Disable suse backport importer and refactor suse score importer

Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
aboutcode-org · Apr 12, 2021 · abbb3e2 · abbb3e2
1 parent 3691ed2
commit abbb3e2
Show file tree

Hide file tree

Showing 5 changed files with 133 additions and 137 deletions.
diff --git a/vulnerabilities/importer_yielder.py b/vulnerabilities/importer_yielder.py
@@ -97,13 +97,13 @@
         "data_source": "RetireDotnetDataSource",
         "data_source_cfg": {"repository_url": "https://github.com/RetireNet/Packages.git"},
     },
-    {
-        "name": "suse_backports",
-        "license": "",
-        "last_run": None,
-        "data_source": "SUSEBackportsDataSource",
-        "data_source_cfg": {"url": "http://ftp.suse.com/pub/projects/security/yaml/", "etags": {}},
-    },
+    # {
+    #     "name": "suse_backports",
+    #     "license": "",
+    #     "last_run": None,
+    #     "data_source": "SUSEBackportsDataSource",
+    #     "data_source_cfg": {"url": "http://ftp.suse.com/pub/projects/security/yaml/", "etags": {}},
+    # },
     {
         "name": "suse_scores",
         "license": "",

diff --git a/vulnerabilities/importers/__init__.py b/vulnerabilities/importers/__init__.py
@@ -43,8 +43,9 @@
 from vulnerabilities.importers.ruby import RubyDataSource
 from vulnerabilities.importers.rust import RustDataSource
 from vulnerabilities.importers.safety_db import SafetyDbDataSource
-from vulnerabilities.importers.suse_backports import SUSEBackportsDataSource
 from vulnerabilities.importers.suse_scores import SUSESeverityScoreDataSource
 from vulnerabilities.importers.ubuntu import UbuntuDataSource
 from vulnerabilities.importers.ubuntu_usn import UbuntuUSNDataSource
 from vulnerabilities.importers.istio import IstioDataSource
+
+# from vulnerabilities.importers.suse_backports import SUSEBackportsDataSource
diff --git a/vulnerabilities/importers/suse_scores.py b/vulnerabilities/importers/suse_scores.py
@@ -75,7 +75,6 @@ def to_advisory(score_data):
                 Advisory(
                     vulnerability_id=cve_id,
                     summary="",
-                    impacted_package_urls=[],
                     references=[Reference(url=URL, severities=severities)],
                 )
             )

diff --git a/vulnerabilities/tests/test_suse_backports.py b/vulnerabilities/tests/test_suse_backports.py
@@ -1,135 +1,135 @@
-# Copyright (c) 2017 nexB Inc. and others. All rights reserved.
-# http://nexb.com and https://github.com/nexB/vulnerablecode/
-# The VulnerableCode software is licensed under the Apache License version 2.0.
-# Data generated with VulnerableCode require an acknowledgment.
-#
-# You may not use this software except in compliance with the License.
-# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-#
-# When you publish or redistribute any data created with VulnerableCode or any VulnerableCode
-# derivative work, you must accompany this data with the following acknowledgment:
-#
-#  Generated with VulnerableCode and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
-#  OR CONDITIONS OF ANY KIND, either express or implied. No content created from
-#  VulnerableCode should be considered or used as legal advice. Consult an Attorney
-#  for any legal advice.
-#  VulnerableCode is a free software code scanning tool from nexB Inc. and others.
-#  Visit https://github.com/nexB/vulnerablecode/ for support and download.
+# # Copyright (c) 2017 nexB Inc. and others. All rights reserved.
+# # http://nexb.com and https://github.com/nexB/vulnerablecode/
+# # The VulnerableCode software is licensed under the Apache License version 2.0.
+# # Data generated with VulnerableCode require an acknowledgment.
+# #
+# # You may not use this software except in compliance with the License.
+# # You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
+# # Unless required by applicable law or agreed to in writing, software distributed
+# # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# # CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# # specific language governing permissions and limitations under the License.
+# #
+# # When you publish or redistribute any data created with VulnerableCode or any VulnerableCode
+# # derivative work, you must accompany this data with the following acknowledgment:
+# #
+# #  Generated with VulnerableCode and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
+# #  OR CONDITIONS OF ANY KIND, either express or implied. No content created from
+# #  VulnerableCode should be considered or used as legal advice. Consult an Attorney
+# #  for any legal advice.
+# #  VulnerableCode is a free software code scanning tool from nexB Inc. and others.
+# #  Visit https://github.com/nexB/vulnerablecode/ for support and download.
 
