Continue refactoring, add tests and clean up comments #970

Reference: #970

Signed-off-by: John M. Horan <[email protected]>

Author: johnmhoran

vulnerabilities/importers/apache_tomcat.py

@@ -29,9 +29,7 @@
 TEST_DATA = os.path.join(BASE_DIR, "test_data/apache_tomcat")
 
 
-# Temp test to flesh out `extract_advisories_from_page()` -- the method .
 def test_method_extract_advisories_from_page():
-    # with open(os.path.join(TEST_DATA, "apache_tomcat_cve-2020-9484.html")) as f:
     with open(os.path.join(TEST_DATA, "apache_tomcat-selected-advisories.html")) as f:
         raw_data = f.read()
     extracted_advisories = ApacheTomcatImporter().extract_advisories_from_page(raw_data)
@@ -304,13 +302,11 @@ def test_extract_advisories_from_page_with_multiple_groups():
 
 # This test is temporary -- just for running apache_tomcat.py using all HTML report pages.
 # Will replace with a REGEN-based test as with apache_httpd and postgresql.
-# Formely named `test_updated_advisories` before method was renamed `advisory_data()`
 def test_advisory_data():
     returned_advisories = ApacheTomcatImporter().advisory_data()
 
 
 def test_fetch_links():
-    # retrieved_links = ApacheTomcatImporter().fetch_advisory_links(security_updates_home)
     retrieved_links = ApacheTomcatImporter().fetch_advisory_links(
         "https://tomcat.apache.org/security"
     )
@@ -332,26 +328,25 @@ def test_fetch_links():
     ]
 
 
-# def test_to_version_ranges_test():
 def test_to_version_ranges():
     versions_data = [
         "1.0.0-2.0.0",
-        "3.2.2-3.2.3?",
+        "3.2.2-3.2.3",
         "3.3a-3.3.1",
         "9.0.0.M1 to 9.0.0.M9",
         "10.1.0-M1 to 10.1.0-M16",
     ]
     fixed_versions = ["3.0.0", "3.3.1a"]
 
-    expected_versions_data = "vers:maven/>=1.0.0|<=2.0.0|!=3.0.0|>=3.2.2|<=3.2.3?|>=3.3a|<=3.3.1|!=3.3.1a|>=9.0.0.M1|<=9.0.0.M9|>=10.1.0-M1|<=10.1.0-M16"
+    expected_versions_data = "vers:maven/>=1.0.0|<=2.0.0|!=3.0.0|>=3.2.2|<=3.2.3|>=3.3a|<=3.3.1|!=3.3.1a|>=9.0.0.M1|<=9.0.0.M9|>=10.1.0-M1|<=10.1.0-M16"
 
     expected_MavenVersionRange_versions_data = MavenVersionRange(
         constraints=(
             VersionConstraint(comparator=">=", version=MavenVersion(string="1.0.0")),
             VersionConstraint(comparator="<=", version=MavenVersion(string="2.0.0")),
             VersionConstraint(comparator="!=", version=MavenVersion(string="3.0.0")),
             VersionConstraint(comparator=">=", version=MavenVersion(string="3.2.2")),
-            VersionConstraint(comparator="<=", version=MavenVersion(string="3.2.3?")),
+            VersionConstraint(comparator="<=", version=MavenVersion(string="3.2.3")),
             VersionConstraint(comparator=">=", version=MavenVersion(string="3.3a")),
             VersionConstraint(comparator="<=", version=MavenVersion(string="3.3.1")),
             VersionConstraint(comparator="!=", version=MavenVersion(string="3.3.1a")),
@@ -362,16 +357,21 @@ def test_to_version_ranges():
         )
     )
 
-    # XXX: 2023-01-02 Monday 16:27:37.  Error: AttributeError: 'ApacheTomcatImporter' object has no attribute 'to_version_ranges'
-    # That's because I converted a method function to an independent function.
-    # converted_versions_data = ApacheTomcatImporter().to_version_ranges(
-    #     versions_data, fixed_versions
-    # )
-    # Try this instead.  It works!
     converted_versions_data = to_version_ranges(versions_data, fixed_versions)
 
-    # print("\nvers_test = {}\n".format(MavenVersionRange.from_string("vers:maven/>=1.0.0|<=2.0.0")))
-    # print("\nconverted_versions_data = {}\n".format(converted_versions_data))
-
     assert expected_MavenVersionRange_versions_data == converted_versions_data
     assert MavenVersionRange.from_string(expected_versions_data) == converted_versions_data
+
+
+# def test_to_version_ranges_invert():
+#     # Do we want to prevent or alert to this type of conflict?
+#     # And how do we test the desired behavior?
+#     # versions_data = ["3.0.0"]
+#     # fixed_versions = ["3.0.0", "3.3.1a"]
+
+#     versions_data = ["1.0.0-3.0.0"]
+#     fixed_versions = ["1.0.0-3.0.0", "3.3.1a"]
+
+#     converted_versions_data = to_version_ranges(versions_data, fixed_versions)
+
+#     print("\n\nconverted_versions_data = {}\n".format(converted_versions_data))

