Skip to content

Commit 0b38465

Browse files
TG1999TG1999
authored
Merge branch 'main' into dependabot/pip/certifi-2022.12.7
2 parents ae49005 + 26d45ed commit 0b38465

File tree

111 files changed

+25633
-2189
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

111 files changed

+25633
-2189
lines changed

CHANGELOG.rst

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,24 @@ Release notes
22
=============
33

44

5-
Next release
6-
----------------
5+
Version v32.0.0rc2
6+
--------------------
7+
8+
- We added migration for adding apache tomcat option in severity scoring.
9+
10+
11+
Version v32.0.0rc1
12+
--------------------
713

814
- We re-enabled support for the mozilla vulnerabilities advisories importer.
915
- We re-enabled support for the gentoo vulnerabilities advisories importer.
1016
- We re-enabled support for the istio vulnerabilities advisories importer.
17+
- We re-enabled support for the kbmsr2019 vulnerabilities advisories importer.
18+
- We re-enabled support for the suse score advisories importer.
19+
- We re-enabled support for the elixir security advisories importer.
20+
- We re-enabled support for the apache tomcat security advisories importer.
21+
- We added support for CWE.
22+
- We added migrations to remove corrupted advisories https://github.com/nexB/vulnerablecode/issues/1086.
1123

1224

1325
Version v31.1.1

requirements.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -115,7 +115,7 @@ yarl==1.7.2
115115
zipp==3.8.0
116116
dateparser==1.1.1
117117
fetchcode==0.2.0
118-
118+
cwe2==2.0.0
119119
drf-spectacular-sidecar==2022.10.1
120120
drf-spectacular==0.24.2
121121
coreapi==2.3.3

setup.cfg

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[metadata]
22
name = vulnerablecode
3-
version = 31.1.1
3+
version = 32.0.0rc2
44
license = Apache-2.0 AND CC-BY-SA-4.0
55

66
# description must be on ONE line https://github.com/pypa/setuptools/issues/1390
@@ -84,6 +84,7 @@ install_requires =
8484
Markdown>=3.3.0
8585
dateparser>=1.1.1
8686
cvss>=2.4
87+
cwe2>=2.0.0
8788

8889
# networking
8990
GitPython>=3.1.17

vulnerabilities/import_runner.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,7 @@ def process_advisories(advisory_datas: Iterable[AdvisoryData], importer_name: st
6161
affected_packages=[pkg.to_dict() for pkg in data.affected_packages],
6262
references=[ref.to_dict() for ref in data.references],
6363
date_published=data.date_published,
64+
weaknesses=data.weaknesses,
6465
defaults={
6566
"created_by": importer_name,
6667
"date_collected": datetime.datetime.now(tz=datetime.timezone.utc),

vulnerabilities/importer.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -246,6 +246,7 @@ class AdvisoryData:
246246
affected_packages: List[AffectedPackage] = dataclasses.field(default_factory=list)
247247
references: List[Reference] = dataclasses.field(default_factory=list)
248248
date_published: Optional[datetime.datetime] = None
249+
weaknesses: List[int] = dataclasses.field(default_factory=list)
249250

250251
def __post_init__(self):
251252
if self.date_published and not self.date_published.tzinfo:
@@ -258,6 +259,7 @@ def to_dict(self):
258259
"affected_packages": [pkg.to_dict() for pkg in self.affected_packages],
259260
"references": [ref.to_dict() for ref in self.references],
260261
"date_published": self.date_published.isoformat() if self.date_published else None,
262+
"weaknesses": self.weaknesses,
261263
}
262264

263265
@classmethod
@@ -273,6 +275,7 @@ def from_dict(cls, advisory_data):
273275
"date_published": datetime.datetime.fromisoformat(date_published)
274276
if date_published
275277
else None,
278+
"weaknesses": advisory_data["weaknesses"],
276279
}
277280
return cls(**transformed)
278281

vulnerabilities/importers/__init__.py

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,11 @@
99

1010
from vulnerabilities.importers import alpine_linux
1111
from vulnerabilities.importers import apache_httpd
12+
from vulnerabilities.importers import apache_tomcat
1213
from vulnerabilities.importers import archlinux
1314
from vulnerabilities.importers import debian
1415
from vulnerabilities.importers import debian_oval
16+
from vulnerabilities.importers import elixir_security
1517
from vulnerabilities.importers import gentoo
1618
from vulnerabilities.importers import github
1719
from vulnerabilities.importers import gitlab
@@ -22,11 +24,15 @@
2224
from vulnerabilities.importers import nvd
2325
from vulnerabilities.importers import openssl
2426
from vulnerabilities.importers import postgresql
27+
from vulnerabilities.importers import project_kb_msr2019
2528
from vulnerabilities.importers import pypa
2629
from vulnerabilities.importers import pysec
2730
from vulnerabilities.importers import redhat
2831
from vulnerabilities.importers import retiredotnet
32+
from vulnerabilities.importers import suse_scores
2933
from vulnerabilities.importers import ubuntu
34+
from vulnerabilities.importers import ubuntu_usn
35+
from vulnerabilities.importers import xen
3036

3137
IMPORTERS_REGISTRY = [
3238
nginx.NginxImporter,
@@ -49,6 +55,12 @@
4955
mozilla.MozillaImporter,
5056
gentoo.GentooImporter,
5157
istio.IstioImporter,
58+
project_kb_msr2019.ProjectKBMSRImporter,
59+
suse_scores.SUSESeverityScoreImporter,
60+
elixir_security.ElixirSecurityImporter,
61+
apache_tomcat.ApacheTomcatImporter,
62+
xen.XenImporter,
63+
ubuntu_usn.UbuntuUSNImporter,
5264
]
5365

5466
IMPORTERS_REGISTRY = {x.qualified_name: x for x in IMPORTERS_REGISTRY}

0 commit comments

Comments
 (0)