Fetch Photon CVE data sources dynamically from index

Samk1710 · Samk1710 · commit 9dbdf695420a · 2026-03-13T14:48:56.000+05:30
Signed-off-by: Sampurna Pyne &lt;sampurnapyne1710@gmail.com&gt;
diff --git a/vulnerabilities/pipelines/v2_importers/vmware_photon_importer_v2.py b/vulnerabilities/pipelines/v2_importers/vmware_photon_importer_v2.py
@@ -21,14 +21,6 @@
 from vulnerabilities.severity_systems import CVSSV3
 from vulnerabilities.utils import fetch_response
 
-PHOTON_URLS = [
-    "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon1.0.json",
-    "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon2.0.json",
-    "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon3.0.json",
-    "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon4.0.json",
-    "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon5.0.json",
-]
-
 
 class VmwarePhotonImporterPipeline(VulnerableCodeBaseImporterPipelineV2):
     """Collect advisories from Vmware Photon Advisory.
@@ -60,12 +52,18 @@ def steps(cls):
 
     def fetch(self):
         self.records = []
-        for url in PHOTON_URLS:
+        base_url = self.repo_url
+
+        response = fetch_response(base_url)
+        photon_files = re.findall(r'href="(cve_data_photon[0-9.]+\.json)"', response.text)
+
+        for file_name in photon_files:
+            url = base_url + file_name
             self.log(f"Fetching `{url}`")
             response = fetch_response(url)
             if response:
                 self.records.extend(response.json())
-        self.log(f"Fetched {len(self.records):,d} total records from {len(PHOTON_URLS)} sources")
+        self.log(f"Fetched {len(self.records):,d} total records from {len(photon_files)} sources")
 
     def group_records_by_cve(self):
         """
diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_vmware_photon_importer_v2.py b/vulnerabilities/tests/pipelines/v2_importers/test_vmware_photon_importer_v2.py
@@ -27,8 +27,14 @@ def test_collect_advisories(self, mock_fetch):
         sample_path = TEST_DATA / "data.json"
         sample_data = json.loads(sample_path.read_text(encoding="utf-8"))
 
+        index_html = """
+        <a href="cve_data_photon4.0.json">cve_data_photon4.0.json</a>
+        """
+
         def side_effect(url):
-            if "photon4.0" in url:
+            if url == "https://packages.vmware.com/photon/photon_cve_metadata/":
+                return Mock(text=index_html)
+            if "cve_data_photon4.0.json" in url:
                 return Mock(json=lambda: sample_data)
             return None
 
