Use standard header and streamline imports

Signed-off-by: Philippe Ombredanne <[email protected]>

Author: pombredanne

vulntotal/datasources/deps.py

@@ -1,33 +1,17 @@
 #
 # Copyright (c) nexB Inc. and others. All rights reserved.
-# http://nexb.com and https://github.com/nexB/vulnerablecode/
-# The VulnTotal software is licensed under the Apache License version 2.0.
-# Data generated with VulnTotal require an acknowledgment.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
 #
-# You may not use this software except in compliance with the License.
-# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-#
-# When you publish or redistribute any data created with VulnTotal or any VulnTotal
-# derivative work, you must accompany this data with the following acknowledgment:
-#
-#  Generated with VulnTotal and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
-#  OR CONDITIONS OF ANY KIND, either express or implied. No content created from
-#  VulnTotal should be considered or used as legal advice. Consult an Attorney
-#  for any legal advice.
-#  VulnTotal is a free software tool from nexB Inc. and others.
-#  Visit https://github.com/nexB/vulnerablecode/ for support and download.
-
-import json
+
 import logging
 from typing import Iterable
 from urllib.parse import quote
 
 import requests
-from packageurl import PackageURL
 
 from vulntotal.validator import DataSource
 from vulntotal.validator import VendorData

vulntotal/datasources/github.py

@@ -1,32 +1,15 @@
 #
 # Copyright (c) nexB Inc. and others. All rights reserved.
-# http://nexb.com and https://github.com/nexB/vulnerablecode/
-# The VulnTotal software is licensed under the Apache License version 2.0.
-# Data generated with VulnTotal require an acknowledgment.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
 #
-# You may not use this software except in compliance with the License.
-# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-#
-# When you publish or redistribute any data created with VulnTotal or any VulnTotal
-# derivative work, you must accompany this data with the following acknowledgment:
-#
-#  Generated with VulnTotal and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
-#  OR CONDITIONS OF ANY KIND, either express or implied. No content created from
-#  VulnTotal should be considered or used as legal advice. Consult an Attorney
-#  for any legal advice.
-#  VulnTotal is a free software tool from nexB Inc. and others.
-#  Visit https://github.com/nexB/vulnerablecode/ for support and download.
-
 
 import logging
 from typing import Iterable
 
-from packageurl import PackageURL
-
 from vulnerabilities import utils
 from vulntotal.validator import DataSource
 from vulntotal.validator import VendorData

vulntotal/datasources/gitlab.py

@@ -1,28 +1,12 @@
 #
 # Copyright (c) nexB Inc. and others. All rights reserved.
-# http://nexb.com and https://github.com/nexB/vulnerablecode/
-# The VulnTotal software is licensed under the Apache License version 2.0.
-# Data generated with VulnTotal require an acknowledgment.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
 #
-# You may not use this software except in compliance with the License.
-# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-#
-# When you publish or redistribute any data created with VulnTotal or any VulnTotal
-# derivative work, you must accompany this data with the following acknowledgment:
-#
-#  Generated with VulnTotal and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
-#  OR CONDITIONS OF ANY KIND, either express or implied. No content created from
-#  VulnTotal should be considered or used as legal advice. Consult an Attorney
-#  for any legal advice.
-#  VulnTotal is a free software tool from nexB Inc. and others.
-#  Visit https://github.com/nexB/vulnerablecode/ for support and download.
 
-
-import json
 import logging
 import os
 import shutil
@@ -33,7 +17,6 @@
 import requests
 import saneyaml
 from fetchcode import fetch
-from packageurl import PackageURL
 
 from vulntotal.validator import DataSource
 from vulntotal.validator import VendorData
@@ -55,7 +38,9 @@ def datasource_advisory(self, purl) -> Iterable[VendorData]:
             casesensitive_package_slug = get_casesensitive_slug(path, package_slug)
             location = download_subtree(casesensitive_package_slug)
         if location:
-            interesting_advisories = parse_interesting_advisories(location, purl.version, delete_download=True)
+            interesting_advisories = parse_interesting_advisories(
+                location, purl.version, delete_download=True
+            )
             return interesting_advisories
         clear_download(location)
 

vulntotal/datasources/oss_index.py

@@ -1,27 +1,12 @@
 #
 # Copyright (c) nexB Inc. and others. All rights reserved.
-# http://nexb.com and https://github.com/nexB/vulnerablecode/
-# The VulnTotal software is licensed under the Apache License version 2.0.
-# Data generated with VulnTotal require an acknowledgment.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
 #
-# You may not use this software except in compliance with the License.
-# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-#
-# When you publish or redistribute any data created with VulnTotal or any VulnTotal
-# derivative work, you must accompany this data with the following acknowledgment:
-#
-#  Generated with VulnTotal and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
-#  OR CONDITIONS OF ANY KIND, either express or implied. No content created from
-#  VulnTotal should be considered or used as legal advice. Consult an Attorney
-#  for any legal advice.
-#  VulnTotal is a free software tool from nexB Inc. and others.
-#  Visit https://github.com/nexB/vulnerablecode/ for support and download.
 
