Adjust precedence of importers

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>

Author: TG1999

vulnerabilities/models.py

@@ -1139,9 +1139,9 @@ def get_affecting_vulnerabilities(self):
                     next_fixed_package_vulns = list(fixed_by_pkg.affected_by)
 
                     fixed_by_package_details["fixed_by_purl"] = fixed_by_purl
-                    fixed_by_package_details["fixed_by_purl_vulnerabilities"] = (
-                        next_fixed_package_vulns
-                    )
+                    fixed_by_package_details[
+                        "fixed_by_purl_vulnerabilities"
+                    ] = next_fixed_package_vulns
                     fixed_by_pkgs.append(fixed_by_package_details)
 
                     vuln_details["fixed_by_package_details"] = fixed_by_pkgs

vulnerabilities/pipelines/v2_importers/elixir_security_importer.py

@@ -37,7 +37,7 @@ class ElixirSecurityImporterPipeline(VulnerableCodeBaseImporterPipelineV2):
     repo_url = "git+https://github.com/dependabot/elixir-security-advisories"
     run_once = True
 
-    precedence = 200
+    precedence = 400
 
     @classmethod
     def steps(cls):

vulnerabilities/pipelines/v2_importers/npm_importer.py

@@ -41,7 +41,7 @@ class NpmImporterPipeline(VulnerableCodeBaseImporterPipelineV2):
     license_url = "https://github.com/nodejs/security-wg/blob/main/LICENSE.md"
     repo_url = "git+https://github.com/nodejs/security-wg"
 
-    precedence = 200
+    precedence = 500
 
     @classmethod
     def steps(cls):

vulnerabilities/pipelines/v2_importers/retiredotnet_importer.py

@@ -30,7 +30,7 @@ class RetireDotnetImporterPipeline(VulnerableCodeBaseImporterPipelineV2):
     pipeline_id = "retiredotnet_importer_v2"
     run_once = True
 
-    precedence = 200
+    precedence = 400
 
     @classmethod
     def steps(cls):

vulnerabilities/pipelines/v2_importers/ruby_importer.py

@@ -58,7 +58,7 @@ class RubyImporterPipeline(VulnerableCodeBaseImporterPipelineV2):
     SOFTWARE.
     """
 
-    precedence = 200
+    precedence = 500
 
     @classmethod
     def steps(cls):

vulnerabilities/pipes/openssl.py

@@ -89,7 +89,9 @@ def get_reference(reference_name, tag, reference_url):
     ref_type = (
         AdvisoryReference.COMMIT
         if "commit" in name or tag == "patch"
-        else AdvisoryReference.ADVISORY if "advisory" in name else AdvisoryReference.OTHER
+        else AdvisoryReference.ADVISORY
+        if "advisory" in name
+        else AdvisoryReference.OTHER
     )
 
     return ReferenceV2(

vulnerabilities/tests/pipelines/v2_importers/test_collect_fix_commit.py

@@ -52,7 +52,9 @@ def test_collect_fix_commits_groups_by_vuln(mock_repo, pipeline):
         side_effect=lambda c: (
             ["CVE-2021-0001"]
             if "CVE" in c.message
-            else ["GHSA-dead-beef-baad"] if "GHSA" in c.message else []
+            else ["GHSA-dead-beef-baad"]
+            if "GHSA" in c.message
+            else []
         )
     )
 

vulnerabilities/tests/test_api.py

@@ -75,9 +75,9 @@ def cleaned_response(response):
                 reference["scores"] = sorted(
                     reference["scores"], key=lambda x: (x["value"], x["scoring_system"])
                 )
-                package_data["resolved_vulnerabilities"][index]["references"][index2]["scores"] = (
-                    reference["scores"]
-                )
+                package_data["resolved_vulnerabilities"][index]["references"][index2][
+                    "scores"
+                ] = reference["scores"]
 
         cleaned_response.append(package_data)