Update aosp importer

Fix patch_checksum constraint
Remove unused imports

Signed-off-by: ziad hany <ziadhany2016@gmail.com>

Author: ziadhany

vulnerabilities/importer.py

@@ -10,7 +10,6 @@
 import dataclasses
 import datetime
 import functools
-import hashlib
 import logging
 import traceback
 import xml.etree.ElementTree as ET
@@ -37,6 +36,7 @@
 from vulnerabilities.severity_systems import SCORING_SYSTEMS
 from vulnerabilities.severity_systems import ScoringSystem
 from vulnerabilities.utils import classproperty
+from vulnerabilities.utils import compute_patch_checksum
 from vulnerabilities.utils import get_reference_id
 from vulnerabilities.utils import is_commit
 from vulnerabilities.utils import is_cve
@@ -202,6 +202,7 @@ class PackageCommitPatchData:
     vcs_url: str
     commit_hash: str
     patch_text: Optional[str] = None
+    patch_checksum: Optional[str] = dataclasses.field(init=False, default=None)
 
     def __post_init__(self):
         if not self.commit_hash:
@@ -213,6 +214,9 @@ def __post_init__(self):
         if not self.vcs_url:
             raise ValueError("Commit must have a non-empty vcs_url.")
 
+        if self.patch_text:
+            self.patch_checksum = compute_patch_checksum(self.patch_text)
+
     def __lt__(self, other):
         if not isinstance(other, PackageCommitPatchData):
             return NotImplemented
@@ -224,6 +228,7 @@ def _cmp_key(self):
             self.vcs_url,
             self.commit_hash,
             self.patch_text,
+            self.patch_checksum,
         )
 
     def to_dict(self) -> dict:
@@ -232,6 +237,7 @@ def to_dict(self) -> dict:
             "vcs_url": self.vcs_url,
             "commit_hash": self.commit_hash,
             "patch_text": self.patch_text,
+            "patch_checksum": self.patch_checksum,
         }
 
     @classmethod
@@ -256,7 +262,7 @@ def __post_init__(self):
             raise ValueError("A patch must include either patch_url or patch_text")
 
         if self.patch_text:
-            self.patch_checksum = hashlib.sha512(self.patch_text.encode()).hexdigest()
+            self.patch_checksum = compute_patch_checksum(self.patch_text)
 
     def __lt__(self, other):
         if not isinstance(other, PatchData):

vulnerabilities/migrations/0104_packagecommitpatch_patch_and_more.py

@@ -1,4 +1,4 @@
-# Generated by Django 4.2.25 on 2025-12-01 14:42
+# Generated by Django 4.2.25 on 2025-12-02 00:23
 
 from django.db import migrations, models
 
@@ -65,7 +65,10 @@ class Migration(migrations.Migration):
                 (
                     "patch_checksum",
                     models.CharField(
-                        help_text="SHA512 checksum of the patch content.", max_length=128
+                        blank=True,
+                        help_text="SHA512 checksum of the patch content.",
+                        max_length=128,
+                        null=True,
                     ),
                 ),
             ],

vulnerabilities/models.py

@@ -65,6 +65,7 @@
 from vulnerabilities import utils
 from vulnerabilities.severity_systems import EPSS
 from vulnerabilities.severity_systems import SCORING_SYSTEMS
+from vulnerabilities.utils import compute_patch_checksum
 from vulnerabilities.utils import normalize_purl
 from vulnerabilities.utils import purl_to_dict
 from vulnerablecode import __version__ as VULNERABLECODE_VERSION
@@ -2765,17 +2766,23 @@ class Patch(models.Model):
 
     patch_checksum = models.CharField(
         max_length=128,
+        blank=True,
+        null=True,
         help_text="SHA512 checksum of the patch content.",
     )
 
+    def save(self, *args, **kwargs):
+        if self.patch_text:
+            self.patch_checksum = compute_patch_checksum(self.patch_text)
+        super().save(*args, **kwargs)
+
     class Meta:
         unique_together = ["patch_checksum", "patch_url"]
 
 
 class PackageCommitPatch(models.Model):
     """
-    A specific patch implementation for structured Package/VCS data.
-    Inherits from Patch.
+    A specific patch implementation for structured Package/VCS data
     """
 
     commit_hash = models.CharField(

vulnerabilities/pipelines/v2_importers/aosp_importer.py

@@ -14,15 +14,11 @@
 
 import dateparser
 from fetchcode.vcs import fetch_via_vcs
-from packageurl.contrib.purl2url import get_repo_url
-from packageurl.contrib.url2purl import url2purl
 
-from aboutcode.hashid import get_core_purl
 from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importer import AffectedPackageV2
 from vulnerabilities.importer import PackageCommitPatchData
 from vulnerabilities.importer import PatchData
-from vulnerabilities.importer import ReferenceV2
 from vulnerabilities.importer import VulnerabilitySeverity
 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2
 from vulnerabilities.pipes.advisory import classify_patch_source
@@ -37,8 +33,6 @@ class AospImporterPipeline(VulnerableCodeBaseImporterPipelineV2):
     pipeline_id = "aosp_dataset_fix_commits"
     spdx_license_expression = "Apache-2.0"
     license_url = "https://github.com/quarkslab/aosp_dataset/blob/master/LICENSE"
-    importer_name = "aosp_dataset"
-    qualified_name = "aosp_dataset_fix_commits"
 
     @classmethod
     def steps(cls):

vulnerabilities/pipes/advisory.py

@@ -147,8 +147,8 @@ def get_or_create_advisory_patches(
     pairs = [(c.patch_url, c.patch_checksum) for c in base_patches_data]
 
     query = Q()
-    for patch_checksum, patch_text in pairs:
-        query |= Q(patch_checksum=patch_checksum, patch_text=patch_text)
+    for patch_checksum, patch_url in pairs:
+        query |= Q(patch_checksum=patch_checksum, patch_url=patch_url)
 
     existing_commits_qs = Patch.objects.filter(query)
     existing_pairs = set(existing_commits_qs.values_list("patch_url", "patch_checksum"))

vulnerabilities/tests/test_data/aosp/CVE-aosp_test3-expected.json

@@ -20,7 +20,8 @@
           {
             "vcs_url": "https://github.com/torvalds/linux",
             "commit_hash": "0048b4837affd153897ed1222283492070027aa9",
-            "patch_text": null
+            "patch_text": null,
+            "patch_checksum": null
           }
         ]
       }

vulnerabilities/utils.py

@@ -34,15 +34,12 @@
 from cwe2.database import InvalidCWEError
 from packageurl import PackageURL
 from packageurl.contrib.django.utils import without_empty_values
-from packageurl.contrib.purl2url import get_repo_url
-from packageurl.contrib.url2purl import url2purl
 from univers.version_range import RANGE_CLASS_BY_SCHEMES
 from univers.version_range import AlpineLinuxVersionRange
 from univers.version_range import NginxVersionRange
 from univers.version_range import VersionRange
 
 from aboutcode.hashid import build_vcid
-from aboutcode.hashid import get_core_purl
 
 logger = logging.getLogger(__name__)
 
@@ -684,3 +681,10 @@ def create_registry(pipelines):
         registry[key] = pipeline
 
     return registry
+
+
+def compute_patch_checksum(patch_text: str | None) -> str | None:
+    """
+    Compute SHA-512 checksum for patch text.
+    """
+    return hashlib.sha512(patch_text.encode("utf-8")).hexdigest()