Update the pipeline to use https://web.archive.org/web/ endpoint no complex logic

Add a test

Signed-off-by: ziad hany <ziadhany2016@gmail.com>

Author: ziadhany

vulnerabilities/improvers/__init__.py

@@ -38,43 +38,43 @@
 
 IMPROVERS_REGISTRY = create_registry(
     [
-        valid_versions.GitHubBasicImprover,
-        valid_versions.GitLabBasicImprover,
-        valid_versions.NginxBasicImprover,
-        valid_versions.ApacheHTTPDImprover,
-        valid_versions.DebianBasicImprover,
-        valid_versions.NpmImprover,
-        valid_versions.ElixirImprover,
-        valid_versions.ApacheTomcatImprover,
-        valid_versions.ApacheKafkaImprover,
-        valid_versions.IstioImprover,
-        valid_versions.DebianOvalImprover,
-        valid_versions.UbuntuOvalImprover,
-        valid_versions.OSSFuzzImprover,
-        valid_versions.RubyImprover,
-        valid_versions.GithubOSVImprover,
-        vulnerability_status.VulnerabilityStatusImprover,
-        valid_versions.CurlImprover,
-        flag_ghost_packages.FlagGhostPackagePipeline,
-        enhance_with_kev.VulnerabilityKevPipeline,
-        enhance_with_metasploit.MetasploitImproverPipeline,
-        enhance_with_exploitdb.ExploitDBImproverPipeline,
-        compute_package_risk.ComputePackageRiskPipeline,
-        compute_package_version_rank.ComputeVersionRankPipeline,
-        add_cvss31_to_CVEs.CVEAdvisoryMappingPipeline,
-        remove_duplicate_advisories.RemoveDuplicateAdvisoriesPipeline,
-        populate_vulnerability_summary_pipeline.PopulateVulnerabilitySummariesPipeline,
-        exploitdb_v2.ExploitDBImproverPipeline,
-        enhance_with_kev_v2.VulnerabilityKevPipeline,
-        flag_ghost_packages_v2.FlagGhostPackagePipeline,
-        enhance_with_metasploit_v2.MetasploitImproverPipeline,
-        compute_package_risk_v2.ComputePackageRiskPipeline,
-        compute_version_rank_v2.ComputeVersionRankPipeline,
-        compute_advisory_todo_v2.ComputeToDo,
-        unfurl_version_range_v2.UnfurlVersionRangePipeline,
-        compute_advisory_todo.ComputeToDo,
-        collect_ssvc_trees.CollectSSVCPipeline,
-        relate_severities.RelateSeveritiesPipeline,
+        # valid_versions.GitHubBasicImprover,
+        # valid_versions.GitLabBasicImprover,
+        # valid_versions.NginxBasicImprover,
+        # valid_versions.ApacheHTTPDImprover,
+        # valid_versions.DebianBasicImprover,
+        # valid_versions.NpmImprover,
+        # valid_versions.ElixirImprover,
+        # valid_versions.ApacheTomcatImprover,
+        # valid_versions.ApacheKafkaImprover,
+        # valid_versions.IstioImprover,
+        # valid_versions.DebianOvalImprover,
+        # valid_versions.UbuntuOvalImprover,
+        # valid_versions.OSSFuzzImprover,
+        # valid_versions.RubyImprover,
+        # valid_versions.GithubOSVImprover,
+        # vulnerability_status.VulnerabilityStatusImprover,
+        # valid_versions.CurlImprover,
+        # flag_ghost_packages.FlagGhostPackagePipeline,
+        # enhance_with_kev.VulnerabilityKevPipeline,
+        # enhance_with_metasploit.MetasploitImproverPipeline,
+        # enhance_with_exploitdb.ExploitDBImproverPipeline,
+        # compute_package_risk.ComputePackageRiskPipeline,
+        # compute_package_version_rank.ComputeVersionRankPipeline,
+        # add_cvss31_to_CVEs.CVEAdvisoryMappingPipeline,
+        # remove_duplicate_advisories.RemoveDuplicateAdvisoriesPipeline,
+        # populate_vulnerability_summary_pipeline.PopulateVulnerabilitySummariesPipeline,
+        # exploitdb_v2.ExploitDBImproverPipeline,
+        # enhance_with_kev_v2.VulnerabilityKevPipeline,
+        # flag_ghost_packages_v2.FlagGhostPackagePipeline,
+        # enhance_with_metasploit_v2.MetasploitImproverPipeline,
+        # compute_package_risk_v2.ComputePackageRiskPipeline,
+        # compute_version_rank_v2.ComputeVersionRankPipeline,
+        # compute_advisory_todo_v2.ComputeToDo,
+        # unfurl_version_range_v2.UnfurlVersionRangePipeline,
+        # compute_advisory_todo.ComputeToDo,
+        # collect_ssvc_trees.CollectSSVCPipeline,
+        # relate_severities.RelateSeveritiesPipeline,
         archive_urls.ArchiveImproverPipeline,
     ]
 )

