diff --git a/vulnerabilities/import_runner.py b/vulnerabilities/import_runner.py index 047710c2f..a740f4ae6 100644 --- a/vulnerabilities/import_runner.py +++ b/vulnerabilities/import_runner.py @@ -149,7 +149,7 @@ def process_inferences(inferences: List[Inference], advisory: Advisory, improver for inference in inferences: vulnerability = get_or_create_vulnerability_and_aliases( vulnerability_id=inference.vulnerability_id, - alias_names=inference.aliases, + aliases=inference.aliases, summary=inference.summary, ) diff --git a/vulnerabilities/tests/test_import_runner.py b/vulnerabilities/tests/test_import_runner.py index 22648a518..c1c9a48b1 100644 --- a/vulnerabilities/tests/test_import_runner.py +++ b/vulnerabilities/tests/test_import_runner.py @@ -7,19 +7,22 @@ # See https://aboutcode.org for more information about nexB OSS projects. # -from datetime import datetime -from datetime import timezone - import pytest +from django.utils import timezone from univers.version_range import VersionRange from vulnerabilities import models from vulnerabilities.import_runner import ImportRunner +from vulnerabilities.import_runner import process_inferences from vulnerabilities.importer import AdvisoryData from vulnerabilities.importer import AffectedPackage from vulnerabilities.importer import Importer from vulnerabilities.importer import PackageURL from vulnerabilities.importer import Reference +from vulnerabilities.improver import Inference +from vulnerabilities.tests.test_improve_runner import ( + get_objects_in_all_tables_used_by_process_inferences, +) ADVISORY_DATAS = [ AdvisoryData( @@ -32,7 +35,7 @@ ) ], references=[Reference(url="https://example.com/with/more/info/CVE-2020-13371337")], - date_published=datetime.now(timezone.utc), + date_published=timezone.now(), ) ] @@ -106,3 +109,45 @@ def test_advisory_summary_clean_up(): summary="The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\x00' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority." ) assert "\x00" not in adv.summary + + +DUMMY_ADVISORY = models.Advisory(summary="dummy", created_by="tests", date_collected=timezone.now()) + + +INFERENCES = [ + Inference( + aliases=["CVE-1", "CVE-2"], + summary="One upon a time, in a package far far away", + affected_purls=[ + PackageURL(type="character", namespace="star-wars", name="anakin", version="1") + ], + fixed_purl=PackageURL( + type="character", namespace="star-wars", name="darth-vader", version="1" + ), + references=[Reference(reference_id="imperial-vessel-1", url="https://m47r1x.github.io")], + ) +] + + +@pytest.mark.django_db +def test_process_inferences_with_no_inference(): + assert not process_inferences( + inferences=[], advisory=DUMMY_ADVISORY, improver_name="test_improver" + ) + + +@pytest.mark.django_db +def test_process_inferences_with_unknown_but_specified_vulnerability(): + inference = Inference(vulnerability_id="VCID-Does-Not-Exist-In-DB", aliases=["MATRIX-Neo"]) + assert not process_inferences( + inferences=[inference], advisory=DUMMY_ADVISORY, improver_name="test_improver" + ) + + +@pytest.mark.django_db +def test_process_inferences_idempotency(): + process_inferences(INFERENCES, DUMMY_ADVISORY, improver_name="test_improver") + all_objects = get_objects_in_all_tables_used_by_process_inferences() + process_inferences(INFERENCES, DUMMY_ADVISORY, improver_name="test_improver") + process_inferences(INFERENCES, DUMMY_ADVISORY, improver_name="test_improver") + assert all_objects == get_objects_in_all_tables_used_by_process_inferences()