8000 feature: ui: added progress bar for `vulnerabilities.importers` by harsh098 · Pull Request #1378 · aboutcode-org/vulnerablecode · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

feature: ui: added progress bar for vulnerabilities.importers #1378

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 71 commits into from
Closed

feature: ui: added progress bar for vulnerabilities.importers #1378

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
71 commits
Select commit Hold shift + click to select a range
8cee434
Add progress bar to NVDImporter
harsh098 Dec 25, 2023
21ec9f9
Add progress bar to GithubImporter
harsh098 Dec 26, 2023
57e0e28
Add missing type annotations to GithubImporter
harsh098 Dec 27, 2023
63259cb
Merge branch 'main' into progress-bar
harsh098 Dec 27, 2023
c1b06ed
Add progress bar for NPMImporter
harsh098 Dec 27, 2023
1de5e25
Add Progress bar for GitlabImporter
harsh098 Dec 27, 2023
38eeb69
Add Progress bar to PyPaImporter
harsh098 D 8000 ec 27, 2023
e145df6
Add Progress bar to Nginx Importer
harsh098 Dec 27, 2023
7b16b39
Add Progress bar to PyPIImporter
harsh098 Dec 27, 2023
1c8f6fc
Add Progress bar to AlpineImporter
harsh098 Dec 29, 2023
33c1533
Add Progress bar to OpensslImporter
harsh098 Dec 29, 2023
652346b
Merge branch 'main' into progress-bar
harsh098 Dec 29, 2023
29b679c
Add Progress bar to DebianImporter
harsh098 Dec 29, 2023
cc2d29d
Add Progress bar to PostgreSQLImporter
harsh098 Dec 30, 2023
ead8c1a
Add Progress bar to UbuntuImporter
harsh098 Dec 30, 2023
871bafc
Add Progress bar to DebianOvalImporter
harsh098 Dec 30, 2023
b6559a3
Add Progress bar to RetireDotnetImporter
harsh098 Dec 30, 2023
a035edd
Add Progress bar to ApacheHTTPDImporter
harsh098 Dec 30, 2023
a3f388e
Add Progress bar to MozillaImporter
harsh098 Dec 30, 2023
05a518f
Add Progress bar to GentooImporter
harsh098 Dec 30, 2023
7bc5609
Add Progress bar to IstioImporter
harsh098 Dec 31, 2023
bb56c7c
Add Progress bar to ElixirSecurityImporter
harsh098 Dec 31, 2023
be052f0
Add Progress bar to ApacheTomcatImporter
harsh098 Dec 31, 2023
9d672fe
Add Progress bar to XenImporter
harsh098 Dec 31, 2023
7cd5752
Add Progress bar to UbuntuUSNImporter
harsh098 Dec 31, 2023
97074ea
Add Progress bar to FireyeImporter
harsh098 Dec 31, 2023
e611557
Add Progress bar to ApacheKafkaImporter
harsh098 Dec 31, 2023
aa7fad8
Add Progress bar to OSSFuzzImporter
harsh098 Dec 31, 2023
ac649a9
Add Progress bar to SUSESeverityScoreImporter
harsh098 Dec 31, 2023
b8224fe
Add Progress bar to ArchlinuxImporter
harsh098 Dec 31, 2023
0c44827
Add Progress bar to ProjectKBMSRImporter
harsh098 Dec 31, 2023
c7146a3
Add Progress bar to RedhatImporter
harsh098 Dec 31, 2023
895a8b6
Fix Progress bar for RedhatImporter
harsh098 Jan 2, 2024
f988170
Fix Progress bar for OSSFuzzImporter
harsh098 Jan 2, 2024
3dcf8b4
Merge branch 'main' into progress-bar
harsh098 Jan 2, 2024
0841f55
Fix Progress bar for UbuntuUSNImporter
harsh098 Jan 2, 2024
d5e46f8
Fix Progress bar for XenImporter
harsh098 Jan 2, 2024
dd8da4c
Fix Progress bar for ApacheTomcatImporter
harsh098 Jan 2, 2024
8cd8902
Fix Progress bar for ElixirSecurityImporter
harsh098 Jan 2, 2024
dc3e73b
Fix Readability in RedhatImporter
harsh098 Jan 2, 2024
7495917
Fix Progress Bar in SUSESeverityScoreImporter
harsh098 Jan 3, 2024
f4715f3
Fix Progress Bar in ProjectKBMSRImporter
harsh098 Jan 3, 2024
69c8674
Fix Progress Bar in IstioImporter
harsh098 Jan 3, 2024
331cdb7
Fix Progress Bar in GentooImporter
harsh098 Jan 3, 2024
8b86827
Fix Progress Bar in MozillaImporter
harsh098 Jan 3, 2024
bdbf439
Fix Progress Bar in ApacheHTTPDImporter
harsh098 Jan 3, 2024
77fcbe7
Fix Progress Bar in RetireDotnetImporter
harsh098 Jan 3, 2024
d512889
Fix Progress Bar in DebianOvalImporter
harsh098 Jan 3, 2024
ced152a 8000
Fix Progress Bar in UbuntuImporter
harsh098 Jan 3, 2024
b94542c
Fix Progress Bar in ArchlinuxImporter
harsh098 Jan 3, 2024
728781a
Fix Progress Bar in PostgreSQLImporter
harsh098 Jan 3, 2024
bd760e2
Fix Progress Bar in DebianImporter
harsh098 Jan 3, 2024
9b3b83b
Fix Progress Bar in OpensslImporter
harsh098 Jan 3, 2024
2c1e6c8
Fix Progress Bar in AlpineImporter
harsh098 Jan 3, 2024
0cb4de5
Fix Progress Bar in PyPIImporter
harsh098 Jan 3, 2024
063627f
Fix Progress Bar in NginxImporter
harsh098 Jan 3, 2024
8c821ac
Fix Progress Bar in PyPaImporter
harsh098 Jan 3, 2024
9bd44bf
Fix Progress Bar in NpmImporter
harsh098 Jan 3, 2024
0f611ed
Fix Progress Bar in GitLabAPIImporter
harsh098 Jan 3, 2024
87f1b27
Fix Progress Bar in GitHubAPIImporter
harsh098 Jan 3, 2024
411f10e
Fix Progress Bar in NVDImporter
harsh098 Jan 3, 2024
4a867e8
Fix Readability in FireyeImporter
harsh098 Jan 3, 2024
e62be24
Fix Readability in import.py
harsh098 Jan 3, 2024
788b155
Merge branch 'main' into progress-bar
harsh098 Jan 3, 2024
b2b3234
Merge branch 'main' into progress-bar
harsh098 Jan 4, 2024
7f5eb72
Add missing dependency to setup.cfg
harsh098 Jan 4, 2024
10ceccd
Merge branch 'main' into progress-bar
harsh098 Jan 17, 2024
402b440
Merge branch 'main' into progress-bar
harsh098 Jan 24, 2024
d9ea936
Remove Print Statements from Fireeye Importer
harsh098 Jan 24, 2024
fbba793
Merge branch 'main' into progress-bar
harsh098 Jan 25, 2024
8f84452
Merge branch 'main' into progress-bar
harsh098 Jan 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,3 +120,4 @@ drf-spectacular==0.24.2
coreapi==2.3.3
coreschema==0.0.4
itypes==1.2.0
progress==1.6
1 change: 1 addition & 0 deletions setup.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ install_requires =
packageurl-python>=0.10.5rc1
univers>=30.11.0
license-expression>=21.6.14
progress>=1.6

