Refine the implementation of the scores #95

Signed-off-by: tdruez <tdruez@nexb.com>

component_catalog/models.py

@@ -2685,6 +2685,9 @@ def range_to_values(self, range_str):
 
     @classmethod
     def create_from_data(cls, dataspace, data, validate=False, affecting=None):
+        # Computing the min_score and max_score from the `references` as those data
+        # are not provided by the VulnerableCode API.
+        # https://github.com/aboutcode-org/vulnerablecode/issues/1573
         # severity_range_score = data.get("severity_range_score")
         # if severity_range_score:
         #     min_score, max_score = self.range_to_values(severity_range_score)
@@ -2705,29 +2708,6 @@ def create_from_data(cls, dataspace, data, validate=False, affecting=None):
 
         return instance
 
-    @property
-    def severity_score_range(self):
-        if not (self.min_score and self.max_score):
-            return ""
-        if self.min_score == self.max_score:
-            return str(self.max_score)
-        return f"{self.min_score} - {self.max_score}"
-
-    def get_severities(self):
-        return [score for reference in self.references for score in reference.get("scores", [])]
-
-    # Duplicated from
-    # https://github.com/aboutcode-org/vulnerablecode/blob/main/vulnerabilities/utils.py
-    # Until made available in the API https://github.com/aboutcode-org/vulnerablecode/issues/1565
-    def get_severity_range(self):
-        severities = self.get_severities()
-        if len(severities) < 1:
-            return
-
-        scores = self.get_severity_scores(severities)
-        if scores:
-            return f"{min(scores)} - {max(scores)}"
-
     @staticmethod
     def get_severity_scores(severities):
         score_map = {
@@ -2749,9 +2729,3 @@ def get_severity_scores(severities):
                     consolidated_scores.extend(score_range)
 
         return consolidated_scores
-
-    def get_max_score(self):
-        severities = self.get_severities()
-        scores = self.get_severity_scores(severities)
-        if scores:
-            return max(scores)

component_catalog/tests/test_models.py

@@ -2621,8 +2621,8 @@ def test_vulnerability_model_fixed_packages_count_generated_field(self):
         self.assertEqual(0, vulnerablity1.fixed_packages_count)
 
         vulnerablity1.fixed_packages = [
-            {'purl': 'pkg:pypi/gitpython@3.1.41', 'is_vulnerable': True},
-            {'purl': 'pkg:pypi/gitpython@3.2', 'is_vulnerable': False},
+            {"purl": "pkg:pypi/gitpython@3.1.41", "is_vulnerable": True},
+            {"purl": "pkg:pypi/gitpython@3.2", "is_vulnerable": False},
         ]
         vulnerablity1.save()
         vulnerablity1.refresh_from_db()
@@ -2659,8 +2659,21 @@ def test_vulnerability_model_create_from_data(self):
         self.assertEqual(vulnerability_data["summary"], vulnerability1.summary)
         self.assertEqual(vulnerability_data["aliases"], vulnerability1.aliases)
         self.assertEqual(vulnerability_data["references"], vulnerability1.references)
+        self.assertEqual(7.5, vulnerability1.min_score)
+        self.assertEqual(7.5, vulnerability1.max_score)
         self.assertQuerySetEqual(vulnerability1.affected_packages.all(), [package1])
 
+    def test_vulnerability_model_create_from_data_computed_scores(self):
+        response_file = self.data / "vulnerabilities" / "idna_3.6_response.json"
+        json_data = json.loads(response_file.read_text())
+        affected_by_vulnerabilities = json_data["results"][0]["affected_by_vulnerabilities"]
+        vulnerability1 = Vulnerability.create_from_data(
+            dataspace=self.dataspace,
+            data=affected_by_vulnerabilities[0],
+        )
+        self.assertEqual(2.1, vulnerability1.min_score)
+        self.assertEqual(7.5, vulnerability1.max_score)
+
     def test_vulnerability_model_queryset_count_methods(self):
         package1 = make_package(self.dataspace)
         package2 = make_package(self.dataspace)