Update postgresql importer and testing #969

johnmhoran · TG1999 · commit 4da46d3bc32a · 2022-11-21T20:58:50.000+05:30
Reference: #969 Signed-off-by: John M. Horan <johnmhoran@gmail.com>
diff --git a/vulnerabilities/importers/postgresql.py b/vulnerabilities/importers/postgresql.py
@@ -54,10 +54,15 @@ def updated_advisories(self):
 
 
 def to_advisories(data):
+    print("\n\n>> This is a test.")
+    print("\n=====")
     advisories = []
     soup = BeautifulSoup(data, features="lxml")
     table = soup.select("table")[0]
+    test_row_count = 0
     for row in table.select("tbody tr"):
+        test_row_count += 1
+        print("\ntest_row_count = {}".format(test_row_count))
         ref_col, affected_col, fixed_col, severity_score_col, desc_col = row.select("td")
         summary = desc_col.text
         pkg_qualifiers = {}
@@ -89,10 +94,15 @@ def to_advisories(data):
 
         # This will replace the affected_packages and fixed_packages lists above. ============
         affected_packages = []
+        # do I need to trim these?  e.g., affected_version_list = [x.strip() for x in affected_col.text.split(',')]
         affected_version_list = affected_col.text.split(",")
         fixed_version_list = fixed_col.text.split(",")
         package_count = len(affected_version_list)
 
+        print("\naffected_version_list = {}".format(affected_version_list))
+        print("\nfixed_version_list = {}".format(fixed_version_list))
+        print("\npackage_count = {}".format(package_count))
+
         while package_count > 0:
             summary = summary
 
@@ -105,7 +115,7 @@ def to_advisories(data):
 
             fixed = fixed_version_list[0]
             fixed_version_list.pop(0)
-            # Do we need "if affected else None"?
+            # Do we need "if fixed else None"?
             fixed_version = GenericVersion(fixed) if fixed else None
 
             package_count -= 1
@@ -115,18 +125,31 @@ def to_advisories(data):
                     name="postgresql",
                     type="generic",
                     namespace="postgresql",
+                    qualifiers=pkg_qualifiers,
                 ),
                 affected_version_range=affected_version_range,
                 fixed_version=fixed_version,
             )
             affected_packages.append(affected_package)
 
+            print("\naffected_package = {}".format(affected_package))
+            print("\n\taffected_package.package = {}".format(affected_package.package))
+            print(
+                "\n\taffected_package.affected_version_range = {}".format(
+                    affected_package.affected_version_range
+                )
+            )
+            print("\n\taffected_package.fixed_version = {}".format(affected_package.fixed_version))
+
+            print("\ninterim package_count = {}".format(package_count))
+
             # end of initial draft insert ===================================
 
         try:
             cve_id = ref_col.select("nobr")[0].text
             # This is for the anomaly in https://www.postgresql.org/support/security/8.1/ 's
             # last entry
+            # Note: in this example and others, final entry/entries have no CVE in the 1st column
         except IndexError:
             pass
 
@@ -163,6 +186,39 @@ def to_advisories(data):
             )
         )
 
+        print("\n------------------------------------")
+
+    print("\ntotal test_advisories (i.e., AdvisoryData objects) = {}".format(len(advisories)))
+    print("\nadvisories = {}".format(advisories))
+
+    test_advisory_count = 0
+    for test_advisory in advisories:
+        test_advisory_count += 1
+        print("\ntest_advisory #{} = {}".format(test_advisory_count, test_advisory))
+        print("\n\ttest_advisory.aliases = {}".format(test_advisory.aliases))
+        print("\n\ttest_advisory.summary = {}".format(test_advisory.summary))
+        print("\n\ttest_advisory.affected_packages = {}".format(test_advisory.affected_packages))
+        for test_affected_package in test_advisory.affected_packages:
+            print("\n\ttest_affected_package = {}".format(test_affected_package))
+            print("\n\t\ttest_affected_package.package = {}".format(test_affected_package.package))
+            print(
+                "\n\t\ttest_affected_package.affected_version_range = {}".format(
+                    test_affected_package.affected_version_range
+                )
+            )
+            print(
+                "\n\t\ttest_affected_package.fixed_version = {}".format(
+                    test_affected_package.fixed_version
+                )
+            )
+        print("\n\ttest_advisory.references = {}".format(test_advisory.references))
+        for test_reference in test_advisory.references:
+            print("\n\ttest_test_reference = {}".format(test_reference))
+
+    print("\n------------------------------------")
+
+    print("\n>> This is the end of the test.\n")
+
     return advisories
 
 
diff --git a/vulnerabilities/tests/test_postgresql.py b/vulnerabilities/tests/test_postgresql.py
@@ -24,6 +24,8 @@
 
 
 class TestPostgreSQLImporter(TestCase):
+    # This is the original test.  When it first failed I began correcting the obvious errors,
+    # but quickly concluded I needed to revise postgresql.py instead and left this as is.
     def test_to_advisories(self):
 
         with open(TEST_DATA) as f:
@@ -195,181 +197,13 @@ def test_to_advisories(self):
         expected_advisories = list(map(AdvisoryData, expected_advisories))
         assert sorted(found_advisories) == sorted(expected_advisories)
 
-    # 10/27/2022 Thursday 6:40:04 PM.  This is intended to be an updated test -- but I have barely started to work on it!
-    # Focusing instead on postgresql.py for now.
-    def test_to_advisories_updated(self):
+    # My new, skeletal test, designed only to run the to_advisories() print statements
+    # on the original advisories.html test input file.
+    def test_to_advisories_simple(self):
 
         with open(TEST_DATA) as f:
             raw_data = f.read()
 
