Migrate projectkbmsr2019 importer

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
nexB · Jan 4, 2023 · f7cb976 · f7cb976
1 parent 40a3974
commit f7cb976
Show file tree

Hide file tree

Showing 5 changed files with 2,192 additions and 129 deletions.
diff --git a/vulnerabilities/importers/project_kb_msr2019.py b/vulnerabilities/importers/project_kb_msr2019.py
@@ -13,7 +13,6 @@
 from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
-from vulnerabilities.utils import create_etag
 from vulnerabilities.utils import is_cve
 
 # Reading CSV file from  a url using `requests` is bit too complicated.
@@ -23,42 +22,31 @@
 class ProjectKBMSRImporter(Importer):
 
     url = "https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv"
+    spdx_license_expression = "Apache-2.0"
+    license_url = "https://github.com/SAP/project-kb/blob/main/LICENSE.txt"
 
-    def updated_advisories(self):
-        if create_etag(data_src=self, url=self.url, etag_key="ETag"):
-            raw_data = self.fetch()
-            advisories = self.to_advisories(raw_data)
-            return self.batch_advisories(advisories)
+    def advisory_data(self):
+        raw_data = fetch_and_read_from_csv(self.url)
+        yield from self.to_advisories(raw_data)
 
-        return []
-
-    def fetch(self):
-        response = urllib.request.urlopen(self.url)
-        lines = [l.decode("utf-8") for l in response.readlines()]
-        return csv.reader(lines)
-
-    @staticmethod
-    def to_advisories(csv_reader):
+    def to_advisories(self, csv_reader):
         # Project KB MSR csv file has no header row
-        advisories = []
         for row in csv_reader:
             vuln_id, proj_home, fix_commit, _ = row
             commit_link = proj_home + "/commit/" + fix_commit
 
-            if is_cve(vuln_id):
-                reference = Reference(url=commit_link)
+            if not is_cve(vuln_id):
+                return []
 
-            else:
-                reference = Reference(url=commit_link, reference_id=vuln_id)
-                vuln_id = ""
-
-            advisories.append(
-                AdvisoryData(
-                    summary="",
-                    affected_packages=[],
-                    references=[reference],
-                    vulnerability_id=vuln_id,
-                )
+            reference = Reference(url=commit_link)
+            yield AdvisoryData(
+                aliases=[vuln_id],
+                summary="",
+                references=[reference],
             )
 
-        return advisories
+
+def fetch_and_read_from_csv(url):
+    response = urllib.request.urlopen(url)
+    lines = [l.decode("utf-8") for l in response.readlines()]
+    return csv.reader(lines)
diff --git a/vulnerabilities/tests/conftest.py b/vulnerabilities/tests/conftest.py
@@ -34,7 +34,6 @@ def no_rmtree(monkeypatch):
     "test_istio.py",
     "test_models.py",
     "test_mozilla.py",
-    "test_msr2019.py",
     "test_package_managers.py",
     "test_ruby.py",
     "test_rust.py",