Fix tests

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>

Author: TG1999

vulnerabilities/importer.py

@@ -253,8 +253,8 @@ def from_dict(cls, data: dict):
 @dataclasses.dataclass(eq=True)
 @functools.total_ordering
 class PatchData:
-    patch_url: Optional[str] = None
-    patch_text: Optional[str] = None
+    patch_url: Optional[str] = ""
+    patch_text: Optional[str] = ""
     patch_checksum: Optional[str] = dataclasses.field(init=False, default=None)
 
     def __post_init__(self):
@@ -271,9 +271,9 @@ def __lt__(self, other):
 
     def _cmp_key(self):
         return (
-            self.patch_url,
-            self.patch_text,
-            self.patch_checksum,
+            self.patch_url or "",
+            self.patch_text or "",
+            self.patch_checksum or "",
         )
 
     def to_dict(self) -> dict:
@@ -556,13 +556,6 @@ def from_dict(cls, affected_pkg: dict):
 class AdvisoryData:
     """
     This data class expresses the contract between data sources and the import runner.
-
-    If a vulnerability_id is present then:
-        summary or affected_packages or references must be present
-    otherwise
-        either affected_package or references should be present
-
-    date_published must be aware datetime
     """
 
     aliases: List[str] = dataclasses.field(default_factory=list)
@@ -613,13 +606,6 @@ def from_dict(cls, advisory_data):
 class AdvisoryDataV2:
     """
     This data class expresses the contract between data sources and the import runner.
-
-    If a vulnerability_id is present then:
-        summary or affected_packages or references must be present
-    otherwise
-        either affected_package or references should be present
-
-    date_published must be aware datetime
     """
 
     advisory_id: str = ""

vulnerabilities/importers/curl.py

@@ -97,7 +97,7 @@ def parse_advisory_data(raw_data) -> AdvisoryData:
         ...     ]
         ... }
         >>> parse_advisory_data(raw_data)
-        AdvisoryData(advisory_id='', aliases=['CVE-2024-2379'], summary='QUIC certificate check bypass with wolfSSL', affected_packages=[AffectedPackage(package=PackageURL(type='generic', namespace='curl.se', name='curl', version=None, qualifiers={}, subpath=None), affected_version_range=GenericVersionRange(constraints=(VersionConstraint(comparator='=', version=SemverVersion(string='8.6.0')),)), fixed_version=SemverVersion(string='8.7.0'))], references=[Reference(reference_id='', reference_type='', url='https://curl.se/docs/CVE-2024-2379.html', severities=[VulnerabilitySeverity(system=Cvssv3ScoringSystem(identifier='cvssv3.1', name='CVSSv3.1 Base Score', url='https://www.first.org/cvss/v3-1/', notes='CVSSv3.1 base score and vector'), value='Low', scoring_elements='', published_at=None, url=None)]), Reference(reference_id='', reference_type='', url='https://hackerone.com/reports/2410774', severities=[])], references_v2=[], patches=[], date_published=datetime.datetime(2024, 3, 27, 8, 0, tzinfo=datetime.timezone.utc), weaknesses=[297], severities=[], url='https://curl.se/docs/CVE-2024-2379.json', original_advisory_text=None)
+        AdvisoryData(aliases=['CVE-2024-2379'], summary='QUIC certificate check bypass with wolfSSL', affected_packages=[AffectedPackage(package=PackageURL(type='generic', namespace='curl.se', name='curl', version=None, qualifiers={}, subpath=None), affected_version_range=GenericVersionRange(constraints=(VersionConstraint(comparator='=', version=SemverVersion(string='8.6.0')),)), fixed_version=SemverVersion(string='8.7.0'))], references=[Reference(reference_id='', reference_type='', url='https://curl.se/docs/CVE-2024-2379.html', severities=[VulnerabilitySeverity(system=Cvssv3ScoringSystem(identifier='cvssv3.1', name='CVSSv3.1 Base Score', url='https://www.first.org/cvss/v3-1/', notes='CVSSv3.1 base score and vector'), value='Low', scoring_elements='', published_at=None, url=None)]), Reference(reference_id='', reference_type='', url='https://hackerone.com/reports/2410774', severities=[])], date_published=datetime.datetime(2024, 3, 27, 8, 0, tzinfo=datetime.timezone.utc), weaknesses=[297], url='https://curl.se/docs/CVE-2024-2379.json')
     """
 
     affected = get_item(raw_data, "affected")[0] if len(get_item(raw_data, "affected")) > 0 else []

vulnerabilities/pipelines/v2_importers/debian_importer.py

@@ -16,6 +16,7 @@
 from univers.version_range import DebianVersionRange
 
 from vulnerabilities.importer import AdvisoryData
+from vulnerabilities.importer import AdvisoryDataV2
 from vulnerabilities.importer import AffectedPackageV2
 from vulnerabilities.importer import ReferenceV2
 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2
@@ -160,7 +161,7 @@ def parse(self, pkg_name: str, records: Mapping[str, Any]) -> Iterable[AdvisoryD
                 )
             weaknesses = get_cwe_from_debian_advisory(record)
 
