Migrate Ruby importer to advisory V2

[ziadhany]

Issue:

• VCIO-API-V2: Migrate Ruby importer to advisory V2 #2031

[ziadhany]

RubyImporterPipeline Logs:

ruby_importer_v2.zip

from vulnerabilities.models import AdvisoryV2
from django.db.models import Count
duplicates = (
    AdvisoryV2.objects
    .values('avid')
    .annotate(count=Count('id'))
    .filter(count__gt=1)
)
len(duplicates)
Out[5]: 48
AdvisoryV2.objects.count()
Out[6]: 1091

I think CVE id shouldn't be considered as a avid for ruby importer
https://github.com/search?q=repo%3Arubysec%2Fruby-advisory-db%20CVE-2018-7212&type=code

[ziadhany]

@TG1999 can we have some thing like this for advisory_id

ruby_importer_v2/sinatra/CVE-2018-7212
ruby_importer_v2/rack-protection/CVE-2018-7212

[TG1999]

@TG1999 can we have some thing like this for advisory_id

ruby_importer_v2/sinatra/CVE-2018-7212
ruby_importer_v2/rack-protection/CVE-2018-7212

@ziadhany if that's the way we can keep AVIDs unique then yes!

Also what's the URL for these advisories?

[TG1999]

@ziadhany gems/RedCloth/CVE-2023-31606 for this kind of advisory https://github.com/rubysec/ruby-advisory-db/blob/master/gems/RedCloth/CVE-2023-31606.yml. This should be our natural identifier

https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/jruby/CVE-2010-1330.yml for this rubies/jruby/CVE-2010-1330

[ziadhany]

I have updated the advisory ID to be some thing like this:

• rubies/ruby/CVE-2017-0898
• gems/cocaine/CVE-2013-4457

this is the RubyImporterPipeline Logs:
ruby_v2.zip

from vulnerabilities.models import AdvisoryV2
from django.db.models import Count
duplicates = (
    AdvisoryV2.objects
    .values('avid')
    .annotate(count=Count('id'))
    .filter(count__gt=1)
)
len(duplicates)
Out[5]: 0
AdvisoryV2.objects.count()
Out[6]: 1091

[TG1999]

LGTM!