Refactor per review

Samk1710 · Samk1710 · commit c1a2688c9c60 · 2026-03-15T22:47:10.000+05:30
Signed-off-by: Sampurna Pyne &lt;sampurnapyne1710@gmail.com&gt;
diff --git a/vulnerabilities/pipelines/v2_importers/vmware_photon_importer_v2.py b/vulnerabilities/pipelines/v2_importers/vmware_photon_importer_v2.py
@@ -12,13 +12,15 @@
 from typing import Iterable
 
 from packageurl import PackageURL
-from univers.version_range import RANGE_CLASS_BY_SCHEMES
+from univers.version_constraint import VersionConstraint
+from univers.version_range import RpmVersionRange
+from univers.versions import RpmVersion
 
 from vulnerabilities.importer import AdvisoryDataV2
 from vulnerabilities.importer import AffectedPackageV2
 from vulnerabilities.importer import VulnerabilitySeverity
 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2
-from vulnerabilities.severity_systems import CVSSV3
+from vulnerabilities.severity_systems import GENERIC
 from vulnerabilities.utils import fetch_response
 
 
@@ -62,7 +64,9 @@ def fetch(self):
             self.log(f"Fetching `{url}`")
             response = fetch_response(url)
             if response:
-                self.records.extend(response.json())
+                for record in response.json():
+                    record["source_url"] = url
+                    self.records.append(record)
         self.log(f"Fetched {len(self.records):,d} total records from {len(photon_files)} sources")
 
     def group_records_by_cve(self):
@@ -91,8 +95,6 @@ def advisories_count(self) -> int:
         return len(self.cve_to_records)
 
     def collect_advisories(self) -> Iterable[AdvisoryDataV2]:
-        rpm_range_cls = RANGE_CLASS_BY_SCHEMES["rpm"]
-
         for cve_id, records in self.cve_to_records.items():
             affected_packages = []
 
@@ -110,12 +112,17 @@ def collect_advisories(self) -> Iterable[AdvisoryDataV2]:
                 )
 
                 ver_match = re.match(r"all versions before (.+) are vulnerable", aff_ver)
-                if ver_match:
-                    affected_version_range = rpm_range_cls.from_string(
-                        f"vers:{rpm_range_cls.scheme}/<{ver_match.group(1)}"
-                    )
 
-                fixed_version_range = rpm_range_cls.from_versions([res_ver])
+                affected_version_range = RpmVersionRange(
+                    constraints=[
+                        VersionConstraint(
+                            comparator="<",
+                            version=RpmVersion(ver_match.group(1)),
+                        )
+                    ]
+                )
+
+                fixed_version_range = RpmVersionRange.from_versions([res_ver])
 
                 affected_packages.append(
                     AffectedPackageV2(
@@ -129,16 +136,15 @@ def collect_advisories(self) -> Iterable[AdvisoryDataV2]:
             cve_score = records[0].get("cve_score")
             severities.append(
                 VulnerabilitySeverity(
-                    system=CVSSV3,
+                    system=GENERIC,
                     value=str(cve_score),
-                    scoring_elements="",
                 )
             )
 
             yield AdvisoryDataV2(
                 advisory_id=cve_id,
                 affected_packages=affected_packages,
                 severities=severities,
-                url=f"https://nvd.nist.gov/vuln/detail/{cve_id}",
+                url=records[0].get("source_url", self.repo_url),
                 original_advisory_text=json.dumps(records, indent=2, ensure_ascii=False),
             )
diff --git a/vulnerabilities/tests/test_data/vmware_photon/expected.json b/vulnerabilities/tests/test_data/vmware_photon/expected.json
@@ -163,14 +163,14 @@
     "patches": [],
     "severities": [
       {
-        "system": "cvssv3",
+        "system": "generic_textual",
         "value": "5.5",
         "scoring_elements": ""
       }
     ],
     "date_published": null,
     "weaknesses": [],
-    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43853"
+    "url": "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon4.0.json"
   },
   {
     "advisory_id": "CVE-2021-45417",
@@ -196,13 +196,13 @@
     "patches": [],
     "severities": [
       {
-        "system": "cvssv3",
+        "system": "generic_textual",
         "value": "7.8",
         "scoring_elements": ""
       }
     ],
     "date_published": null,
     "weaknesses": [],
-    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45417"
+    "url": "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon4.0.json"
   }
 ]

Original file line number	Diff line number	Diff line change
`@@ -163,14 +163,14 @@`
`163`	`163`	`"patches": [],`
`164`	`164`	`"severities": [`
`165`	`165`	`{`
`166`		`- "system": "cvssv3",`
	`166`	`+ "system": "generic_textual",`
`167`	`167`	`"value": "5.5",`
`168`	`168`	`"scoring_elements": ""`
`169`	`169`	`}`
`170`	`170`	`],`
`171`	`171`	`"date_published": null,`
`172`	`172`	`"weaknesses": [],`
`173`		`- "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43853"`
	`173`	`+ "url": "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon4.0.json"`
`174`	`174`	`},`
`175`	`175`	`{`
`176`	`176`	`"advisory_id": "CVE-2021-45417",`
`@@ -196,13 +196,13 @@`
`196`	`196`	`"patches": [],`
`197`	`197`	`"severities": [`
`198`	`198`	`{`
`199`		`- "system": "cvssv3",`
	`199`	`+ "system": "generic_textual",`
`200`	`200`	`"value": "7.8",`
`201`	`201`	`"scoring_elements": ""`
`202`	`202`	`}`
`203`	`203`	`],`
`204`	`204`	`"date_published": null,`
`205`	`205`	`"weaknesses": [],`
`206`		`- "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45417"`
	`206`	`+ "url": "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon4.0.json"`
`207`	`207`	`}`
`208`	`208`	`]`