-            yield AdvisoryData(
+            yield AdvisoryDataV2(
                 advisory_id=f"{pkg_name}/{record_identifier}",
                 aliases=[record_identifier],
                 summary=record.get("description", ""),

vulnerabilities/pipelines/v2_importers/istio_importer.py

@@ -119,7 +119,7 @@ def collect_advisories(self) -> Iterable[AdvisoryDataV2]:
                 aliases=cves,
                 summary=summary,
                 affected_packages=affected_packages,
-                references_v2=references,
+                references=references,
                 date_published=release_date,
                 url=advisory_url,
                 original_advisory_text=md_file.read_text(encoding="utf-8"),

vulnerabilities/pipelines/v2_importers/mattermost_importer.py

@@ -118,7 +118,7 @@ def collect_advisories(self) -> Iterable[AdvisoryDataV2]:
                 advisory_id=vuln_id,
                 aliases=[cve_id],
                 summary=details,
-                references_v2=[reference],
+                references=[reference],
                 affected_packages=affected_packages,
                 url=self.url,
             )

vulnerabilities/pipelines/v2_importers/mozilla_importer.py

@@ -119,7 +119,7 @@ def parse_yml_advisory(mfsa_id, lines, advisory_url) -> Iterable[AdvisoryDataV2]
             aliases=[],
             summary=mfsa_summary,
             affected_packages=affected_packages,
-            references_v2=[reference],
+            references=[reference],
             severities=[severity],
             url=advisory_url,
             date_published=date_parser.parse(date_published) if date_published else None,
@@ -141,7 +141,7 @@ def parse_yml_advisory(mfsa_id, lines, advisory_url) -> Iterable[AdvisoryDataV2]
             aliases=[cve],
             summary=mfsa_summary + "\n" + advisory_summary,
             affected_packages=affected_packages,
-            references_v2=[reference],
+            references=[reference],
             url=advisory_url,
             severities=[advisory_severity],
             date_published=date_parser.parse(date_published) if date_published else None,
@@ -165,7 +165,7 @@ def parse_md_advisory(mfsa_id, lines, advisory_url) -> Iterable[AdvisoryDataV2]:
         aliases=[],
         summary=description,
         affected_packages=affected_packages,
-        references_v2=[reference],
+        references=[reference],
         severities=[severity],
         url=advisory_url,
         date_published=date_parser.parse(data.get("announced")) if data.get("announced") else None,

vulnerabilities/pipelines/v2_importers/nginx_importer.py

@@ -145,7 +145,7 @@ def to_advisory_data(nginx_adv: NginxAdvisory) -> AdvisoryDataV2:
         aliases=nginx_adv.aliases,
         summary=nginx_adv.summary,
         affected_packages=affected_packages,
-        references_v2=nginx_adv.references,
+        references=nginx_adv.references,
         patches=nginx_adv.patches,
         url="https://nginx.org/en/security_advisories.html",
     )

vulnerabilities/pipelines/v2_importers/npm_importer.py

@@ -130,7 +130,7 @@ def to_advisory_data(self, file: Path) -> Iterable[AdvisoryDataV2]:
             summary=build_description(summary=summary, description=description),
             date_published=date_published,
             affected_packages=affected_packages,
-            references_v2=references,
+            references=references,
             severities=severities,
             url=f"https://github.com/nodejs/security-wg/blob/main/vuln/npm/{id}.json",
             original_advisory_text=advisory_text,

vulnerabilities/pipelines/v2_importers/ubuntu_osv_importer.py

@@ -12,7 +12,7 @@
 
 from fetchcode.vcs import fetch_via_vcs
 
-from vulnerabilities.importer import AdvisoryData
+from vulnerabilities.importer import AdvisoryDataV2
 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2
 from vulnerabilities.pipes.osv_v2 import parse_advisory_data_v3
 from vulnerabilities.utils import get_advisory_url
@@ -50,7 +50,7 @@ def advisories_count(self):
         cve_directory = self.advisories_path / "osv" / "cve"
         return sum(1 for _ in cve_directory.rglob("*.json"))
 
-    def collect_advisories(self) -> Iterable[AdvisoryData]:
+    def collect_advisories(self) -> Iterable[AdvisoryDataV2]:
         supported_ecosystems = ["deb"]
         cve_directory = self.advisories_path / "osv" / "cve"
 

vulnerabilities/tests/pipelines/v2_importers/test_apache_httpd_importer_pipeline_v2.py

@@ -10,7 +10,7 @@
 import pytest
 import requests
 
-from vulnerabilities.importer import AdvisoryData
+from vulnerabilities.importer import AdvisoryDataV2
 from vulnerabilities.pipelines.v2_importers.apache_httpd_importer import ApacheHTTPDImporterPipeline
 from vulnerabilities.pipelines.v2_importers.apache_httpd_importer import fetch_links
 from vulnerabilities.pipelines.v2_importers.apache_httpd_importer import get_weaknesses
@@ -140,7 +140,7 @@ def fake_get(u):
     assert len(advisories) == 2
     # Validate first advisory
     adv1 = advisories[0]
-    assert isinstance(adv1, AdvisoryData)
+    assert isinstance(adv1, AdvisoryDataV2)
     assert adv1.advisory_id == "CVE-1"
     assert adv1.summary == "Test desc"
     assert adv1.severities and adv1.severities[0].value == "5.0"