-from collections import OrderedDict
-import os
-from unittest import TestCase
-import yaml
+# from collections import OrderedDict
+# import os
+# from unittest import TestCase
+# import yaml
 
-from packageurl import PackageURL
+# from packageurl import PackageURL
 
-from vulnerabilities.importers.suse_backports import SUSEBackportsDataSource
-from vulnerabilities.data_source import Advisory
+# from vulnerabilities.importers.suse_backports import SUSEBackportsDataSource
+# from vulnerabilities.data_source import Advisory
 
-BASE_DIR = os.path.dirname(os.path.abspath(__file__))
+# BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 
 
-def yaml_loader():
-    path = os.path.join(BASE_DIR, "test_data/suse_backports/")
-    yaml_files = {}
-    for file in os.listdir(path):
-        with open(os.path.join(path, file)) as f:
-            yaml_files[file] = yaml.safe_load(f)
-    return yaml_files
+# def yaml_loader():
+#     path = os.path.join(BASE_DIR, "test_data/suse_backports/")
+#     yaml_files = {}
+#     for file in os.listdir(path):
+#         with open(os.path.join(path, file)) as f:
+#             yaml_files[file] = yaml.safe_load(f)
+#     return yaml_files
 
 
-class TestSUSEBackportsDataSource(TestCase):
-    @classmethod
-    def setUpClass(cls):
-        data_source_cfg = {"url": "https://endpoint.com", "etags": {}}
-        cls.data_src = SUSEBackportsDataSource(1, config=data_source_cfg)
+# class TestSUSEBackportsDataSource(TestCase):
+#     @classmethod
+#     def setUpClass(cls):
+#         data_source_cfg = {"url": "https://endpoint.com", "etags": {}}
+#         cls.data_src = SUSEBackportsDataSource(1, config=data_source_cfg)
 