-import json
 import logging
 import os
 from typing import Iterable

vulntotal/datasources/osv.py

@@ -11,7 +11,6 @@
 from typing import Iterable
 
 import requests
-from packageurl import PackageURL
 
 from vulntotal.ecosystem.nuget import get_closest_nuget_package_name
 from vulntotal.validator import DataSource
@@ -27,7 +26,7 @@ class OSVDataSource(DataSource):
     url = "https://api.osv.dev/v1/query"
 
     def fetch_advisory(self, payload):
-        """Fetch JSON advisory from OSV API for a given package payload """
+        """Fetch JSON advisory from OSV API for a given package payload"""
 
         response = requests.post(self.url, data=str(payload))
         if not response.status_code == 200:

vulntotal/datasources/snyk.py

@@ -1,34 +1,18 @@
 #
 # Copyright (c) nexB Inc. and others. All rights reserved.
-# http://nexb.com and https://github.com/nexB/vulnerablecode/
-# The VulnTotal software is licensed under the Apache License version 2.0.
-# Data generated with VulnTotal require an acknowledgment.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
 #
-# You may not use this software except in compliance with the License.
-# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-#
-# When you publish or redistribute any data created with VulnTotal or any VulnTotal
-# derivative work, you must accompany this data with the following acknowledgment:
-#
-#  Generated with VulnTotal and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
-#  OR CONDITIONS OF ANY KIND, either express or implied. No content created from
-#  VulnTotal should be considered or used as legal advice. Consult an Attorney
-#  for any legal advice.
-#  VulnTotal is a free software tool from nexB Inc. and others.
-#  Visit https://github.com/nexB/vulnerablecode/ for support and download.
-
-import json
+
 import logging
 from typing import Iterable
 from urllib.parse import quote
 
 import requests
 from bs4 import BeautifulSoup
-from packageurl import PackageURL
 
 from vulntotal.validator import DataSource
 from vulntotal.validator import VendorData

vulntotal/datasources/vulnerablecode.py

@@ -1,27 +1,12 @@
 #
 # Copyright (c) nexB Inc. and others. All rights reserved.
-# http://nexb.com and https://github.com/nexB/vulnerablecode/
-# The VulnTotal software is licensed under the Apache License version 2.0.
-# Data generated with VulnTotal require an acknowledgment.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
 #
-# You may not use this software except in compliance with the License.
-# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-#
-# When you publish or redistribute any data created with VulnTotal or any VulnTotal
-# derivative work, you must accompany this data with the following acknowledgment:
-#
-#  Generated with VulnTotal and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
-#  OR CONDITIONS OF ANY KIND, either express or implied. No content created from
-#  VulnTotal should be considered or used as legal advice. Consult an Attorney
-#  for any legal advice.
-#  VulnTotal is a free software tool from nexB Inc. and others.
-#  Visit https://github.com/nexB/vulnerablecode/ for support and download.
 
-import json
 import logging
 from typing import Iterable
 from urllib.parse import urljoin

vulntotal/tests/test_deps.py

@@ -1,25 +1,11 @@
 #
 # Copyright (c) nexB Inc. and others. All rights reserved.
-# http://nexb.com and https://github.com/nexB/vulnerablecode/
-# The VulnTotal software is licensed under the Apache License version 2.0.
-# Data generated with VulnTotal require an acknowledgment.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
 #
-# You may not use this software except in compliance with the License.
-# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-#
-# When you publish or redistribute any data created with VulnTotal or any VulnTotal
-# derivative work, you must accompany this data with the following acknowledgment:
-#
-#  Generated with VulnTotal and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
-#  OR CONDITIONS OF ANY KIND, either express or implied. No content created from
-#  VulnTotal should be considered or used as legal advice. Consult an Attorney
-#  for any legal advice.
-#  VulnTotal is a free software tool from nexB Inc. and others.
-#  Visit https://github.com/nexB/vulnerablecode/ for support and download.
 
 import json
 from pathlib import Path

vulntotal/tests/test_github.py

@@ -1,25 +1,11 @@
 #
 # Copyright (c) nexB Inc. and others. All rights reserved.
-# http://nexb.com and https://github.com/nexB/vulnerablecode/
-# The VulnTotal software is licensed under the Apache License version 2.0.
-# Data generated with VulnTotal require an acknowledgment.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
 #
-# You may not use this software except in compliance with the License.
-# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-#
-# When you publish or redistribute any data created with VulnTotal or any VulnTotal
-# derivative work, you must accompany this data with the following acknowledgment:
-#
-#  Generated with VulnTotal and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
-#  OR CONDITIONS OF ANY KIND, either express or implied. No content created from
-#  VulnTotal should be considered or used as legal advice. Consult an Attorney
-#  for any legal advice.
-#  VulnTotal is a free software tool from nexB Inc. and others.
-#  Visit https://github.com/nexB/vulnerablecode/ for support and download.
 
 import json
 from pathlib import Path

vulntotal/tests/test_gitlab.py

@@ -1,27 +1,12 @@
 #
 # Copyright (c) nexB Inc. and others. All rights reserved.
-# http://nexb.com and https://github.com/nexB/vulnerablecode/
-# The VulnTotal software is licensed under the Apache License version 2.0.
-# Data generated with VulnTotal require an acknowledgment.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
 #
-# You may not use this software except in compliance with the License.
-# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-#
-# When you publish or redistribute any data created with VulnTotal or any VulnTotal
-# derivative work, you must accompany this data with the following acknowledgment:
-#
-#  Generated with VulnTotal and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
-#  OR CONDITIONS OF ANY KIND, either express or implied. No content created from
-#  VulnTotal should be considered or used as legal advice. Consult an Attorney
-#  for any legal advice.
-#  VulnTotal is a free software tool from nexB Inc. and others.
-#  Visit https://github.com/nexB/vulnerablecode/ for support and download.
 
-import json
 from pathlib import Path
 
 from commoncode import testcase