Add failing test for postgres importer

TG1999 · TG1999 · commit 0aface03ee45 · 2022-11-21T20:59:29.000+05:30
Signed-off-by: Tushar Goel &lt;tushar.goel.dav@gmail.com&gt;
diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
@@ -328,15 +328,15 @@ def get_or_create_from_purl(self, purl: PackageURL):
         # when there are 2 packages one with qualifiers and one without
         # qualifiers, having all other fields same, this raises MultipleObjectsReturned
         # so we are filling out the fields with empty value to avoid this
-        for field in PackageURL._fields:
-            # name, type, and version are required fields
-            if field not in purl_fields:
-                if field == "namespace":
-                    purl_fields[field] = ""
-                if field == "qualifiers":
-                    purl_fields[field] = {}
-                if field == "subpath":
-                    purl_fields[field] = ""
+        # for field in PackageURL._fields:
+        #     # name, type, and version are required fields
+        #     if field not in purl_fields:
+        #         if field == "namespace":
+        #             purl_fields[field] = ""
+        #         if field == "qualifiers":
+        #             purl_fields[field] = {}
+        #         if field == "subpath":
+        #             purl_fields[field] = ""
 
         package, _ = Package.objects.get_or_create(**purl_fields)
         return package
diff --git a/vulnerabilities/tests/test_data/postgresql/improver-data.json b/vulnerabilities/tests/test_data/postgresql/improver-data.json
@@ -0,0 +1,72 @@
+[
+    {
+        "aliases": [
+          "CVE-2020-10733"
+        ],
+        "summary": "Windows installer runs executables from uncontrolled directoriesmore details",
+        "affected_packages": [
+        {
+            "package": {
+                "type": "generic",
+                "namespace": null,
+                "name": "postgresql",
+                "version": null,
+                "qualifiers": {},
+                "subpath": null
+            },
+            "affected_version_range": "vers:generic/9.6.0|10.0.0|11.0.0|12.0.0",
+            "fixed_version": "12.3"
+            },
+        {
+            "package": {
+              "type": "generic",
+              "namespace": null,
+              "name": "postgresql",
+              "version": null,
+              "qualifiers": {
+                  "os": "windows"
+                },
+                "subpath": null
+            },
+            "affected_version_range": "vers:generic/9.6.0|10.0.0|11.0.0|12.0.0",
+            "fixed_version": "12.3"
+        },
+        {
+          "package": {
+            "type": "generic",
+            "namespace": null,
+            "name": "postgresql",
+            "version": null,
+            "qualifiers": {},
+            "subpath": null
+          },
+          "affected_version_range": "vers:generic/9.6.0|10.0.0|11.0.0|12.0.0",
+          "fixed_version": "12.3"
+        }
+        ],
+        "references": [
+          {
+            "reference_id": "",
+            "url": "https://www.postgresql.org/support/security/CVE-2020-10733/",
+            "severities": [
+              {
+                "system": "cvssv3",
+                "value": "6.7"
+              },
+              {
+                "system": "cvssv3_vector",
+                "value": [
+                  "AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"
+                ]
+              }
+            ]
+          },
+          {
+            "reference_id": "",
+            "url": "https://www.postgresql.org/about/news/postgresql-123-118-1013-9618-and-9522-released-2038/",
+            "severities": []
+          }
+        ],
+        "date_published": null
+      }
+]
diff --git a/vulnerabilities/tests/test_postgresql.py b/vulnerabilities/tests/test_postgresql.py
@@ -7,16 +7,21 @@
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
+import json
 import os
-from unittest import TestCase
 
+from django.test import TestCase
 from packageurl import PackageURL
 
 from vulnerabilities import severity_systems
+from vulnerabilities.import_runner import process_advisories
 from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importer import Reference
 from vulnerabilities.importer import VulnerabilitySeverity
 from vulnerabilities.importers.postgresql import to_advisories
+from vulnerabilities.improve_runner import ImproveRunner
+from vulnerabilities.improve_runner import process_inferences
+from vulnerabilities.improvers.default import DefaultImprover
 from vulnerabilities.tests import util_tests
 from vulnerabilities.utils import AffectedPackage
 
@@ -35,3 +40,10 @@ def test_to_advisories(self):
         result = [data.to_dict() for data in advisories]
         expected_file = os.path.join(TEST_DATA, f"parse-advisory-postgresql-expected.json")
         util_tests.check_results_against_json(result, expected_file)
+
+    def test_run_default_improver(self):
+        with open(os.path.join(TEST_DATA, "improver-data.json")) as f:
+            raw_data = json.load(f)
+        advisories = [AdvisoryData.from_dict(data) for data in raw_data]
+        process_advisories(advisories, "postgresql")
+        ImproveRunner(DefaultImprover).run()