-    def test_process_file(self):
-        parsed_yamls = yaml_loader()
-        expected_data = [
-            Advisory(
-                summary="",
-                impacted_package_urls=[],
-                resolved_package_urls=[
-                    PackageURL(
-                        type="rpm",
-                        namespace="opensuse",
-                        name="MozillaFirefox",
-                        version="3.0.10-1.1.1",
-                        qualifiers=OrderedDict(),
-                        subpath=None,
-                    )
-                ],
-                vulnerability_id="CVE-2009-1313",
-            ),
-            Advisory(
-                summary="",
-                impacted_package_urls=[],
-                resolved_package_urls=[
-                    PackageURL(
-                        type="rpm",
-                        namespace="opensuse",
-                        name="MozillaFirefox-branding-SLED",
-                        version="3.5-1.1.5",
-                        qualifiers=OrderedDict(),
-                        subpath=None,
-                    )
-                ],
-                vulnerability_id="CVE-2009-1313",
-            ),
-            Advisory(
-                summary="",
-                impacted_package_urls=[],
-                resolved_package_urls=[
-                    PackageURL(
-                        type="rpm",
-                        namespace="opensuse",
-                        name="MozillaFirefox-translations",
-                        version="3.0.10-1.1.1",
-                        qualifiers=OrderedDict(),
-                        subpath=None,
-                    )
-                ],
-                vulnerability_id="CVE-2009-1313",
-            ),
-            Advisory(
-                summary="",
-                impacted_package_urls=[],
-                resolved_package_urls=[
-                    PackageURL(
-                        type="rpm",
-                        namespace="opensuse",
-                        name="NetworkManager",
-                        version="0.7.0.r4359-15.9.2",
-                        qualifiers=OrderedDict(),
-                        subpath=None,
-                    )
-                ],
-                vulnerability_id="CVE-2009-0365",
-            ),
-            Advisory(
-                summary="",
-                impacted_package_urls=[],
-                resolved_package_urls=[
-                    PackageURL(
-                        type="rpm",
-                        namespace="opensuse",
-                        name="NetworkManager",
-                        version="0.7.0.r4359-15.9.2",
-                        qualifiers=OrderedDict(),
-                        subpath=None,
-                    )
-                ],
-                vulnerability_id="CVE-2009-0578",
-            ),
-        ]
+#     def test_process_file(self):
+#         parsed_yamls = yaml_loader()
+#         expected_data = [
+#             Advisory(
+#                 summary="",
+#                 impacted_package_urls=[],
+#                 resolved_package_urls=[
+#                     PackageURL(
+#                         type="rpm",
+#                         namespace="opensuse",
+#                         name="MozillaFirefox",
+#                         version="3.0.10-1.1.1",
+#                         qualifiers=OrderedDict(),
+#                         subpath=None,
+#                     )
+#                 ],
+#                 vulnerability_id="CVE-2009-1313",
+#             ),
+#             Advisory(
+#                 summary="",
+#                 impacted_package_urls=[],
+#                 resolved_package_urls=[
+#                     PackageURL(
+#                         type="rpm",
+#                         namespace="opensuse",
+#                         name="MozillaFirefox-branding-SLED",
+#                         version="3.5-1.1.5",
+#                         qualifiers=OrderedDict(),
+#                         subpath=None,
+#                     )
+#                 ],
+#                 vulnerability_id="CVE-2009-1313",
+#             ),
+#             Advisory(
+#                 summary="",
+#                 impacted_package_urls=[],
+#                 resolved_package_urls=[
+#                     PackageURL(
+#                         type="rpm",
+#                         namespace="opensuse",
+#                         name="MozillaFirefox-translations",
+#                         version="3.0.10-1.1.1",
+#                         qualifiers=OrderedDict(),
+#                         subpath=None,
+#                     )
+#                 ],
+#                 vulnerability_id="CVE-2009-1313",
+#             ),
+#             Advisory(
+#                 summary="",
+#                 impacted_package_urls=[],
+#                 resolved_package_urls=[
+#                     PackageURL(
+#                         type="rpm",
+#                         namespace="opensuse",
+#                         name="NetworkManager",
+#                         version="0.7.0.r4359-15.9.2",
+#                         qualifiers=OrderedDict(),
+#                         subpath=None,
+#                     )
+#                 ],
+#                 vulnerability_id="CVE-2009-0365",
+#             ),
+#             Advisory(
+#                 summary="",
+#                 impacted_package_urls=[],
+#                 resolved_package_urls=[
+#                     PackageURL(
+#                         type="rpm",
+#                         namespace="opensuse",
+#                         name="NetworkManager",
+#                         version="0.7.0.r4359-15.9.2",
+#                         qualifiers=OrderedDict(),
+#                         subpath=None,
+#                     )
+#                 ],
+#                 vulnerability_id="CVE-2009-0578",
+#             ),
+#         ]
 
-        found_data = self.data_src.process_file(parsed_yamls["backports-sle11-sp0.yaml"])
+#         found_data = self.data_src.process_file(parsed_yamls["backports-sle11-sp0.yaml"])
 
-        found_advisories = list(map(Advisory.normalized, found_data))
-        expected_advisories = list(map(Advisory.normalized, expected_data))
-        assert sorted(found_advisories) == sorted(expected_advisories)
+#         found_advisories = list(map(Advisory.normalized, found_data))
+#         expected_advisories = list(map(Advisory.normalized, expected_data))
+#         assert sorted(found_advisories) == sorted(expected_advisories)
diff --git a/vulnerabilities/tests/test_suse_scores.py b/vulnerabilities/tests/test_suse_scores.py
@@ -40,8 +40,6 @@ def test_to_advisory(self):
         expected_data = [
             Advisory(
                 summary="",
-                impacted_package_urls=[],
-                resolved_package_urls=[],
                 references=[
                     Reference(
                         reference_id="",
@@ -90,8 +88,6 @@ def test_to_advisory(self):
             ),
             Advisory(
                 summary="",
-                impacted_package_urls=[],
-                resolved_package_urls=[],
                 references=[
                     Reference(
                         reference_id="",