Skip to content

Commit 7b73307

Browse files
TG1999TG1999
committed
Add postgresql importer
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
1 parent 8b8f4f6 commit 7b73307

File tree

2 files changed

+43
-74
lines changed

2 files changed

+43
-74
lines changed

vulnerabilities/pipelines/v2_importers/postgresql_importer.py

Lines changed: 4 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -43,17 +43,13 @@ def steps(cls):
4343
return (cls.collect_and_store_advisories,)
4444

4545
def advisories_count(self) -> int:
46-
if not self.links:
47-
self.collect_links()
48-
return len(self.links)
46+
return 30
4947

5048
def collect_advisories(self) -> Iterable[AdvisoryData]:
51-
if not self.links:
52-
self.collect_links()
49+
url = "https://www.postgresql.org/support/security/"
5350

54-
for url in self.links:
55-
data = requests.get(url).content
56-
yield from self.to_advisories(data, url)
51+
data = requests.get(url).content
52+
yield from self.to_advisories(data, url)
5753

5854
def collect_links(self):
5955
known_urls = {self.base_url}

vulnerabilities/tests/pipelines/test_postgresql_v2_importer.py

Lines changed: 39 additions & 66 deletions
Original file line numberDiff line numberDiff line change
@@ -34,9 +34,9 @@
3434
<tbody>
3535
<tr>
3636
<td>
37-
<span class="nobr"><a href="/support/security/CVE-2022-1234/">CVE-2022-1234</a></span><br>
38-
<a href="/about/news/postgresql-175-169-1513-1418-and-1321-released-3072/">Announcement</a><br>
39-
</td>
37+
<span class="nobr"><a href="/support/security/CVE-2022-1234/">CVE-2022-1234</a></span><br>
38+
<a href="/about/news/postgresql-175-169-1513-1418-and-1321-released-3072/">Announcement</a><br>
39+
</td>
4040
<td>10.0, 10.1</td>
4141
<td>10.2</td>
4242
<td><a href="/vector?vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">9.8</a></td>
@@ -48,43 +48,39 @@
4848
</html>
4949
"""
5050

51+
HTML_NO_FIX_ADVISORY = """
52+
<html>
53+
<body>
54+
<table>
55+
<tbody>
56+
<tr>
57+
<td>
58+
<span class="nobr"><a href="/support/security/CVE-2023-5678/">CVE-2023-5678</a></span><br>
59+
<a href="/about/news/postgresql-175-169-1513-1418-and-1321-released-3072/">Announcement</a><br>
60+
</td>
61+
<td>9.5, 9.6</td>
62+
<td></td>
63+
<td></td>
64+
<td>Unpatched issue</td>
65+
</tr>
66+
</tbody>
67+
</table>
68+
</body>
69+
</html>
70+
"""
71+
5172

5273
@pytest.fixture
5374
def importer():
5475
return PostgreSQLImporterPipeline()
5576

5677

57-
@patch("vulnerabilities.pipelines.v2_importers.postgresql_importer.requests.get")
58-
def test_collect_links(mock_get, importer):
59-
mock_get.return_value.content = HTML_PAGE_WITH_LINKS.encode("utf-8")
60-
61-
importer.collect_links()
62-
63-
assert len(importer.links) == 3 # base + 2 new
64-
assert any("advisory1.html" in link for link in importer.links)
65-
assert any("advisory2.html" in link for link in importer.links)
66-
67-
68-
@patch("vulnerabilities.pipelines.v2_importers.postgresql_importer.requests.get")
69-
def test_advisories_count(mock_get, importer):
70-
mock_get.return_value.content = HTML_PAGE_WITH_LINKS.encode("utf-8")
71-
72-
count = importer.advisories_count()
73-
assert count >= 3
74-
75-
7678
@patch("vulnerabilities.pipelines.v2_importers.postgresql_importer.requests.get")
7779
def test_collect_advisories(mock_get, importer):
78-
importer.links = {
79-
"https://www.postgresql.org/support/security/advisory1.html",
80-
"https://www.postgresql.org/support/security/advisory2.html",
81-
}
82-
8380
mock_get.return_value.content = HTML_ADVISORY.encode("utf-8")
84-
8581
advisories = list(importer.collect_advisories())
8682

