Address review comments

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>

Author: TG1999

PIPELINES-AVID.rst

@@ -1,71 +1,74 @@
-+-------------------------------+--------------------------------------------------------------+
-| pipeline name                 | AVID                                                         |
-+===============================+==============================================================+
-| alpine_linux_importer_v2      | {package_name}/{distroversion}/{version}/{vulnerability_id} |
-+-------------------------------+--------------------------------------------------------------+
-| aosp_dataset_fix_commits      | CVE ID of the record                                        |
-+-------------------------------+--------------------------------------------------------------+
-| apache_httpd_importer_v2      | CVE ID of the record                                        |
-+-------------------------------+--------------------------------------------------------------+
-| apache_kafka_importer_v2      | CVE ID of the record                                        |
-+-------------------------------+--------------------------------------------------------------+
-| apache_tomcat_importer_v2     | {page_id}/{cve_id}                                          |
-+-------------------------------+--------------------------------------------------------------+
-| archlinux_importer_v2         | AVG ID of the record                                        |
-+-------------------------------+--------------------------------------------------------------+
-| curl_importer_v2              | CURL-CVE ID of the record                                   |
-+-------------------------------+--------------------------------------------------------------+
-| debian_importer_v2            | {package_name}/{debian_record_id}                           |
-+-------------------------------+--------------------------------------------------------------+
-| elixir_security_importer_v2   | {package_name}/{file_id}                                    |
-+-------------------------------+--------------------------------------------------------------+
-| epss_importer_v2              | CVE ID of the record                                        |
-+-------------------------------+--------------------------------------------------------------+
-| fireeye_importer_v2           | {file_id}                                                   |
-+-------------------------------+--------------------------------------------------------------+
-| gentoo_importer_v2            | GLSA ID of the record                                       |
-+-------------------------------+--------------------------------------------------------------+
-| github_osv_importer_v2        | ID of the OSV record                                        |
-+-------------------------------+--------------------------------------------------------------+
-| gitlab_importer_v2            | Identifier of the GitLab community advisory record          |
-+-------------------------------+--------------------------------------------------------------+
-| istio_importer_v2             | ISTIO-SECURITY-<ID>                                         |
-+-------------------------------+--------------------------------------------------------------+
-| mattermost_importer_v2        | MMSA-<ID>                                                   |
-+-------------------------------+--------------------------------------------------------------+
-| mozilla_importer_v2           | MFSA-<ID>                                                   |
-+-------------------------------+--------------------------------------------------------------+
-| nginx_importer_v2             | First alias of the record                                   |
-+-------------------------------+--------------------------------------------------------------+
-| nodejs_security_wg            | NPM-<ID>                                                    |
-+-------------------------------+--------------------------------------------------------------+
-| nvd_importer_v2               | CVE ID of the record                                        |
-+-------------------------------+--------------------------------------------------------------+
-| openssl_importer_v2           | CVE ID of the record                                        |
-+-------------------------------+--------------------------------------------------------------+
-| oss_fuzz_importer_v2          | ID of the OSV record                                        |
-+-------------------------------+--------------------------------------------------------------+
-| postgresql_importer_v2        | CVE ID of the record                                        |
-+-------------------------------+--------------------------------------------------------------+
-| project-kb-msr-2019_v2        | Vulnerability ID of the record                              |
