refactor: cvedb structure and datasources

[rhythmrx9]

Separated database functionality and data fetching functionality in CVEDB to facilitate addition of more datasources.

[rhythmrx9]

Resolved merge conflict.

[codecov-commenter]

Codecov Report

Merging #1706 (0986a6e) into main (82ce324) will increase coverage by 1.91%.
The diff coverage is 85.91%.

@@            Coverage Diff             @@
##             main    #1706      +/-   ##
==========================================
+ Coverage   80.20%   82.12%   +1.91%     
==========================================
  Files         300      304       +4     
  Lines        6427     6541     +114     
  Branches     1050     1063      +13     
==========================================
+ Hits         5155     5372     +217     
+ Misses       1054      953     -101     
+ Partials      218      216       -2     

Flag	Coverage Δ
longtests	82.12% <85.91%> (+1.91%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
test/test_cvedb.py	65.21% <37.50%> (+6.68%)	⬆️
test/test_source_nvd.py	60.71% <60.71%> (ø)
cve_bin_tool/cli.py	71.48% <66.66%> (+2.58%)	⬆️
cve_bin_tool/cvedb.py	84.21% <80.64%> (+12.32%)	⬆️
cve_bin_tool/data_sources/nvd_source.py	87.91% <87.91%> (ø)
cve_bin_tool/data_sources/__init__.py	90.90% <90.90%> (ø)
cve_bin_tool/data_sources/curl_source.py	95.45% <95.45%> (ø)
test/test_nvd_api.py	90.19% <100.00%> (+0.40%)	⬆️
cve_bin_tool/available_fix/debian_cve_tracker.py	63.26% <0.00%> (-14.29%)	⬇️
cve_bin_tool/nvd_api.py	75.20% <0.00%> (-8.80%)	⬇️
... and 9 more

📣 Codecov can now indicate which changes are the most critical in Pull Requests. Learn more

[terriko]

This is looking pretty good. I think we should probably switch this to be data_sources throughout. I think nvd_source and curl_source are clear enough on their own (that is, I don't think nvd_data_source would be particularly clearer), but the directory and other variable names should be changed.

Other than that, some of the tests are failing and I can't explain why, so I'll leave that to you to resolve.

I also flagged a few places this is using os.path -- we're in the process of refactoring to use pathlib. I don't think it's urgent that these need to be refactored before this can be merged, but we should open up some separate refactor wishlist issues for these files.

[terriko]

I think we'd discussed changing this to be data_sources rather than sources throughout.

[terriko]

We've switched to pathlib elsewhere when I merged #1714 , so this either should be switched to use pathlib or we should open an issue to do the refactor separately.

[terriko]

Another place for pathlib refactoring. Probably file a separate issue for this file?

[terriko]

Pathlib refactoring again.

[rhythmrx9]

Tests are passing, class and variable names are changed accordingly.
Switched to pathlib in data_sources/__init__.py, curl_source.py and nvd_source.py, will open a separate issue for cvedb.py.

[terriko]

Looks good., thank you!

The cve scan failed due to the aiohttp issue which didn't have a fix even in latest version for some period of time. I'm re-running it just to check on results but that shouldn't prevent this from being merged.

[terriko]

Yup, cve scan still failing, see more in #1741. But I'm going to go ahead and merge this while we resolve that one separately.