2 = self.db["763-1"]["releases"]["dapper"] - eg_pkg_dict_3 = self.db["763-1"]["releases"]["intrepid"] - - exp_pkgs_1 = { - PackageURL( - type="deb", - namespace="ubuntu", - name="xine-lib", - version="1.1.11.1-1ubuntu3.4", - qualifiers=OrderedDict(), - subpath=None, - ), - PackageURL( - type="deb", - namespace="ubuntu", - name="libxine1", - version="1.1.11.1-1ubuntu3.4", - qualifiers=OrderedDict(), - subpath=None, - ), - } - exp_pkgs_2 = { - PackageURL( - type="deb", - namespace="ubuntu", - name="libxine-main1", - version="1.1.1+ubuntu2-7.12", - qualifiers=OrderedDict(), - subpath=None, - ), - PackageURL( - type="deb", - namespace="ubuntu", - name="xine-lib", - version="1.1.1+ubuntu2-7.12", - qualifiers=OrderedDict(), - subpath=None, - ), - } - exp_pkgs_3 = { - PackageURL( - type="deb", - namespace="ubuntu", - name="xine-lib", - version="1.1.15-0ubuntu3.3", - qualifiers=OrderedDict(), - subpath=None, - ), - PackageURL( - type="deb", - namespace="ubuntu", - name="libxine1", - version="1.1.15-0ubuntu3.3", - qualifiers=OrderedDict(), - subpath=None, - ), - } - - assert exp_pkgs_1 == ubuntu_usn.get_purls(eg_pkg_dict_1) - assert exp_pkgs_2 == ubuntu_usn.get_purls(eg_pkg_dict_2) - assert exp_pkgs_3 == ubuntu_usn.get_purls(eg_pkg_dict_3) - def test_to_advisories(self): expected_advisories = [ Advisory( summary="", - impacted_package_urls=[], - resolved_package_urls={ - PackageURL( - type="deb", - namespace="ubuntu", - name="xine-lib", - version="1.1.15-0ubuntu3.3", - qualifiers=OrderedDict(), - subpath=None, - ), - PackageURL( - type="deb", - namespace="ubuntu", - name="libxine1", - version="1.1.15-0ubuntu3.3", - qualifiers=OrderedDict(), - subpath=None, - ), - }, references=[ Reference(url="https://usn.ubuntu.com/763-1/", reference_id="USN-763-1") ], @@ -161,25 +77,6 @@ def test_to_advisories(self): ), Advisory( summary="", - impacted_package_urls=[], - resolved_package_urls={ - PackageURL( - type="deb", - namespace="ubuntu", - name="xine-lib", - version="1.1.15-0ubuntu3.3", - qualifiers=OrderedDict(), - subpath=None, - ), - PackageURL( - type="deb", - namespace="ubuntu", - name="libxine1", - version="1.1.15-0ubuntu3.3", - qualifiers=OrderedDict(), - subpath=None, - ), - }, references=[ Reference(url="https://usn.ubuntu.com/763-1/", reference_id="USN-763-1") ],