vulnerabilities/tests/test_apache_tomcat.py

@@ -155,12 +155,12 @@
 [' 8.5.0 to 8.5.6']
 [' 8.5.0 to 8.5.6']
 [' 8.5.0 to 8.5.6']
-[' 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36']
-[' 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36']
-[' 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36']
-[' 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36']
-[' 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36']
-[' 8.5.0 to 8.5.2, 8.0.0.RC1 to 8.0.35']
+[' 8.5.0 to 8.5.4', '8.0.0.RC1 to 8.0.36']
+[' 8.5.0 to 8.5.4', '8.0.0.RC1 to 8.0.36']
+[' 8.5.0 to 8.5.4', '8.0.0.RC1 to 8.0.36']
+[' 8.5.0 to 8.5.4', '8.0.0.RC1 to 8.0.36']
+[' 8.5.0 to 8.5.4', '8.0.0.RC1 to 8.0.36']
+[' 8.5.0 to 8.5.2', '8.0.0.RC1 to 8.0.35']
 [' 8.0.0.RC1 to 8.0.30']
 [' 8.0.0.RC1 to 8.0.30']
 [' 8.0.0.RC1 to 8.0.30']
@@ -350,7 +350,7 @@
 [' 5.5.0-5.5.28']
 [' 5.5.0-5.5.27']
 [' 5.5.0-5.5.27']
-[' 5.5.0-5.5.27 (Memory Realm), 5.5.0-5.5.5 (DataSource and JDBC\n       Realms)']
+[' 5.5.0-5.5.27 (Memory Realm)', '5.5.0-5.5.5 (DataSource and JDBC\n       Realms)']
 [' 5.5.0-5.5.27']
 [' 5.5.0-5.5.27']
 [' 5.5.0-5.5.26']
@@ -360,71 +360,71 @@
 [' 5.5.9-5.5.25']
 [' 5.5.0-5.5.25']
 [' 5.5.11-5.5.25']
-[' 5.0.0-5.0.30, 5.5.0-5.5.24']
-[' 5.0.0-5.0.30, 5.5.0-5.5.24']
-[' 5.0.0-5.0.30, 5.5.0-5.5.24']
-[' 5.0.0-5.0.30, 5.5.0-5.5.24']
+[' 5.0.0-5.0.30', '5.5.0-5.5.24']
+[' 5.0.0-5.0.30', '5.5.0-5.5.24']
+[' 5.0.0-5.0.30', '5.5.0-5.5.24']
+[' 5.0.0-5.0.30', '5.5.0-5.5.24']
 [' 5.5.0-5.5.24']
-[' 5.0.0-5.0.30, 5.5.0-5.5.23']
-[' 5.0.0-5.0.30, 5.5.0-5.5.22']
-[' 5.0.0-5.0.30, 5.5.0-5.5.21']
-[' 5.0.0-5.0.30, 5.5.0-5.5.20']
-[' 5.0.0-5.0.SVN, 5.5.0-5.5.20']
+[' 5.0.0-5.0.30', '5.5.0-5.5.23']
+[' 5.0.0-5.0.30', '5.5.0-5.5.22']
+[' 5.0.0-5.0.30', '5.5.0-5.5.21']
+[' 5.0.0-5.0.30', '5.5.0-5.5.20']
+[' 5.0.0-5.0.SVN', '5.5.0-5.5.20']
 [' 5.5.10-5.5.20 (5.0.x unknown)']
-[' 5.0.0-5.0.30, 5.5.0-5.5.17']
-[' 5.0.0-5.0.30, 5.5.0-5.5.16']
-[' 5.0.0-5.0.30, 5.5.0-5.5.15']
-[' 5.0.0-5.0.30, 5.5.0-5.5.12']
-[' 5.0.0-5.0.30, 5.5.0-5.5.12']
-[' 5.0.0-5.0.30, 5.5.0-5.5.6']
+[' 5.0.0-5.0.30', '5.5.0-5.5.17']
+[' 5.0.0-5.0.30', '5.5.0-5.5.16']
+[' 5.0.0-5.0.30', '5.5.0-5.5.15']
+[' 5.0.0-5.0.30', '5.5.0-5.5.12']
+[' 5.0.0-5.0.30', '5.5.0-5.5.12']
+[' 5.0.0-5.0.30', '5.5.0-5.5.6']
 [' 5.5.0 (5.0.x unknown)']
 [' 4.1.0-4.1.39']
 [' 4.1.0-4.1.39']
-[' 4.1.0-4.1.39 (Memory Realm), 4.1.0-4.1.31 (JDBC Realm),\n                4.1.17-4.1.31 (DataSource Realm)']