# file and data formats
binaryornot>=0.4.4
Expand Down
7 changes: 7 additions & 0 deletions vulnerabilities/importers/alpine_linux.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@

from bs4 import BeautifulSoup
from packageurl import PackageURL
from progress.bar import ChargingBar
from univers.versions import AlpineLinuxVersion

from vulnerabilities.importer import AdvisoryData
Expand All @@ -41,6 +42,10 @@ def advisory_data(self) -> Iterable[AdvisoryData]:
page_response_content = fetch_response(BASE_URL).content
advisory_directory_links = fetch_advisory_directory_links(page_response_content)
advisory_links = []
progress_for_package_fetch = ChargingBar(
"\tFetching Packages", max=len(advisory_directory_links)
)
progress_for_package_fetch.start()
for advisory_directory_link in advisory_directory_links:
advisory_directory_page = fetch_response(advisory_directory_link).content
advisory_links.extend(
Expand All @@ -52,6 +57,8 @@ def advisory_data(self) -> Iterable[AdvisoryData]:
LOGGER.error(f'"packages" not found in {link!r}')
continue
yield from process_record(record=record, url=link)
progress_for_package_fetch.next()
progress_for_package_fetch.finish()


def fetch_advisory_directory_links(page_response_content: str) -> List[str]:
Expand Down
5 changes: 5 additions & 0 deletions vulnerabilities/importers/apache_httpd.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
import requests
from bs4 import BeautifulSoup
from packageurl import PackageURL
from progress.bar import ChargingBar
from univers.version_constraint import VersionConstraint
from univers.version_range import ApacheVersionRange
from univers.versions import SemverVersion
Expand All @@ -37,9 +38,13 @@ class ApacheHTTPDImporter(Importer):

