77# See https://aboutcode.org for more information about nexB OSS projects.
88#
99
10- import json
1110import logging
1211from pathlib import Path
1312from typing import Any
2019from univers .version_range import AlpineLinuxVersionRange
2120from univers .versions import InvalidVersion
2221
23- from vulnerabilities .importer import AdvisoryData
22+ from vulnerabilities .importer import AdvisoryDataV2
2423from vulnerabilities .importer import AffectedPackageV2
2524from vulnerabilities .importer import ReferenceV2
2625from vulnerabilities .pipelines import VulnerableCodeBaseImporterPipelineV2
2726from vulnerabilities .references import WireSharkReferenceV2
2827from vulnerabilities .references import XsaReferenceV2
2928from vulnerabilities .references import ZbxReferenceV2
3029from vulnerabilities .utils import get_advisory_url
30+ from vulnerabilities .utils import load_json
3131
3232
3333class AlpineLinuxImporterPipeline (VulnerableCodeBaseImporterPipelineV2 ):
@@ -46,31 +46,27 @@ def steps(cls):
4646 )
4747
4848 def advisories_count (self ) -> int :
49+ base_path = Path (self .vcs_response .dest_dir ) / "secdb"
4950 return sum (
5051 len (pkg .get ("advisories" , []))
51- for data in (
52- json .loads (p .read_text ())
53- for p in (Path (self .vcs_response .dest_dir ) / "secdb" ).rglob ("*.json" )
54- )
52+ for data in (load_json (p ) for p in base_path .rglob ("*.json" ))
5553 for pkg in data .get ("packages" , [])
5654 )
5755
5856 def clone (self ):
5957 self .log (f"Cloning `{ self .repo_url } )
6058 self .vcs_response = fetch_via_vcs (self .repo_url )
6159
62- def collect_advisories (self ) -> Iterable [AdvisoryData ]:
60+ def collect_advisories (self ) -> Iterable [AdvisoryDataV2 ]:
6361 base_path = Path (self .vcs_response .dest_dir ) / "secdb"
6462 for file_path in base_path .glob ("**/*.json" ):
6563 advisory_url = get_advisory_url (
6664 file = file_path ,
6765 base_path = base_path ,
68- url = "https://github.com/aboutcode- org/aboutcode-mirror-alpine-secdb/blob/main /" ,
66+ url = "https://secdb.alpinelinux. org/" ,
6967 )
7068
71- with open (file_path ) as f :
72- record = json .load (f )
73-
69+ record = load_json (file_path )
7470 if not record or not record ["packages" ]:
7571 self .log (
7672 f'"packages" not found in { advisory_url !r} ,
@@ -94,35 +90,32 @@ def check_for_attributes(record, logger) -> bool:
9490 attributes = ["distroversion" , "reponame" , "archs" ]
9591 for attribute in attributes :
9692 if attribute not in record :
97- if logger :
98- logger (
99- f'"{ attribute !r} { record !r} ,
100- level = logging .DEBUG ,
101- )
93+ logger (
94+ f'"{ attribute !r} { record !r} ,
95+ level = logging .DEBUG ,
96+ )
10297 return False
10398 return True
10499
105100
106- def process_record (record : dict , url : str , logger : callable = None ) -> Iterable [AdvisoryData ]:
101+ def process_record (record : dict , url : str , logger : callable ) -> Iterable [AdvisoryDataV2 ]:
107102 """
108103 Return a list of AdvisoryData objects by processing data
109104 present in that `record`
110105 """
111106 if not record .get ("packages" ):
112- if logger :
113- logger (
114- f'"packages" not found in this record { record !r} ,
115- level = logging .DEBUG ,
116- )
107+ logger (
108+ f'"packages" not found in this record { record !r} ,
109+ level = logging .DEBUG ,
110+ )
117111 return []
118112
119113 for package in record ["packages" ]:
120114 if not package ["pkg" ]:
121- if logger :
122- logger (
123- f'"pkg" not found in this package { package !r} ,
124- level = logging .DEBUG ,
125- )
115+ logger (
116+ f'"pkg" not found in this package { package !r} ,
117+ level = logging .DEBUG ,
118+ )
126119 continue
127120 if not check_for_attributes (record , logger ):
128121 continue
@@ -142,28 +135,26 @@ def load_advisories(
142135 reponame : str ,
143136 archs : List [str ],
144137 url : str ,
145- logger : callable = None ,
146- ) -> Iterable [AdvisoryData ]:
138+ logger : callable ,
139+ ) -> Iterable [AdvisoryDataV2 ]:
147140 """
148141 Yield AdvisoryData by mapping data from `pkg_infos`
149142 and form PURL for AffectedPackages by using
150143 `distroversion`, `reponame`, `archs`
151144 """
152145 if not pkg_infos .get ("name" ):
153- if logger :
154- logger (
155- f'"name" is not available in package { pkg_infos !r} ,
156- level = logging .DEBUG ,
157- )
146+ logger (
147+ f'"name" is not available in package { pkg_infos !r} ,
148+ level = logging .DEBUG ,
149+ )
158150 return []
159151
160152 for version , fixed_vulns in pkg_infos ["secfixes" ].items ():
161153 if not fixed_vulns :
162- if logger :
163- logger (
164- f"No fixed vulnerabilities in version { version !r} ,
165- level = logging .DEBUG ,
166- )
154+ logger (
155+ f"No fixed vulnerabilities in version { version !r} ,
156+ level = logging .DEBUG ,
157+ )
167158 continue
168159
169160 # fixed_vulns is a list of strings and each string is a space-separated
@@ -207,11 +198,10 @@ def load_advisories(
207198 )
208199
209200 if not isinstance (archs , List ):
210- if logger :
211- logger (
212- f"{ archs !r} ,
213- level = logging .DEBUG ,
214- )
201+ logger (
202+ f"{ archs !r} ,
203+ level = logging .DEBUG ,
204+ )
215205 continue
216206
217207 if archs and fixed_version_range :
@@ -246,10 +236,10 @@ def load_advisories(
246236 )
247237
248238 advisory_id = f"{ pkg_infos ['name' ]} { qualifiers ['distroversion' ]} { version } { vuln_id }
249- yield AdvisoryData (
239+ yield AdvisoryDataV2 (
250240 advisory_id = advisory_id ,
251241 aliases = aliases ,
252- references_v2 = references ,
242+ references = references ,
253243 affected_packages = affected_packages ,
254244 url = url ,
255245 )
0 commit comments