Fix import runner's process_inferences (#1360)

Signed-off-by: Tushar Goel <[email protected]>

Author: TG1999

vulnerabilities/import_runner.py

@@ -149,7 +149,7 @@ def process_inferences(inferences: List[Inference], advisory: Advisory, improver
     for inference in inferences:
         vulnerability = get_or_create_vulnerability_and_aliases(
             vulnerability_id=inference.vulnerability_id,
-            alias_names=inference.aliases,
+            aliases=inference.aliases,
             summary=inference.summary,
         )
 

vulnerabilities/tests/test_import_runner.py

@@ -7,19 +7,22 @@
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
-from datetime import datetime
-from datetime import timezone
-
 import pytest
+from django.utils import timezone
 from univers.version_range import VersionRange
 
 from vulnerabilities import models
 from vulnerabilities.import_runner import ImportRunner
+from vulnerabilities.import_runner import process_inferences
 from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importer import AffectedPackage
 from vulnerabilities.importer import Importer
 from vulnerabilities.importer import PackageURL
 from vulnerabilities.importer import Reference
+from vulnerabilities.improver import Inference
+from vulnerabilities.tests.test_improve_runner import (
+    get_objects_in_all_tables_used_by_process_inferences,
+)
 
 ADVISORY_DATAS = [
     AdvisoryData(
@@ -32,7 +35,7 @@
             )
         ],
         references=[Reference(url="https://example.com/with/more/info/CVE-2020-13371337")],
-        date_published=datetime.now(timezone.utc),
+        date_published=timezone.now(),
     )
 ]
 
@@ -106,3 +109,45 @@ def test_advisory_summary_clean_up():
         summary="The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\x00' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
     )
     assert "\x00" not in adv.summary
+
+
+DUMMY_ADVISORY = models.Advisory(summary="dummy", created_by="tests", date_collected=timezone.now())
+
+
+INFERENCES = [
+    Inference(
+        aliases=["CVE-1", "CVE-2"],
+        summary="One upon a time, in a package far far away",
+        affected_purls=[
+            PackageURL(type="character", namespace="star-wars", name="anakin", version="1")
+        ],
+        fixed_purl=PackageURL(
+            type="character", namespace="star-wars", name="darth-vader", version="1"
+        ),
+        references=[Reference(reference_id="imperial-vessel-1", url="https://m47r1x.github.io")],
+    )
+]
+
+
+@pytest.mark.django_db
+def test_process_inferences_with_no_inference():
+    assert not process_inferences(
+        inferences=[], advisory=DUMMY_ADVISORY, improver_name="test_improver"
+    )
+
+
+@pytest.mark.django_db
+def test_process_inferences_with_unknown_but_specified_vulnerability():
+    inference = Inference(vulnerability_id="VCID-Does-Not-Exist-In-DB", aliases=["MATRIX-Neo"])
+    assert not process_inferences(
+        inferences=[inference], advisory=DUMMY_ADVISORY, improver_name="test_improver"
+    )
+
+
+@pytest.mark.django_db
+def test_process_inferences_idempotency():
+    process_inferences(INFERENCES, DUMMY_ADVISORY, improver_name="test_improver")
+    all_objects = get_objects_in_all_tables_used_by_process_inferences()
+    process_inferences(INFERENCES, DUMMY_ADVISORY, improver_name="test_improver")
+    process_inferences(INFERENCES, DUMMY_ADVISORY, improver_name="test_improver")
+    assert all_objects == get_objects_in_all_tables_used_by_process_inferences()