-        expected_advisories = [
-            AdvisoryData(
-                summary="ALTER ... DEPENDS ON EXTENSION is missing authorization checks.more details",
-                # 10/26/2022 Wednesday 6:40:01 PM.  Throws error: TypeError: __init__() got an unexpected keyword argument 'vulnerability_id'
-                # vulnerability_id="CVE-2020-1720",
-                aliases=["CVE-2020-1720"],
-                affected_packages=[
-                    AffectedPackage(
-                        vulnerable_package=PackageURL(
-                            type="generic",
-                            name="postgresql",
-                            version="10",
-                        ),
-                        patched_package=PackageURL(
-                            type="generic",
-                            name="postgresql",
-                            version="10.12",
-                        ),
-                    ),
-                    AffectedPackage(
-                        vulnerable_package=PackageURL(
-                            type="generic",
-                            name="postgresql",
-                            version="11",
-                        ),
-                        patched_package=PackageURL(
-                            type="generic",
-                            name="postgresql",
-                            version="11.7",
-                        ),
-                    ),
-                    AffectedPackage(
-                        vulnerable_package=PackageURL(
-                            type="generic",
-                            name="postgresql",
-                            version="12",
-                        ),
-                        patched_package=PackageURL(
-                            type="generic",
-                            name="postgresql",
-                            version="12.2",
-                        ),
-                    ),
-                    AffectedPackage(
-                        vulnerable_package=PackageURL(
-                            type="generic",
-                            name="postgresql",
-                            version="9.6",
-                        ),
-                        patched_package=PackageURL(
-                            type="generic",
-                            name="postgresql",
-                            version="9.6.17",
-                        ),
-                    ),
-                ],
-                references=[
-                    Reference(
-                        reference_id="",
-                        url="https://www.postgresql.org/about/news/postgresql-122-117-1012-9617-9521-and-9426-released-2011/",
-                    ),
-                    Reference(
-                        reference_id="",
-                        url="https://www.postgresql.org/support/security/CVE-2020-1720/",
-                        severities=[
-                            VulnerabilitySeverity(
-                                system=severity_systems.CVSSV3,
-                                value="3.1",
-                            ),
-                            VulnerabilitySeverity(
-                                system=severity_systems.CVSSV3_VECTOR,
-                                value=["AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"],
-                            ),
-                        ],
-                    ),
-                ],
-            ),
-            AdvisoryData(
-                summary="Windows installer runs executables from uncontrolled directoriesmore details",
-                # 10/26/2022 Wednesday 6:40:01 PM.  Throws error: TypeError: __init__() got an unexpected keyword argument 'vulnerability_id'
-                # vulnerability_id="CVE-2020-10733",
-                aliases=["CVE-2020-10733"],
-                affected_packages=[
-                    AffectedPackage(
-                        vulnerable_package=PackageURL(
-                            type="generic",
-                            name="postgresql",
-                            version="10",
-                            qualifiers={"os": "windows"},
-                        ),
-                        patched_package=PackageURL(
-                            type="generic",
-                            name="postgresql",
-                            version="10.13",
-                            qualifiers={"os": "windows"},
-                        ),
-                    ),
-                    AffectedPackage(
-                        vulnerable_package=PackageURL(
-                            type="generic",
-                            name="postgresql",
-                            version="11",
-                            qualifiers={"os": "windows"},
-                        ),
-                        patched_package=PackageURL(
-                            type="generic",
-                            name="postgresql",
-                            version="11.8",
-                            qualifiers={"os": "windows"},
-                        ),
-                    ),
-                    AffectedPackage(
-                        vulnerable_package=PackageURL(
-                            type="generic",
-                            name="postgresql",
-                            version="12",
-                            qualifiers={"os": "windows"},
-                        ),
-                        patched_package=PackageURL(
-                            type="generic",
-                            name="postgresql",
-                            version="12.3",
-                            qualifiers={"os": "windows"},
-                        ),
-                    ),
-                    AffectedPackage(
-                        vulnerable_package=PackageURL(
-                            type="generic",
-                            name="postgresql",
-                            version="9.6",
-                            qualifiers={"os": "windows"},
-                        ),
-                        patched_package=PackageURL(
-                            type="generic",
-                            name="postgresql",
-                            version="9.6.18",
-                            qualifiers={"os": "windows"},
-                        ),
-                    ),
-                ],
-                references=[
-                    Reference(
-                        reference_id="",
-                        url="https://www.postgresql.org/about/news/postgresql-123-118-1013-9618-and-9522-released-2038/",
-                    ),
-                    Reference(
-                        reference_id="",
-                        url="https://www.postgresql.org/support/security/CVE-2020-10733/",
-                        severities=[
-                            VulnerabilitySeverity(
-                                system=severity_systems.CVSSV3,
-                                value="6.7",
-                            ),
-                            VulnerabilitySeverity(
-                                system=severity_systems.CVSSV3_VECTOR,
-                                value=["AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"],
-                            ),
-                        ],
-                    ),
-                ],
-            ),
-        ]
-
         found_advisories = to_advisories(raw_data)
 
-        # 10/26/2022 Wednesday 7:07:13 PM.  Throws error: AttributeError: type object 'AdvisoryData' has no attribute 'normalized'
-        # found_advisories = list(map(AdvisoryData.normalized, found_advisories))
-        # found_advisories = list(map(AdvisoryData, found_advisories))
-        # expected_advisories = list(map(AdvisoryData.normalized, expected_advisories))
-        # expected_advisories = list(map(AdvisoryData, expected_advisories))
-        assert sorted(found_advisories) == sorted(expected_advisories)
+        # do nothing more -- we're just trying to trigger print statements in to_advisories()
