From abbb3e2e74a83c015bc4c9d384e690d1a65f47c9 Mon Sep 17 00:00:00 2001 From: Shivam Sandbhor Date: Mon, 12 Apr 2021 11:36:26 +0530 Subject: [PATCH] Disable suse backport importer and refactor suse score importer Signed-off-by: Shivam Sandbhor --- vulnerabilities/importer_yielder.py | 14 +- vulnerabilities/importers/__init__.py | 3 +- vulnerabilities/importers/suse_scores.py | 1 - vulnerabilities/tests/test_suse_backports.py | 248 +++++++++---------- vulnerabilities/tests/test_suse_scores.py | 4 - 5 files changed, 133 insertions(+), 137 deletions(-) diff --git a/vulnerabilities/importer_yielder.py b/vulnerabilities/importer_yielder.py index ebcd51079..1a524a114 100644 --- a/vulnerabilities/importer_yielder.py +++ b/vulnerabilities/importer_yielder.py @@ -97,13 +97,13 @@ "data_source": "RetireDotnetDataSource", "data_source_cfg": {"repository_url": "https://github.com/RetireNet/Packages.git"}, }, - { - "name": "suse_backports", - "license": "", - "last_run": None, - "data_source": "SUSEBackportsDataSource", - "data_source_cfg": {"url": "http://ftp.suse.com/pub/projects/security/yaml/", "etags": {}}, - }, + # { + # "name": "suse_backports", + # "license": "", + # "last_run": None, + # "data_source": "SUSEBackportsDataSource", + # "data_source_cfg": {"url": "http://ftp.suse.com/pub/projects/security/yaml/", "etags": {}}, + # }, { "name": "suse_scores", "license": "", diff --git a/vulnerabilities/importers/__init__.py b/vulnerabilities/importers/__init__.py index fdf12025a..f7387df61 100644 --- a/vulnerabilities/importers/__init__.py +++ b/vulnerabilities/importers/__init__.py @@ -43,8 +43,9 @@ from vulnerabilities.importers.ruby import RubyDataSource from vulnerabilities.importers.rust import RustDataSource from vulnerabilities.importers.safety_db import SafetyDbDataSource -from vulnerabilities.importers.suse_backports import SUSEBackportsDataSource from vulnerabilities.importers.suse_scores import SUSESeverityScoreDataSource from vulnerabilities.importers.ubuntu import UbuntuDataSource from vulnerabilities.importers.ubuntu_usn import UbuntuUSNDataSource from vulnerabilities.importers.istio import IstioDataSource + +# from vulnerabilities.importers.suse_backports import SUSEBackportsDataSource diff --git a/vulnerabilities/importers/suse_scores.py b/vulnerabilities/importers/suse_scores.py index 55f7cf304..cd01abe90 100644 --- a/vulnerabilities/importers/suse_scores.py +++ b/vulnerabilities/importers/suse_scores.py @@ -75,7 +75,6 @@ def to_advisory(score_data): Advisory( vulnerability_id=cve_id, summary="", - impacted_package_urls=[], references=[Reference(url=URL, severities=severities)], ) ) diff --git a/vulnerabilities/tests/test_suse_backports.py b/vulnerabilities/tests/test_suse_backports.py index 9d4c0c1f5..479fa7e2e 100644 --- a/vulnerabilities/tests/test_suse_backports.py +++ b/vulnerabilities/tests/test_suse_backports.py @@ -1,135 +1,135 @@ -# Copyright (c) 2017 nexB Inc. and others. All rights reserved. -# http://nexb.com and https://github.com/nexB/vulnerablecode/ -# The VulnerableCode software is licensed under the Apache License version 2.0. -# Data generated with VulnerableCode require an acknowledgment. -# -# You may not use this software except in compliance with the License. -# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software distributed -# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR -# CONDITIONS OF ANY KIND, either express or implied. See the License for the -# specific language governing permissions and limitations under the License. -# -# When you publish or redistribute any data created with VulnerableCode or any VulnerableCode -# derivative work, you must accompany this data with the following acknowledgment: -# -# Generated with VulnerableCode and provided on an "AS IS" BASIS, WITHOUT WARRANTIES -# OR CONDITIONS OF ANY KIND, either express or implied. No content created from -# VulnerableCode should be considered or used as legal advice. Consult an Attorney -# for any legal advice. -# VulnerableCode is a free software code scanning tool from nexB Inc. and others. -# Visit https://github.com/nexB/vulnerablecode/ for support and download. +# # Copyright (c) 2017 nexB Inc. and others. All rights reserved. +# # http://nexb.com and https://github.com/nexB/vulnerablecode/ +# # The VulnerableCode software is licensed under the Apache License version 2.0. +# # Data generated with VulnerableCode require an acknowledgment. +# # +# # You may not use this software except in compliance with the License. +# # You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0 +# # Unless required by applicable law or agreed to in writing, software distributed +# # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR +# # CONDITIONS OF ANY KIND, either express or implied. See the License for the +# # specific language governing permissions and limitations under the License. +# # +# # When you publish or redistribute any data created with VulnerableCode or any VulnerableCode +# # derivative work, you must accompany this data with the following acknowledgment: +# # +# # Generated with VulnerableCode and provided on an "AS IS" BASIS, WITHOUT WARRANTIES +# # OR CONDITIONS OF ANY KIND, either express or implied. No content created from +# # VulnerableCode should be considered or used as legal advice. Consult an Attorney +# # for any legal advice. +# # VulnerableCode is a free software code scanning tool from nexB Inc. and others. +# # Visit https://github.com/nexB/vulnerablecode/ for support and download. -from collections import OrderedDict -import os -from unittest import TestCase -import yaml +# from collections import OrderedDict +# import os +# from unittest import TestCase +# import yaml -from packageurl import PackageURL +# from packageurl import PackageURL -from vulnerabilities.importers.suse_backports import SUSEBackportsDataSource -from vulnerabilities.data_source import Advisory +# from vulnerabilities.importers.suse_backports import SUSEBackportsDataSource +# from vulnerabilities.data_source import Advisory -BASE_DIR = os.path.dirname(os.path.abspath(__file__)) +# BASE_DIR = os.path.dirname(os.path.abspath(__file__)) -def yaml_loader(): - path = os.path.join(BASE_DIR, "test_data/suse_backports/") - yaml_files = {} - for file in os.listdir(path): - with open(os.path.join(path, file)) as f: - yaml_files[file] = yaml.safe_load(f) - return yaml_files +# def yaml_loader(): +# path = os.path.join(BASE_DIR, "test_data/suse_backports/") +# yaml_files = {} +# for file in os.listdir(path): +# with open(os.path.join(path, file)) as f: +# yaml_files[file] = yaml.safe_load(f) +# return yaml_files -class TestSUSEBackportsDataSource(TestCase): - @classmethod - def setUpClass(cls): - data_source_cfg = {"url": "https://endpoint.com", "etags": {}} - cls.data_src = SUSEBackportsDataSource(1, config=data_source_cfg) +# class TestSUSEBackportsDataSource(TestCase): +# @classmethod +# def setUpClass(cls): +# data_source_cfg = {"url": "https://endpoint.com", "etags": {}} +# cls.data_src = SUSEBackportsDataSource(1, config=data_source_cfg) - def test_process_file(self): - parsed_yamls = yaml_loader() - expected_data = [ - Advisory( - summary="", - impacted_package_urls=[], - resolved_package_urls=[ - PackageURL( - type="rpm", - namespace="opensuse", - name="MozillaFirefox", - version="3.0.10-1.1.1", - qualifiers=OrderedDict(), - subpath=None, - ) - ], - vulnerability_id="CVE-2009-1313", - ), - Advisory( - summary="", - impacted_package_urls=[], - resolved_package_urls=[ - PackageURL( - type="rpm", - namespace="opensuse", - name="MozillaFirefox-branding-SLED", - version="3.5-1.1.5", - qualifiers=OrderedDict(), - subpath=None, - ) - ], - vulnerability_id="CVE-2009-1313", - ), - Advisory( - summary="", - impacted_package_urls=[], - resolved_package_urls=[ - PackageURL( - type="rpm", - namespace="opensuse", - name="MozillaFirefox-translations", - version="3.0.10-1.1.1", - qualifiers=OrderedDict(), - subpath=None, - ) - ], - vulnerability_id="CVE-2009-1313", - ), - Advisory( - summary="", - impacted_package_urls=[], - resolved_package_urls=[ - PackageURL( - type="rpm", - namespace="opensuse", - name="NetworkManager", - version="0.7.0.r4359-15.9.2", - qualifiers=OrderedDict(), - subpath=None, - ) - ], - vulnerability_id="CVE-2009-0365", - ), - Advisory( - summary="", - impacted_package_urls=[], - resolved_package_urls=[ - PackageURL( - type="rpm", - namespace="opensuse", - name="NetworkManager", - version="0.7.0.r4359-15.9.2", - qualifiers=OrderedDict(), - subpath=None, - ) - ], - vulnerability_id="CVE-2009-0578", - ), - ] +# def test_process_file(self): +# parsed_yamls = yaml_loader() +# expected_data = [ +# Advisory( +# summary="", +# impacted_package_urls=[], +# resolved_package_urls=[ +# PackageURL( +# type="rpm", +# namespace="opensuse", +# name="MozillaFirefox", +# version="3.0.10-1.1.1", +# qualifiers=OrderedDict(), +# subpath=None, +# ) +# ], +# vulnerability_id="CVE-2009-1313", +# ), +# Advisory( +# summary="", +# impacted_package_urls=[], +# resolved_package_urls=[ +# PackageURL( +# type="rpm", +# namespace="opensuse", +# name="MozillaFirefox-branding-SLED", +# version="3.5-1.1.5", +# qualifiers=OrderedDict(), +# subpath=None, +# ) +# ], +# vulnerability_id="CVE-2009-1313", +# ), +# Advisory( +# summary="", +# impacted_package_urls=[], +# resolved_package_urls=[ +# PackageURL( +# type="rpm", +# namespace="opensuse", +# name="MozillaFirefox-translations", +# version="3.0.10-1.1.1", +# qualifiers=OrderedDict(), +# subpath=None, +# ) +# ], +# vulnerability_id="CVE-2009-1313", +# ), +# Advisory( +# summary="", +# impacted_package_urls=[], +# resolved_package_urls=[ +# PackageURL( +# type="rpm", +# namespace="opensuse", +# name="NetworkManager", +# version="0.7.0.r4359-15.9.2", +# qualifiers=OrderedDict(), +# subpath=None, +# ) +# ], +# vulnerability_id="CVE-2009-0365", +# ), +# Advisory( +# summary="", +# impacted_package_urls=[], +# resolved_package_urls=[ +# PackageURL( +# type="rpm", +# namespace="opensuse", +# name="NetworkManager", +# version="0.7.0.r4359-15.9.2", +# qualifiers=OrderedDict(), +# subpath=None, +# ) +# ], +# vulnerability_id="CVE-2009-0578", +# ), +# ] - found_data = self.data_src.process_file(parsed_yamls["backports-sle11-sp0.yaml"]) +# found_data = self.data_src.process_file(parsed_yamls["backports-sle11-sp0.yaml"]) - found_advisories = list(map(Advisory.normalized, found_data)) - expected_advisories = list(map(Advisory.normalized, expected_data)) - assert sorted(found_advisories) == sorted(expected_advisories) +# found_advisories = list(map(Advisory.normalized, found_data)) +# expected_advisories = list(map(Advisory.normalized, expected_data)) +# assert sorted(found_advisories) == sorted(expected_advisories) diff --git a/vulnerabilities/tests/test_suse_scores.py b/vulnerabilities/tests/test_suse_scores.py index 4340e40db..f136ddb6b 100644 --- a/vulnerabilities/tests/test_suse_scores.py +++ b/vulnerabilities/tests/test_suse_scores.py @@ -40,8 +40,6 @@ def test_to_advisory(self): expected_data = [ Advisory( summary="", - impacted_package_urls=[], - resolved_package_urls=[], references=[ Reference( reference_id="", @@ -90,8 +88,6 @@ def test_to_advisory(self): ), Advisory( summary="", - impacted_package_urls=[], - resolved_package_urls=[], references=[ Reference( reference_id="",