Migrate EPSS importer for advisory V2

ziadhany · ziadhany · commit 8f3dfe33c78e · 2025-12-19T12:57:42.000+02:00
Signed-off-by: ziad hany &lt;ziadhany2016@gmail.com&gt;
diff --git a/vulnerabilities/importers/__init__.py b/vulnerabilities/importers/__init__.py
@@ -15,7 +15,6 @@
 from vulnerabilities.importers import debian
 from vulnerabilities.importers import debian_oval
 from vulnerabilities.importers import elixir_security
-from vulnerabilities.importers import epss
 from vulnerabilities.importers import fireeye
 from vulnerabilities.importers import gentoo
 from vulnerabilities.importers import github_osv
@@ -41,7 +40,7 @@
 from vulnerabilities.pipelines import nvd_importer
 from vulnerabilities.pipelines import pypa_importer
 from vulnerabilities.pipelines import pysec_importer
-from vulnerabilities.pipelines.v2_importers import aosp_importer as aosp_importer_v2
+from vulnerabilities.pipelines.v2_importers import aosp_importer as aosp_importer_v2, epss_importer_v2
 from vulnerabilities.pipelines.v2_importers import apache_httpd_importer as apache_httpd_v2
 from vulnerabilities.pipelines.v2_importers import archlinux_importer as archlinux_importer_v2
 from vulnerabilities.pipelines.v2_importers import curl_importer as curl_importer_v2
@@ -83,6 +82,7 @@
         github_osv_importer_v2.GithubOSVImporterPipeline,
         redhat_importer_v2.RedHatImporterPipeline,
         aosp_importer_v2.AospImporterPipeline,
+        epss_importer_v2.EPSSImporterPipeline,
         nvd_importer.NVDImporterPipeline,
         github_importer.GitHubAPIImporterPipeline,
         gitlab_importer.GitLabImporterPipeline,
@@ -95,7 +95,6 @@
         postgresql.PostgreSQLImporter,
         debian.DebianImporter,
         curl.CurlImporter,
-        epss.EPSSImporter,
         vulnrichment.VulnrichImporter,
         alpine_linux_importer.AlpineLinuxImporterPipeline,
         ruby.RubyImporter,
diff --git a/vulnerabilities/pipelines/v2_importers/epss_importer_v2.py b/vulnerabilities/pipelines/v2_importers/epss_importer_v2.py
@@ -15,21 +15,31 @@
 
 from vulnerabilities import severity_systems
 from vulnerabilities.importer import AdvisoryData
-from vulnerabilities.importer import Importer
-from vulnerabilities.importer import Reference
+from vulnerabilities.importer import ReferenceV2
 from vulnerabilities.importer import VulnerabilitySeverity
+from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2
 
 logger = logging.getLogger(__name__)
 
 
-class EPSSImporter(Importer):
+class EPSSImporterPipeline(VulnerableCodeBaseImporterPipelineV2):
     """Exploit Prediction Scoring System (EPSS) Importer"""
 
     advisory_url = "https://epss.cyentia.com/epss_scores-current.csv.gz"
+    pipeline_id = "epss_importer_v2"
     spdx_license_expression = "unknown"
     importer_name = "EPSS Importer"
 
-    def advisory_data(self) -> Iterable[AdvisoryData]:
+    def advisories_count(self):
+        return 1 # FIXME
+
+    @classmethod
+    def steps(cls):
+        return (
+            cls.collect_and_store_advisories,
+        )
+
+    def collect_advisories(self) -> Iterable[AdvisoryData]:
         response = urllib.request.urlopen(self.advisory_url)
         with gzip.open(response, "rb") as f:
             lines = [l.decode("utf-8") for l in f.readlines()]
@@ -55,13 +65,13 @@ def advisory_data(self) -> Iterable[AdvisoryData]:
                 published_at=published_at,
             )
 
-            references = Reference(
+            references = ReferenceV2(
                 url=f"https://api.first.org/data/v1/epss?cve={cve}",
-                severities=[severity],
             )
 
             yield AdvisoryData(
-                aliases=[cve],
-                references=[references],
+                advisory_id=cve,
+                severities=[severity],
+                references_v2=[references],
                 url=self.advisory_url,
             )