def advisory_data(self):
links = fetch_links(self.base_url)
progress_bar_for_fetch_links = ChargingBar("\tFetching Vulnerabilitites", max=len(links))
progress_bar_for_fetch_links.start()
for link in links:
data = requests.get(link).json()
yield self.to_advisory(data)
progress_bar_for_fetch_links.next()
progress_bar_for_fetch_links.finish()

def to_advisory(self, data):
alias = get_item(data, "CVE_data_meta", "ID")
Expand Down
6 changes: 6 additions & 0 deletions vulnerabilities/importers/apache_kafka.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
from bs4 import BeautifulSoup
from dateutil.parser import parse
from packageurl import PackageURL
from progress.bar import ChargingBar

from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import AffectedPackage
Expand Down Expand Up @@ -113,6 +114,8 @@ def to_advisory(self, advisory_page):

advisory_page = BeautifulSoup(advisory_page, features="lxml")
cve_section_beginnings = advisory_page.find_all("h2")
progress_bar_for_cve_fetch = ChargingBar("\tFetching CVEs", max=len(cve_section_beginnings))
progress_bar_for_cve_fetch.start()
for cve_section_beginning in cve_section_beginnings:
# This sometimes includes text that follows the CVE on the same line -- sometimes there is a carriage return, sometimes there is not
# cve_id = cve_section_beginning.text.split("\n")[0]
Expand Down Expand Up @@ -195,5 +198,8 @@ def to_advisory(self, advisory_page):
url=f"{self.ASF_PAGE_URL}#{cve_id}",
)
)
progress_bar_for_cve_fetch.next()

progress_bar_for_cve_fetch.finish()

return advisories
8 changes: 7 additions & 1 deletion vulnerabilities/importers/apache_tomcat.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
import requests
from bs4 import BeautifulSoup
from packageurl import PackageURL
from progress.bar import ChargingBar
from univers.version_constraint import VersionConstraint
from univers.version_range import ApacheVersionRange
from univers.version_range import MavenVersionRange
Expand Down Expand Up @@ -124,9 +125,14 @@ def fetch_advisory_pages(self):
"""
Yield the content of each HTML page containing version-related security data.
"""
links = self.fetch_advisory_links("https://tomcat.apache.org/security")
links = list(self.fetch_advisory_links("https://tomcat.apache.org/security"))
progress_bar_for_advisory_fetch = ChargingBar("\tFetching Advisories", max=len(links))
progress_bar_for_advisory_fetch.start()
for page_url in links:
yield page_url, requests.get(page_url).content
progress_bar_for_advisory_fetch.next()

progress_bar_for_advisory_fetch.finish()

def fetch_advisory_links(self, url):
"""
Expand Down
8 changes: 7 additions & 1 deletion vulnerabilities/importers/archlinux.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
from typing import Mapping

from packageurl import PackageURL
from progress.bar import ChargingBar
from univers.version_range import ArchLinuxVersionRange
from univers.versions import ArchLinuxVersion

Expand All @@ -35,8 +36,13 @@ def fetch(self) -> Iterable[Mapping]:
return response.json()

def advisory_data(self) -> Iterable[AdvisoryData]:
for record in self.fetch():
records = self.fetch()
progress_bar_for_package_fetch = ChargingBar("\tFetching Packages", max=len(records or []))
progress_bar_for_package_fetch.start()
for record in records:
yield from self.parse_advisory(record)
progress_bar_for_package_fetch.next()
progress_bar_for_package_fetch.finish()

def parse_advisory(self, record) -> List[AdvisoryData]:
advisories = []
Expand Down
7 changes: 7 additions & 0 deletions vulnerabilities/importers/debian.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@

import requests
from packageurl import PackageURL
from progress.bar import ChargingBar
from univers.version_range import DebianVersionRange
from univers.versions import DebianVersion

