From d32543a337729ce31fd5d546a35b4eba8ef31845 Mon Sep 17 00:00:00 2001 From: tdruez Date: Tue, 27 Aug 2024 19:56:43 +0400 Subject: [PATCH] Refine the implementation of the scores #95 Signed-off-by: tdruez --- component_catalog/models.py | 32 +++----------------------- component_catalog/tests/test_models.py | 17 ++++++++++++-- 2 files changed, 18 insertions(+), 31 deletions(-) diff --git a/component_catalog/models.py b/component_catalog/models.py index 0d83f4ac..a01bb891 100644 --- a/component_catalog/models.py +++ b/component_catalog/models.py @@ -2685,6 +2685,9 @@ def range_to_values(self, range_str): @classmethod def create_from_data(cls, dataspace, data, validate=False, affecting=None): + # Computing the min_score and max_score from the `references` as those data + # are not provided by the VulnerableCode API. + # https://github.com/aboutcode-org/vulnerablecode/issues/1573 # severity_range_score = data.get("severity_range_score") # if severity_range_score: # min_score, max_score = self.range_to_values(severity_range_score) @@ -2705,29 +2708,6 @@ def create_from_data(cls, dataspace, data, validate=False, affecting=None): return instance - @property - def severity_score_range(self): - if not (self.min_score and self.max_score): - return "" - if self.min_score == self.max_score: - return str(self.max_score) - return f"{self.min_score} - {self.max_score}" - - def get_severities(self): - return [score for reference in self.references for score in reference.get("scores", [])] - - # Duplicated from - # https://github.com/aboutcode-org/vulnerablecode/blob/main/vulnerabilities/utils.py - # Until made available in the API https://github.com/aboutcode-org/vulnerablecode/issues/1565 - def get_severity_range(self): - severities = self.get_severities() - if len(severities) < 1: - return - - scores = self.get_severity_scores(severities) - if scores: - return f"{min(scores)} - {max(scores)}" - @staticmethod def get_severity_scores(severities): score_map = { @@ -2749,9 +2729,3 @@ def get_severity_scores(severities): consolidated_scores.extend(score_range) return consolidated_scores - - def get_max_score(self): - severities = self.get_severities() - scores = self.get_severity_scores(severities) - if scores: - return max(scores) diff --git a/component_catalog/tests/test_models.py b/component_catalog/tests/test_models.py index 50db1d5d..1cdb302e 100644 --- a/component_catalog/tests/test_models.py +++ b/component_catalog/tests/test_models.py @@ -2621,8 +2621,8 @@ def test_vulnerability_model_fixed_packages_count_generated_field(self): self.assertEqual(0, vulnerablity1.fixed_packages_count) vulnerablity1.fixed_packages = [ - {'purl': 'pkg:pypi/gitpython@3.1.41', 'is_vulnerable': True}, - {'purl': 'pkg:pypi/gitpython@3.2', 'is_vulnerable': False}, + {"purl": "pkg:pypi/gitpython@3.1.41", "is_vulnerable": True}, + {"purl": "pkg:pypi/gitpython@3.2", "is_vulnerable": False}, ] vulnerablity1.save() vulnerablity1.refresh_from_db() @@ -2659,8 +2659,21 @@ def test_vulnerability_model_create_from_data(self): self.assertEqual(vulnerability_data["summary"], vulnerability1.summary) self.assertEqual(vulnerability_data["aliases"], vulnerability1.aliases) self.assertEqual(vulnerability_data["references"], vulnerability1.references) + self.assertEqual(7.5, vulnerability1.min_score) + self.assertEqual(7.5, vulnerability1.max_score) self.assertQuerySetEqual(vulnerability1.affected_packages.all(), [package1]) + def test_vulnerability_model_create_from_data_computed_scores(self): + response_file = self.data / "vulnerabilities" / "idna_3.6_response.json" + json_data = json.loads(response_file.read_text()) + affected_by_vulnerabilities = json_data["results"][0]["affected_by_vulnerabilities"] + vulnerability1 = Vulnerability.create_from_data( + dataspace=self.dataspace, + data=affected_by_vulnerabilities[0], + ) + self.assertEqual(2.1, vulnerability1.min_score) + self.assertEqual(7.5, vulnerability1.max_score) + def test_vulnerability_model_queryset_count_methods(self): package1 = make_package(self.dataspace) package2 = make_package(self.dataspace)