Refactor to handle default epochs

sbs2001 · sbs2001 · commit 4e5bc67d2260 · 2021-03-04T17:14:37.000+05:30
Signed-off-by: Shivam Sandbhor &lt;shivam.sandbhor@gmail.com&gt;
diff --git a/vulnerabilities/package_managers.py b/vulnerabilities/package_managers.py
@@ -67,7 +67,7 @@ async def set_api(self, pkg, session):
                     self.cache[pkg] = {}
                     break
                 for release in resp_json["entries"]:
-                    all_versions.add(release["source_package_version"])
+                    all_versions.add(release["source_package_version"].replace("0:", ""))
                 if resp_json.get("next_collection_link"):
                     url = resp_json["next_collection_link"]
                 else:
@@ -197,7 +197,7 @@ async def set_api(self, pkg, session, retry_count=5):
                 self.cache[pkg] = {}
                 return
             for release in resp_json["versions"]:
-                all_versions.add(release["version"])
+                all_versions.add(release["version"].replace("0:", ""))
 
             self.cache[pkg] = all_versions
         # TODO : Handle ServerDisconnectedError by using some sort of
diff --git a/vulnerabilities/tests/test_debian_oval.py b/vulnerabilities/tests/test_debian_oval.py
@@ -33,10 +33,12 @@ def setUpClass(cls):
         cls.debian_oval_data_src = DebianOvalDataSource(batch_size=1, config=data_source_cfg)
 
     @patch(
-        "vulnerabilities.importers.debian_oval.DebianVersionAPI.get",
-        return_value={"0:1.11.1+dfsg-5+deb7u1", "0:0.11.1+dfsg-5+deb7u1", "2.3.9"},
-    )
-    @patch("vulnerabilities.importers.debian_oval.DebianVersionAPI.load_api", new=mock)
+        'vulnerabilities.importers.debian_oval.DebianVersionAPI.get',
+        return_value={
+            '1.11.1+dfsg-5+deb7u1',
+            '0.11.1+dfsg-5+deb7u1',
+            '2.3.9'})
+    @patch('vulnerabilities.importers.debian_oval.DebianVersionAPI.load_api', new=mock)
     def test_get_data_from_xml_doc(self, mock_write):
         expected_advisories = [
             Advisory(
@@ -45,21 +47,36 @@ def test_get_data_from_xml_doc(self, mock_write):
                     PackageURL(
                         type="deb",
                         namespace=None,
+<<<<<<< HEAD
                         name="krb5",
                         version="0:0.11.1+dfsg-5+deb7u1",
                         qualifiers=OrderedDict([("distro", "wheezy")]),
                         subpath=None,
                     )
                 },
+=======
+                        name='krb5',
+                        version='0.11.1+dfsg-5+deb7u1',
+                        qualifiers=OrderedDict([('distro', 'wheezy')]),
+                        subpath=None
+                    )},
+>>>>>>> Refactor to  handle default epochs
                 resolved_package_urls={
                     PackageURL(
                         type="deb",
                         namespace=None,
+<<<<<<< HEAD
                         name="krb5",
                         version="0:1.11.1+dfsg-5+deb7u1",
                         qualifiers=OrderedDict([("distro", "wheezy")]),
                         subpath=None,
                     ),
+=======
+                        name='krb5',
+                        version='1.11.1+dfsg-5+deb7u1',
+                        qualifiers=OrderedDict([('distro', 'wheezy')]),
+                        subpath=None),
+>>>>>>> Refactor to  handle default epochs
                     PackageURL(
                         type="deb",
                         namespace=None,
@@ -77,6 +94,7 @@ def test_get_data_from_xml_doc(self, mock_write):
                     PackageURL(
                         type="deb",
                         namespace=None,
+<<<<<<< HEAD
                         name="a2ps",
                         version="0:0.11.1+dfsg-5+deb7u1",
                         qualifiers=OrderedDict([("distro", "wheezy")]),
@@ -104,6 +122,29 @@ def test_get_data_from_xml_doc(self, mock_write):
                 vulnerability_id="CVE-2001-1593",
             ),
         ]
+=======
+                        name='a2ps',
+                        version='0.11.1+dfsg-5+deb7u1',
+                        qualifiers=OrderedDict([('distro', 'wheezy')]),
+                        subpath=None
+                    )},
+                resolved_package_urls={
+                    PackageURL(type='deb',
+                               namespace=None,
+                               name='a2ps',
+                               version='2.3.9',
+                               qualifiers=OrderedDict([('distro', 'wheezy')]),
+                               subpath=None),
+                    PackageURL(type='deb',
+                               namespace=None,
+                               name='a2ps',
+                               version='1.11.1+dfsg-5+deb7u1',
+                               qualifiers=OrderedDict([('distro', 'wheezy')]),
+                               subpath=None)},
+                vulnerability_id='CVE-2001-1593')
+
+        }
+>>>>>>> Refactor to  handle default epochs
 