Expand Down Expand Up @@ -89,8 +90,14 @@ def get_response(self):

def advisory_data(self) -> Iterable[AdvisoryData]:
response = self.get_response()
progress_bar_for_package_fetch = ChargingBar(
"\tFetching Packages", max=len(response.items())
)
progress_bar_for_package_fetch.start()
for pkg_name, records in response.items():
yield from self.parse(pkg_name, records)
progress_bar_for_package_fetch.next()
progress_bar_for_package_fetch.finish()

def parse(self, pkg_name: str, records: Mapping[str, Any]) -> Iterable[AdvisoryData]:
for cve_id, record in records.items():
Expand Down
5 changes: 5 additions & 0 deletions vulnerabilities/importers/debian_oval.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
import xml.etree.ElementTree as ET

import requests
from progress.bar import ChargingBar

from vulnerabilities.importer import OvalImporter

Expand Down Expand Up @@ -65,6 +66,8 @@ def __init__(self, *args, **kwargs):

def _fetch(self):
releases = ["wheezy", "stretch", "jessie", "buster", "bullseye"]
progress_bar_for_package_fetch = ChargingBar("\tFetching Packages", max=len(releases))
progress_bar_for_package_fetch.start()
for release in releases:
file_url = f"https://www.debian.org/security/oval/oval-definitions-{release}.xml.bz2"
self.data_url = file_url
Expand All @@ -74,3 +77,5 @@ def _fetch(self):
{"type": "deb", "namespace": "debian", "qualifiers": {"distro": release}},
ET.ElementTree(ET.fromstring(extracted.decode("utf-8"))),
)
progress_bar_for_package_fetch.next()
progress_bar_for_package_fetch.finish()
9 changes: 8 additions & 1 deletion vulnerabilities/importers/elixir_security.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@

from dateutil import parser as dateparser
from packageurl import PackageURL
from progress.bar import ChargingBar
from univers.version_constraint import VersionConstraint
from univers.version_range import HexVersionRange

Expand All @@ -31,13 +32,19 @@ class ElixirSecurityImporter(Importer):
importer_name = "Elixir Security Importer"

def advisory_data(self) -> Set[AdvisoryData]:
progress_bar_for_cve_fetch: ChargingBar
try:
self.clone(self.repo_url)
base_path = Path(self.vcs_response.dest_dir)
vuln = base_path / "packages"
for file in vuln.glob("**/*.yml"):
vuln_files = list(vuln.glob("**/*.yml"))
progress_bar_for_cve_fetch = ChargingBar("\tFetching CVEs", max=len(vuln_files))
progress_bar_for_cve_fetch.start()
for file in vuln_files:
yield from self.process_file(file, base_path)
progress_bar_for_cve_fetch.next()
finally:
progress_bar_for_cve_fetch.finish()
if self.vcs_response:
self.vcs_response.delete()

Expand Down
16 changes: 14 additions & 2 deletions vulnerabilities/importers/fireeye.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@
from typing import Iterable
from typing import List

from progress.bar import ChargingBar

from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import Importer
from vulnerabilities.importer import Reference
Expand All @@ -34,12 +36,19 @@ class FireyeImporter(Importer):
importer_name = "FireEye Importer"

def advisory_data(self) -> Iterable[AdvisoryData]:
progress_bar_for_advisory_fetch: ChargingBar
try:
self.vcs_response = self.clone(repo_url=self.repo_url)
base_path = Path(self.vcs_response.dest_dir)
files = filter(
lambda p: p.suffix in [".md", ".MD"], Path(self.vcs_response.dest_dir).glob("**/*")
files = list(
filter(
lambda p: p.suffix in [".md", ".MD"],
Path(self.vcs_response.dest_dir).glob("**/*"),
)
)
progress_bar_for_advisory_fetch = ChargingBar("\tFetching Advisories", max=len(files))
progress_bar_for_advisory_fetch.start()

for file in files:
if Path(file).stem == "README":
continue
Expand All @@ -48,7 +57,10 @@ def advisory_data(self) -> Iterable[AdvisoryData]:
yield parse_advisory_data(raw_data=f.read(), file=file, base_path=base_path)
except UnicodeError:
logger.error(f"Invalid file {file}")
finally:
progress_bar_for_advisory_fetch.next()
finally:
progress_bar_for_advisory_fetch.finish()
if self.vcs_response:
self.vcs_response.delete()

Expand Down
9 changes: 8 additions & 1 deletion vulnerabilities/importers/gentoo.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
from typing import Iterable

from packageurl import PackageURL
from progress.bar import ChargingBar
from univers.version_constraint import VersionConstraint
from univers.version_range import EbuildVersionRange
from univers.versions import GentooVersion
Expand All @@ -34,12 +35,18 @@ class GentooImporter(Importer):
importer_name = "Gentoo Importer"

def advisory_data(self) -> Iterable[AdvisoryData]:
progress_bar_for_package_fetch: ChargingBar
try:
self.clone(repo_url=self.repo_url)
base_path = Path(self.vcs_response.dest_dir)
for file_path in base_path.glob("**/*.xml"):
base_paths = list(base_path.glob("**/*.xml"))
progress_bar_for_package_fetch = ChargingBar("\tFetching Packages", max=len(base_paths))
progress_bar_for_package_fetch.start()
for file_path in base_paths:
yield from self.process_file(file_path)
progress_bar_for_package_fetch.next()
finally:
progress_bar_for_package_fetch.finish()
if self.vcs_response:
self.vcs_response.delete()

