Update FireEye importer to avoid using the identifier as an alias

Signed-off-by: ziad hany <ziadhany2016@gmail.com>

Author: ziadhany

vulnerabilities/pipelines/v2_importers/fireeye_importer_v2.py

@@ -99,11 +99,12 @@ def parse_advisory_data(raw_data, file_path, base_path) -> AdvisoryData:
     summary = md_dict.get(database_id[1::]) or []
     description = md_dict.get("## Description") or []
     impact = md_dict.get("## Impact")
-    cve_ref = md_dict.get("## CVE Reference") or []
+    cve_ids = md_dict.get("## CVE Reference") or []
     references = md_dict.get("## References") or []
     cwe_data = md_dict.get("## Common Weakness Enumeration") or []
 
-    advisory_id = file_path.stem
+    advisory_id = database_id.strip()
+    aliases = dedupe([cve_id.strip() for cve_id in cve_ids])
     advisory_url = get_advisory_url(
         file=file_path,
         base_path=base_path,
@@ -112,7 +113,7 @@ def parse_advisory_data(raw_data, file_path, base_path) -> AdvisoryData:
 
     return AdvisoryData(
         advisory_id=advisory_id,
-        aliases=get_aliases(database_id, cve_ref),
+        aliases=aliases,
         summary=build_description(" ".join(summary), " ".join(description)),
         references_v2=get_references(references),
         severities=get_severities(impact),
@@ -152,17 +153,6 @@ def matcher_url(ref) -> str:
         return ref
 
 
-def get_aliases(database_id, cve_ref) -> List:
-    """
-    Returns a List of Aliases from a database_id and a list of CVEs
-    >>> get_aliases("MNDT-2021-0012", ["CVE-2021-44207"])
-    ['CVE-2021-44207', 'MNDT-2021-0012']
-    """
-    cleaned_db_id = database_id.strip()
-    cve_ref.append(cleaned_db_id)
-    return dedupe(cve_ref)
-
-
 def md_list_to_dict(md_list):
     """
     Returns a dictionary of md_list from a list of a md file splited by \n

vulnerabilities/tests/test_data/fireeye_v2/fireeye_test1-expected.json

@@ -1,9 +1,8 @@
 [
   {
-    "advisory_id": "fireeye_test1",
+    "advisory_id": "FEYE-2019-0002",
     "aliases": [
-      "CVE-2019-7245 ",
-      "FEYE-2019-0002"
+      "CVE-2019-7245"
     ],
     "summary": "GPU-Z.sys, part of the GPU-Z package from TechPowerUp, exposes the wrmsr instruction to user-mode callers without properly validating the target Model Specific Register (MSR). This can result in arbitrary unsigned code being executed in Ring 0.",
     "affected_packages": [],

vulnerabilities/tests/test_data/fireeye_v2/fireeye_test2-expected.json

@@ -1,9 +1,8 @@
 [
   {
-    "advisory_id": "fireeye_test2",
+    "advisory_id": "FEYE-2020-0020",
     "aliases": [
-      "CVE-2020-12878",
-      "FEYE-2020-0020"
+      "CVE-2020-12878"
     ],
     "summary": "Digi International's ConnectPort X2e is susceptible to a local privilege escalation vulnerable to the privileged user `root`.",
     "affected_packages": [],

vulnerabilities/tests/test_data/fireeye_v2/fireeye_test3-expected.json

@@ -1,9 +1,7 @@
 [
   {
-    "advisory_id": "fireeye_test3",
-    "aliases": [
-      "MNDT-2025-0009"
-    ],
+    "advisory_id": "MNDT-2025-0009",
+    "aliases": [],
     "summary": "Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.",
     "affected_packages": [],
     "references_v2": [