+[' 4.1.0-4.1.39 (Memory Realm)', '4.1.0-4.1.31 (JDBC Realm),\n                4.1.17-4.1.31 (DataSource Realm)']
 [' 4.1.0-4.1.39']
 [' 4.1.0-4.1.39']
 [' 4.1.0-4.1.37']
 [' 4.1.0-4.1.37']
 [' 4.1.0-4.1.37']
-[' 4.0.1-4.0.6, 4.1.0-4.1.36']
-[' 4.0.1-4.0.6, 4.1.0-4.1.36']
-[' 4.0.0-4.0.6, 4.1.0-4.1.36']
-[' 4.0.1-4.0.6, 4.1.0-4.1.36']
+[' 4.0.1-4.0.6', '4.1.0-4.1.36']
+[' 4.0.1-4.0.6', '4.1.0-4.1.36']
+[' 4.0.0-4.0.6', '4.1.0-4.1.36']
+[' 4.0.1-4.0.6', '4.1.0-4.1.36']
 [' 4.1.0-4.1.36']
-[' 4.0.0-4.0.6, 4.1.0-4.1.36']
+[' 4.0.0-4.0.6', '4.1.0-4.1.36']
 [' 4.1.0-4.1.36']
 [' 4.1.0-4.1.36']
-[' 4.0.0-4.0.6, 4.1.0-4.1.36']
-[' 4.0.0-4.0.6, 4.1.0-4.1.34']
-[' 4.0.0-4.0.6, 4.1.0-4.1.34']
-[' 4.0.0-4.0.6, 4.1.0-4.1.34']
+[' 4.0.0-4.0.6', '4.1.0-4.1.36']
+[' 4.0.0-4.0.6', '4.1.0-4.1.34']
+[' 4.0.0-4.0.6', '4.1.0-4.1.34']
+[' 4.0.0-4.0.6', '4.1.0-4.1.34']
 [' 4.1.32-4.1.34 (4.0.x unknown)']
 [' 4.1.0-4.1.31']
 [' 4.1.28-4.1.31']
-[' 4.0.0-4.0.6, 4.1.0-4.1.31']
-[' 4.0.0-4.0.6, 4.1.0-4.1.31']
-[' 4.0.0-4.0.6, 4.1.0-4.1.31']
-[' 4.0.0-4.0.6, 4.1.0-4.1.31']
+[' 4.0.0-4.0.6', '4.1.0-4.1.31']
+[' 4.0.0-4.0.6', '4.1.0-4.1.31']
+[' 4.0.0-4.0.6', '4.1.0-4.1.31']
+[' 4.0.0-4.0.6', '4.1.0-4.1.31']
 [' 4.1.0-4.1.28']
-[' 4.0.0-4.0.5, 4.1.0-4.1.12']
-[' 4.0.0-4.0.5, 4.1.0-4.1.12']
-[' 4.0.0-4.0.4, 4.1.0-4.1.11']
-[' 4.0.0-4.0.2?, 4.0.3, 4.0.4-4.0.6?, 4.1.0-4.1.2?']
+[' 4.0.0-4.0.5', '4.1.0-4.1.12']
+[' 4.0.0-4.0.5', '4.1.0-4.1.12']
+[' 4.0.0-4.0.4', '4.1.0-4.1.11']
+['4.0.0-4.0.2', '4.0.3', '4.0.4-4.0.6', '4.1.0-4.1.2']
 [' 4.0.0-4.0.6']
 [' 4.0.0-4.0.6']
 [' 4.0.0-4.0.1']
 [' 4.0.0-4.0.1']
 [' Pre-release builds of 4.0.0']
-[' 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1a']
-[' 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1']
-[' 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1']
-[' 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a']
+[' 3.0', '3.1-3.1.1', '3.2-3.2.4', '3.3a-3.3.1a']
+[' 3.0', '3.1-3.1.1', '3.2-3.2.4', '3.3a-3.3.1']
+[' 3.0', '3.1-3.1.1', '3.2-3.2.4', '3.3a-3.3.1']
+[' 3.0', '3.1-3.1.1', '3.2-3.2.4', '3.3a']
 [' 3.2.3-3.2.4']
-['3.1-3.1.1, 3.2-3.2.4']
-['3.1-3.1.1, 3.2-3.2.4']
-[' 3.2?, 3.2.1, 3.2.2-3.2.3?']
-[' 3.0, 3.1-3.1.1, 3.2-3.2.1']
-[' 3.0, 3.1-3.1.1, 3.2-3.2.1']
+['3.1-3.1.1', '3.2-3.2.4']
+['3.1-3.1.1', '3.2-3.2.4']
+[' 3.2?', '3.2.1', '3.2.2-3.2.3?']
+[' 3.0', '3.1-3.1.1', '3.2-3.2.1']
+[' 3.0', '3.1-3.1.1', '3.2-3.2.1']
 [' 3.1']
 [' 3.1']
 [' 3.0']