Skip to content

Commit 90a2b44

Browse files
TG1999TG1999
committed
Migrate suse scoring importer
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
1 parent fe574fc commit 90a2b44

File tree

4 files changed

+69
-70
lines changed

4 files changed

+69
-70
lines changed

vulnerabilities/importers/suse_scores.py

Lines changed: 12 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@
77
# See https://aboutcode.org for more information about nexB OSS projects.
88
#
99

10+
from typing import Iterable
11+
1012
from vulnerabilities import severity_systems
1113
from vulnerabilities.importer import AdvisoryData
1214
from vulnerabilities.importer import Importer
@@ -18,20 +20,19 @@
1820

1921

2022
class SUSESeverityScoreImporter(Importer):
21-
def updated_advisories(self):
22-
advisories = []
23+
24+
spdx_license_expression = "LicenseRef-scoring"
25+
26+
def advisory_data(self) -> Iterable[AdvisoryData]:
2327
score_data = fetch_yaml(URL)
24-
advisories.append(self.to_advisory(score_data))
25-
return advisories
28+
yield from self.to_advisory(score_data)
2629

27-
@staticmethod
28-
def to_advisory(score_data):
30+
def to_advisory(self, score_data):
2931
systems_by_version = {
3032
"2.0": severity_systems.CVSSV2,
3133
"3": severity_systems.CVSSV3,
3234
"3.1": severity_systems.CVSSV31,
3335
}
34-
advisories = []
3536

3637
for cve_id in score_data:
3738
severities = []
@@ -47,11 +48,8 @@ def to_advisory(score_data):
4748
)
4849
severities.append(score)
4950

50-
advisories.append(
51-
AdvisoryData(
52-
vulnerability_id=cve_id,
53-
summary="",
54-
references=[Reference(url=URL, severities=severities)],
55-
)
51+
yield AdvisoryData(
52+
aliases=[cve_id],
53+
summary="",
54+
references=[Reference(url=URL, severities=severities)],
5655
)
57-
return advisories

vulnerabilities/tests/conftest.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,6 @@ def no_rmtree(monkeypatch):
4141
"test_safety_db.py",
4242
"test_suse_backports.py",
4343
"test_suse.py",
44-
"test_suse_scores.py",
4544
"test_ubuntu_usn.py",
4645
"test_upstream.py",
4746
]

vulnerabilities/tests/test_data/suse_scores/suse-cvss-scores-expected.json

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
[
2+
{
3+
"aliases": [
4+
"CVE-2004-0230"
5+
],
6+
"summary": "",
7+
"affected_packages": [],
8+
"references": [
9+
{
10+
"reference_id": "",
11+
"url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
12+
"severities": [
13+
{
14+
"system": "cvssv2",
15+
"value": "4.3",
16+
"scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P"
17+
},
18+
{
19+
"system": "cvssv3.1",
20+
"value": "3.7",
21+
"scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
22+
}
23+
]
24+
}
25+
],
26+
"date_published": null
27+
},
28+
{
29+
"aliases": [
30+
"CVE-2003-1605"
31+
],
32+
"summary": "",
33+
"affected_packages": [],
34+
"references": [
35+
{
36+
"reference_id": "",
37+
"url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
38+
"severities": [
39+
{
40+
"system": "cvssv3",
41+
"value": "8.6",
42+
"scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
43+
}
44+
]
45+
}
46+
],
47+
"date_published": null
48+
}
49+
]

vulnerabilities/tests/test_suse_scores.py

Lines changed: 8 additions & 55 deletions
Original file line numberDiff line numberDiff line change
@@ -8,65 +8,18 @@
88
#
99

1010
import os
11-
from unittest import TestCase
1211

13-
from vulnerabilities import severity_systems
14-
from vulnerabilities.importer import AdvisoryData
15-
from vulnerabilities.importer import Reference
16-
from vulnerabilities.importer import VulnerabilitySeverity
1712
from vulnerabilities.importers.suse_scores import SUSESeverityScoreImporter
13+
from vulnerabilities.tests import util_tests
1814
from vulnerabilities.utils import load_yaml
1915

2016
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
21-
TEST_DATA = os.path.join(BASE_DIR, "test_data/suse_scores", "suse-cvss-scores.yaml")
17+
TEST_DIR = os.path.join(BASE_DIR, "test_data/suse_scores")
2218

2319

24-
class TestSUSESeverityScoreImporter(TestCase):
25-
def test_to_advisory(self):
26-
raw_data = load_yaml(TEST_DATA)
27-
expected_data = [
28-
AdvisoryData(
29-
summary="",
30-
references=[
31-
Reference(
32-
reference_id="",
33-
url="https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
34-
severities=[
35-
VulnerabilitySeverity(
36-
system=severity_systems.CVSSV2,
37-
value="4.3",
38-
scoring_elements="AV:N/AC:M/Au:N/C:N/I:N/A:P",
39-
),
40-
VulnerabilitySeverity(
41-
system=severity_systems.CVSSV31,
42-
value="3.7",
43-
scoring_elements="CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
44-
),
45-
],
46-
)
47-
],
48-
vulnerability_id="CVE-2004-0230",
49-
),
50-
AdvisoryData(
51-
summary="",
52-
references=[
53-
Reference(
54-
reference_id="",
55-
url="https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
56-
severities=[
57-
VulnerabilitySeverity(
58-
system=severity_systems.CVSSV3,
59-
value="8.6",
60-
scoring_elements="CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
61-
),
62-
],
63-
)
64-
],
65-
vulnerability_id="CVE-2003-1605",
66-
),
67-
]
68-
69-
found_data = SUSESeverityScoreImporter.to_advisory(raw_data)
70-
found_advisories = list(map(AdvisoryData.normalized, found_data))
71-
expected_advisories = list(map(AdvisoryData.normalized, expected_data))
72-
assert sorted(found_advisories) == sorted(expected_advisories)
20+
def test_suse_score_import():
21+
raw_data = load_yaml(os.path.join(TEST_DIR, "suse-cvss-scores.yaml"))
22+
expected_file = os.path.join(TEST_DIR, "suse-cvss-scores-expected.json")
23+
advisories = list(SUSESeverityScoreImporter().to_advisory(raw_data))
24+
expected_advisories = [adv.to_dict() for adv in advisories]
25+
util_tests.check_results_against_json(expected_advisories, expected_file)

0 commit comments

Comments
 (0)