87-
assert len(advisories) == 2
83+
assert len(advisories) == 1
8884
advisory = advisories[0]
8985
assert isinstance(advisory, AdvisoryData)
9086
assert advisory.advisory_id == "CVE-2022-1234"
@@ -98,57 +94,34 @@ def test_collect_advisories(mock_get, importer):
9894

9995
@patch("vulnerabilities.pipelines.v2_importers.postgresql_importer.requests.get")
10096
def test_collect_advisories_with_no_fixed_version(mock_get, importer):
101-
no_fix_html = """
102-
<html>
103-
<body>
104-
<table>
105-
<tbody>
106-
<tr>
107-
<td>
108-
<span class="nobr"><a href="/support/security/CVE-2023-5678/">CVE-2023-5678</a></span><br>
109-
<a href="/about/news/postgresql-175-169-1513-1418-and-1321-released-3072/">Announcement</a><br>
110-
</td>
111-
<td>9.5, 9.6</td>
112-
<td></td>
113-
<td></td>
114-
<td>Unpatched issue</td>
115-
</tr>
116-
</tbody>
117-
</table>
118-
</body>
119-
</html>
120-
"""
121-
122-
def side_effect(url, *args, **kwargs):
123-
if "advisory" not in url:
124-
return MagicMock(content=HTML_PAGE_WITH_LINKS.encode("utf-8"))
125-
return MagicMock(content=no_fix_html.encode("utf-8"))
126-
127-
mock_get.side_effect = side_effect
128-
97+
mock_get.return_value.content = HTML_NO_FIX_ADVISORY.encode("utf-8")
12998
advisories = list(importer.collect_advisories())
13099

131-
assert len(advisories) == 2
100+
assert len(advisories) == 1
132101
advisory = advisories[0]
133102
assert advisory.advisory_id == "CVE-2023-5678"
134103
assert advisory.affected_packages[0].fixed_version is None
135104
assert advisory.affected_packages[0].affected_version_range.contains(SemverVersion("9.5"))
105+
assert advisory.affected_packages[0].affected_version_range.contains(SemverVersion("9.6"))
136106

137107

138108
@patch("vulnerabilities.pipelines.v2_importers.postgresql_importer.requests.get")
139109
def test_cvss_parsing(mock_get, importer):
140-
mock_get.side_effect = lambda url, *args, **kwargs: MagicMock(
141-
content=HTML_ADVISORY.encode("utf-8")
142-
)
143-
144-
importer.links = {"https://www.postgresql.org/support/security/advisory1.html"}
145-
110+
mock_get.return_value.content = HTML_ADVISORY.encode("utf-8")
146111
advisories = list(importer.collect_advisories())
147112

148113
assert len(advisories) == 1
149-
reference = advisories[0].references_v2[0]
150-
151114
severity = advisories[0].severities[0]
152115
assert severity.system.identifier == "cvssv3"
153116
assert severity.value == "9.8"
154117
assert "AV:N/AC:L/PR:N/UI:N" in severity.scoring_elements
118+
119+
120+
@patch("vulnerabilities.pipelines.v2_importers.postgresql_importer.requests.get")
121+
def test_collect_links(mock_get, importer):
122+
mock_get.return_value.content = HTML_PAGE_WITH_LINKS.encode("utf-8")
123+
importer.collect_links()
124+
125+
assert len(importer.links) == 3
126+
assert any("advisory1.html" in link for link in importer.links)
127+
assert any("advisory2.html" in link for link in importer.links)

0 commit comments

Comments
 (0)