vulnerabilities/pipelines/v2_improvers/archive_urls.py

@@ -1,4 +1,3 @@
-#
 # Copyright (c) nexB Inc. and others. All rights reserved.
 # VulnerableCode is a trademark of nexB Inc.
 # SPDX-License-Identifier: Apache-2.0
@@ -8,10 +7,11 @@
 #
 
 import time
+
 import requests
+
 from vulnerabilities.models import AdvisoryReference
 from vulnerabilities.pipelines import VulnerableCodePipeline
-from vulnerabilities.wayback_machine import WaybackMachineSaveAPI
 
 
 class ArchiveImproverPipeline(VulnerableCodePipeline):
@@ -26,49 +26,38 @@ def steps(cls):
         return (cls.archive_urls,)
 
     def archive_urls(self):
-        advisory_refs = AdvisoryReference.objects.filter(archive_url__isnull=True).only("id", "url")
-
-        for advisory_ref in advisory_refs.iterator():
-
-            if not advisory_ref.url.startswith("http"):
+        """Get and stores archive URLs for AdvisoryReferences, flagging missing ones as NO_ARCHIVE"""
+        advisory_refs = (
+            AdvisoryReference.objects.filter(archive_url__isnull=True)
+            .exclude(archive_url="NO_ARCHIVE")
+            .only("id", "url")
+        )
+
+        for advisory_ref in advisory_refs:
+            url = advisory_ref.url
+            if not url or not url.startswith("http"):
                 continue
 
-            if not self.is_reachable_url(advisory_ref.url):
-                self.log(
-                    f"Skipping archival: URL is unreachable or returned 404: {advisory_ref.url}"
+            archive_url = self.get_archival(url)
+            if not archive_url:
+                AdvisoryReference.objects.filter(id=advisory_ref.id).update(
+                    archive_url="NO_ARCHIVE"
                 )
+                self.log(f"URL unreachable or returned no archive url: {url}")
                 continue
+            self.log(f"Found Archived Reference URL: {archive_url}")
+            AdvisoryReference.objects.filter(id=advisory_ref.id).update(archive_url=archive_url)
 
-            self.log(f"Requesting archival for: {advisory_ref.url}")
-            try:
-                time.sleep(300)
-                archive_url = self.request_archival(advisory_ref.url)
-                if not archive_url:
-                    continue
-
-                AdvisoryReference.objects.filter(id=advisory_ref.id).update(archive_url=archive_url)
-                self.log(f"Successfully added archival URL for advisory reference: {archive_url}")
-            except Exception as e:
-                self.log(f"Failed to archive {advisory_ref.url}: {str(e)}")
-
-    def request_archival(self, url):
-        user_agent = "Mozilla/5.0 (Windows NT 5.1; rv:40.0) Gecko/20100101 Firefox/40.0"
-        try:
-            save_api = WaybackMachineSaveAPI(url, user_agent)
-            return save_api.save()
-        except Exception as e:
-            self.log(f"Failed to archive {url}: {str(e)}")
-            return None
-
-    def is_reachable_url(self, url):
+    def get_archival(self, url):
+        self.log(f"Searching for archive URL for this Reference URL: {url}")
         try:
-            with requests.Session() as session:
-                head_res = session.head(url, allow_redirects=True, timeout=10)
-                if not head_res.status_code == 200:
-                    return False
-
-                get_res = session.get(url, allow_redirects=True, stream=True, timeout=10)
-                return get_res.status_code == 200
-
-        except requests.RequestException:
-            return False
+            archive_response = requests.get(
+                url=f"https://web.archive.org/web/{url}", allow_redirects=True
+            )
+            time.sleep(30)
+            if archive_response.status_code == 200:
+                return archive_response.url
+            elif archive_response.status_code == 403:
+                self.log(f"Wayback Machine permission denied for '{url}'.")
+        except requests.RequestException as e:
+            self.log(f"Error checking existing archival: {e}")

vulnerabilities/tests/pipelines/v2_improvers/test_archive_urls.py

@@ -0,0 +1,37 @@
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/aboutcode-org/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+from unittest.mock import MagicMock
+
+import pytest
+
+from vulnerabilities.models import AdvisoryReference
+from vulnerabilities.pipelines.v2_improvers.archive_urls import ArchiveImproverPipeline
+
+
+@pytest.mark.django_db
+def test_archive_urls_pipeline(monkeypatch):
+    advisory = AdvisoryReference.objects.create(url="https://example.com", archive_url=None)
+
+    mock_response = MagicMock()
+    mock_response.status_code = 200
+    mock_response.url = "https://web.archive.org/web/20250519082420/https://example.com"
+
+    monkeypatch.setattr(
+        f"vulnerabilities.pipelines.v2_improvers.archive_urls.time.sleep", MagicMock()
+    )
+    monkeypatch.setattr(
+        f"vulnerabilities.pipelines.v2_improvers.archive_urls.requests.get",
+        MagicMock(return_value=mock_response),
+    )
+
+    pipeline = ArchiveImproverPipeline()
+    pipeline.archive_urls()
+
+    advisory.refresh_from_db()
+    assert advisory.archive_url == "https://web.archive.org/web/20250519082420/https://example.com"