-+-------------------------------+--------------------------------------------------------------+
-| project-kb-statements_v2      | Vulnerability ID of the record                              |
-+-------------------------------+--------------------------------------------------------------+
-| pypa_importer_v2              | ID of the OSV record                                        |
-+-------------------------------+--------------------------------------------------------------+
-| pysec_importer_v2             | ID of the OSV record                                        |
-+-------------------------------+--------------------------------------------------------------+
-| redhat_importer_v2            | RHSA ID of the record                                       |
-+-------------------------------+--------------------------------------------------------------+
-| retiredotnet_importer_v2      | retiredotnet-{file_id}                                      |
-+-------------------------------+--------------------------------------------------------------+
-| ruby_importer_v2              | {file_id}                                                   |
-+-------------------------------+--------------------------------------------------------------+
-| suse_importer_v2              | CVE ID of the record                                        |
-+-------------------------------+--------------------------------------------------------------+
-| ubuntu_osv_importer_v2        | ID of the OSV record                                        |
-+-------------------------------+--------------------------------------------------------------+
-| vulnrichment_importer_v2      | CVE ID of the record                                        |
-+-------------------------------+--------------------------------------------------------------+
-| xen_importer_v2               | XSA-<ID>                                                    |
-+-------------------------------+--------------------------------------------------------------+
+.. list-table:: Pipeline AVID Mapping
+   :header-rows: 1
+   :widths: 35 65
+
+   * - pipeline name
+     - AVID
+   * - alpine_linux_importer_v2
+     - {package_name}/{distroversion}/{version}/{vulnerability_id}
+   * - aosp_dataset_fix_commits
+     - CVE ID of the record
+   * - apache_httpd_importer_v2
+     - CVE ID of the record
+   * - apache_kafka_importer_v2
+     - CVE ID of the record
+   * - apache_tomcat_importer_v2
+     - {page_id}/{cve_id}
+   * - archlinux_importer_v2
+     - AVG ID of the record
+   * - curl_importer_v2
+     - CURL-CVE ID of the record
+   * - debian_importer_v2
+     - {package_name}/{debian_record_id}
+   * - elixir_security_importer_v2
+     - {package_name}/{file_id}
+   * - epss_importer_v2
+     - CVE ID of the record
+   * - fireeye_importer_v2
+     - {file_id}
+   * - gentoo_importer_v2
+     - GLSA ID of the record
+   * - github_osv_importer_v2
+     - ID of the OSV record
+   * - gitlab_importer_v2
+     - Identifier of the GitLab community advisory record
+   * - istio_importer_v2
+     - ISTIO-SECURITY-<ID>
+   * - mattermost_importer_v2
+     - MMSA-<ID>
+   * - mozilla_importer_v2
+     - MFSA-<ID>
+   * - nginx_importer_v2
+     - First alias of the record
+   * - nodejs_security_wg
+     - NPM-<ID>
+   * - nvd_importer_v2
+     - CVE ID of the record
+   * - openssl_importer_v2
+     - CVE ID of the record
+   * - oss_fuzz_importer_v2
+     - ID of the OSV record
+   * - postgresql_importer_v2
+     - CVE ID of the record
+   * - project-kb-msr-2019_v2
+     - Vulnerability ID of the record
+   * - project-kb-statements_v2
+     - Vulnerability ID of the record
+   * - pypa_importer_v2
+     - ID of the OSV record
+   * - pysec_importer_v2
+     - ID of the OSV record
+   * - redhat_importer_v2
+     - RHSA ID of the record
+   * - retiredotnet_importer_v2
+     - retiredotnet-{file_id}
+   * - ruby_importer_v2
+     - {file_id}
+   * - suse_importer_v2
+     - CVE ID of the record
+   * - ubuntu_osv_importer_v2
+     - ID of the OSV record
+   * - vulnrichment_importer_v2
+     - CVE ID of the record
+   * - xen_importer_v2
+     - XSA-<ID>

vulnerabilities/pipelines/v2_importers/archlinux_importer.py

@@ -98,7 +98,7 @@ def parse_advisory(self, record) -> AdvisoryDataV2:
 
         severities = [
             VulnerabilitySeverity(
-                system=severity_systems.GENERIC,
+                system=severity_systems.ARCHLINUX,
                 value=severity,
                 url="https://security.archlinux.org/{avg_name}.json",
             )

vulnerabilities/severity_systems.py

@@ -169,6 +169,14 @@ def get(self, scoring_elements: str) -> dict:
     "Low",
 ]
 
+ARCHLINUX.choices = [
+    "Critical",
+    "High",
+    "Medium",
+    "Low",
+    "Very Low",
+]
+
 # This is essentially identical to apache_http except for the addition of the "High" score,
 # which seems to be used interchangeably for "Important".
 APACHE_TOMCAT = ScoringSystem(