Use explicit list of datasources

pombredanne · pombredanne · commit 1cb8ead27026 · 2022-11-19T09:34:44.000+01:00
This is better, safer and simpler than a discovered list

Signed-off-by: Philippe Ombredanne &lt;pombredanne@nexb.com&gt;
diff --git a/vulntotal/datasources/__init__.py b/vulntotal/datasources/__init__.py
@@ -1,25 +1,11 @@
 #
 # Copyright (c) nexB Inc. and others. All rights reserved.
-# http://nexb.com and https://github.com/nexB/vulnerablecode/
-# The VulnTotal software is licensed under the Apache License version 2.0.
-# Data generated with VulnTotal require an acknowledgment.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
 #
-# You may not use this software except in compliance with the License.
-# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-#
-# When you publish or redistribute any data created with VulnTotal or any VulnTotal
-# derivative work, you must accompany this data with the following acknowledgment:
-#
-#  Generated with VulnTotal and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
-#  OR CONDITIONS OF ANY KIND, either express or implied. No content created from
-#  VulnTotal should be considered or used as legal advice. Consult an Attorney
-#  for any legal advice.
-#  VulnTotal is a free software tool from nexB Inc. and others.
-#  Visit https://github.com/nexB/vulnerablecode/ for support and download.
 
 import glob
 import importlib
@@ -29,19 +15,21 @@
 from os.path import isfile
 from os.path import join
 
+from vulntotal.datasources import deps
+from vulntotal.datasources import github
+from vulntotal.datasources import gitlab
+from vulntotal.datasources import oss_index
+from vulntotal.datasources import osv
+from vulntotal.datasources import snyk
+from vulntotal.datasources import vulnerablecode
 from vulntotal.validator import DataSource
 
-DATASOURCE_REGISTRY = {}
-files = glob.glob(join(dirname(__file__), "*.py"))
-modules = [
-    f"vulntotal.datasources.{basename(f)[:-3]}"
-    for f in files
-    if isfile(f) and not f.endswith("__init__.py")
-]
-
-
-for module in modules:
-    for name, cls in inspect.getmembers(importlib.import_module(module), inspect.isclass):
-        if cls.__module__ == module and cls.__base__ == DataSource:
-            DATASOURCE_REGISTRY[cls.__module__.split(".")[-1]] = cls
-            break
+DATASOURCE_REGISTRY = {
+    "deps": deps.DepsDataSource,
+    "github": github.GithubDataSource,
+    "gitlab": gitlab.GitlabDataSource,
+    "oss_index": oss_index.OSSDataSource,
+    "osv": osv.OSVDataSource,
+    "snyk": snyk.SnykDataSource,
+    "vulnerablecode": vulnerablecode.VulnerableCodeDataSource,
+}