         xml_doc = ET.parse(os.path.join(TEST_DATA, "debian_oval_data.xml"))
         # Dirty quick patch to mock batch_advisories
diff --git a/vulnerabilities/tests/test_suse.py b/vulnerabilities/tests/test_suse.py
@@ -103,7 +103,7 @@ def test_get_version_ranges_from_state(self):
         state_2 = self.parsed_oval.oval_document.getStates()[1]
 
         exp_range_1 = None
-        exp_range_2 = RangeSpecifier("<0:1.2.11-lp151.3.6")
+        exp_range_2 = RangeSpecifier("<1.2.11-lp151.3.6")
         #In a full run we wont get exp_range1 because we won't obtain 
         #it's state due to filters to  avoid such tests in  the first place
         assert self.parsed_oval.get_version_ranges_from_state(state_1) == exp_range_1
@@ -131,36 +131,36 @@ def test_get_urls_from_definition(self):
     def test_get_data(self):
 
         expected_data = [
-            {
-                "test_data": [
-                    {
-                        "package_list": ["cacti"],
-                        "version_ranges": RangeSpecifier("<0:1.2.11-lp151.3.6"),
-                    },
-                    {
-                        "package_list": ["cacti-spine"],
-                        "version_ranges": RangeSpecifier("<0:1.2.11-lp151.3.6"),
-                    },
-                ],
-                "description": '\n        Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.\n        ',
-                "vuln_id": "CVE-2009-4112",
-                "reference_urls": {
-                    "https://bugzilla.suse.com/1122535",
-                    "https://bugzilla.suse.com/558664",
-                    "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4112",
-                    "https://www.suse.com/security/cve/CVE-2009-4112.html",
+          {
+            'test_data':
+            [
+                {
+                'package_list': ['cacti'],
+                'version_ranges': RangeSpecifier("<1.2.11-lp151.3.6")
+                }
+                ,
+                {
+                'package_list': ['cacti-spine'],
+                'version_ranges': RangeSpecifier("<1.2.11-lp151.3.6")
+                }
+           ],
+        'description':'\n        Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.\n        ',
+        'vuln_id': 'CVE-2009-4112',
+        'reference_urls': {
+            'https://bugzilla.suse.com/1122535',
+            'https://bugzilla.suse.com/558664',
+            'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4112',
+            'https://www.suse.com/security/cve/CVE-2009-4112.html'}
+        },
+          { 'test_data':
+            [
+                {
+                'package_list': ['apache2-mod_perl'],
+                'version_ranges': RangeSpecifier("<2.0.11-lp151.3.3")
                 },
-            },
-            {
-                "test_data": [
-                    {
-                        "package_list": ["apache2-mod_perl"],
-                        "version_ranges": RangeSpecifier("<0:2.0.11-lp151.3.3"),
-                    },
-                    {
-                        "package_list": ["apache2-mod_perl-devel"],
-                        "version_ranges": RangeSpecifier("<0:2.0.11-lp151.3.3"),
-                    },
+                {
+                'package_list': ['apache2-mod_perl-devel'],
+                'version_ranges': RangeSpecifier("<2.0.11-lp151.3.3")}
                 ],
                 "description": "\n        mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.\n        ",
                 "vuln_id": "CVE-2011-2767",