Expand Down
38 changes: 26 additions & 12 deletions vulnerabilities/importers/github.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
from cwe2.database import Database
from dateutil import parser as dateparser
from packageurl import PackageURL
from progress.bar import ChargingBar
from univers.version_range import RANGE_CLASS_BY_SCHEMES
from univers.version_range import build_range_from_github_advisory_constraint

Expand Down Expand Up @@ -88,29 +89,42 @@
}
"""

progress_bar_for_package_fetch = ChargingBar(
"\tFetching Packages", max=len(PACKAGE_TYPE_BY_GITHUB_ECOSYSTEM.items())
)


class GitHubAPIImporter(Importer):
spdx_license_expression = "CC-BY-4.0"
importer_name = "GHSA Importer"
license_url = "https://github.com/github/advisory-database/blob/main/LICENSE.md"

def advisory_data(self) -> Iterable[AdvisoryData]:
progress_bar_for_package_fetch.start()
for ecosystem, package_type in PACKAGE_TYPE_BY_GITHUB_ECOSYSTEM.items():
end_cursor_exp = ""
while True:
graphql_query = {"query": GRAPHQL_QUERY_TEMPLATE % (ecosystem, end_cursor_exp)}
response = utils.fetch_github_graphql_query(graphql_query)
yield from send_graphql_query(ecosystem, package_type)
progress_bar_for_package_fetch.finish()


def send_graphql_query(ecosystem: str, package_type: str) -> Iterable[AdvisoryData]:
try:
end_cursor_exp = ""
while True:
graphql_query = {"query": GRAPHQL_QUERY_TEMPLATE % (ecosystem, end_cursor_exp)}
response = utils.fetch_github_graphql_query(graphql_query)

page_info = get_item(response, "data", "securityVulnerabilities", "pageInfo")
end_cursor = get_item(page_info, "endCursor")
if end_cursor:
end_cursor = f'"{end_cursor}"'
end_cursor_exp = f"after: {end_cursor}"
page_info = get_item(response, "data", "securityVulnerabilities", "pageInfo")
end_cursor = get_item(page_info, "endCursor")
if end_cursor:
end_cursor = f'"{end_cursor}"'
end_cursor_exp = f"after: {end_cursor}"

yield from process_response(response, package_type=package_type)
yield from process_response(response, package_type=package_type)

if not get_item(page_info, "hasNextPage"):
break
if not get_item(page_info, "hasNextPage"):
break
finally:
progress_bar_for_package_fetch.next()


def get_purl(pkg_type: str, github_name: str) -> Optional[PackageURL]:
Expand Down
10 changes: 8 additions & 2 deletions vulnerabilities/importers/gitlab.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
import saneyaml
from dateutil import parser as dateparser
from packageurl import PackageURL
from progress.bar import ChargingBar
from univers.version_range import RANGE_CLASS_BY_SCHEMES
from univers.version_range import VersionRange
from univers.version_range import from_gitlab_native
Expand Down Expand Up @@ -55,11 +56,14 @@ class GitLabAPIImporter(Importer):
repo_url = "git+https://gitlab.com/gitlab-org/advisories-community/"

def advisory_data(self, _keep_clone=False) -> Iterable[AdvisoryData]:
progress_bar_for_package_fetch = ChargingBar("\tFetching Packages")
try:
self.clone(repo_url=self.repo_url)
base_path = Path(self.vcs_response.dest_dir)

for file_path in base_path.glob("**/*.yml"):
file_paths_for_fetched_files = list(base_path.glob("**/*.yml"))
progress_bar_for_package_fetch.max = len(file_paths_for_fetched_files)
progress_bar_for_package_fetch.start()
for file_path in file_paths_for_fetched_files:
gitlab_type, package_slug, vuln_id = parse_advisory_path(
base_path=base_path,
file_path=file_path,
Expand All @@ -71,7 +75,9 @@ def advisory_data(self, _keep_clone=False) -> Iterable[AdvisoryData]:
else:
logger.error(f"Unknow package type {gitlab_type!r} in {file_path!r}")
continue
progress_bar_for_package_fetch.next()
finally:
progress_bar_for_package_fetch.finish()
if self.vcs_response and not _keep_clone:
self.vcs_response.delete()

Expand Down
Loading
0