Use content id to insert new advisory

keshav-space · keshav-space · commit 7350f599b220 · 2025-04-08T14:41:48.000+05:30
Signed-off-by: Keshav Priyadarshi &lt;git@keshav.space&gt;
diff --git a/vulnerabilities/import_runner.py b/vulnerabilities/import_runner.py
@@ -104,24 +104,30 @@ def process_advisories(
         advisories = []
         for data in advisory_datas:
             content_id = compute_content_id(advisory_data=data)
+            advisory = {
+                "summary": data.summary,
+                "affected_packages": [pkg.to_dict() for pkg in data.affected_packages],
+                "references": [ref.to_dict() for ref in data.references],
+                "date_published": data.date_published,
+                "weaknesses": data.weaknesses,
+                "created_by": importer_name,
+                "date_collected": datetime.datetime.now(tz=datetime.timezone.utc),
+            }
             try:
                 aliases = get_or_create_aliases(aliases=data.aliases)
                 obj, created = Advisory.objects.get_or_create(
                     unique_content_id=content_id,
                     url=data.url,
-                    defaults={
-                        "summary": data.summary,
-                        "affected_packages": [pkg.to_dict() for pkg in data.affected_packages],
-                        "references": [ref.to_dict() for ref in data.references],
-                        "date_published": data.date_published,
-                        "weaknesses": data.weaknesses,
-                        "created_by": importer_name,
-                        "date_collected": datetime.datetime.now(tz=datetime.timezone.utc),
-                    },
+                    defaults=advisory,
                 )
                 obj.aliases.add(*aliases)
                 if not obj.date_imported:
                     advisories.append(obj)
+            except Advisory.MultipleObjectsReturned as mo:
+                logger.error(
+                    f"Multiple Advisories returned: unique_content_id: {content_id}, url: {data.url}, advisory: {advisory!r}"
+                )
+                raise
             except Exception as e:
                 logger.error(
                     f"Error while processing {data!r} with aliases {data.aliases!r}: {e!r} \n {traceback_format_exc()}"
diff --git a/vulnerabilities/pipes/advisory.py b/vulnerabilities/pipes/advisory.py
@@ -43,20 +43,27 @@ def insert_advisory(advisory: AdvisoryData, pipeline_id: str, logger: Callable =
     aliases = get_or_create_aliases(aliases=advisory.aliases)
     content_id = compute_content_id(advisory_data=advisory)
     try:
+        default_data = {
+            "summary": advisory.summary,
+            "affected_packages": [pkg.to_dict() for pkg in advisory.affected_packages],
+            "references": [ref.to_dict() for ref in advisory.references],
+            "date_published": advisory.date_published,
+            "weaknesses": advisory.weaknesses,
+            "created_by": pipeline_id,
+            "date_collected": datetime.now(timezone.utc),
+        }
+
         advisory_obj, _ = Advisory.objects.get_or_create(
             unique_content_id=content_id,
             url=advisory.url,
-            defaults={
-                "summary": advisory.summary,
-                "affected_packages": [pkg.to_dict() for pkg in advisory.affected_packages],
-                "references": [ref.to_dict() for ref in advisory.references],
-                "date_published": advisory.date_published,
-                "weaknesses": advisory.weaknesses,
-                "created_by": pipeline_id,
-                "date_collected": datetime.now(timezone.utc),
-            },
+            defaults=default_data,
         )
         advisory_obj.aliases.add(*aliases)
+    except Advisory.MultipleObjectsReturned:
+        logger.error(
+            f"Multiple Advisories returned: unique_content_id: {content_id}, url: {advisory.url}, advisory: {advisory!r}"
+        )
+        raise
     except Exception as e:
         if logger:
             logger(
@@ -137,19 +144,18 @@ def import_advisory(
                     },
                 )
                 vulnerability.severities.add(vulnerability_severity)
+                if not created and logger:
+                    logger(
+                        f"Severity updated for reference {ref.url!r} to value: {severity.value!r} "
+                        f"and scoring_elements: {severity.scoring_elements!r}",
+                        level=logging.DEBUG,
+                    )
             except:
                 if logger:
                     logger(
                         f"Failed to create VulnerabilitySeverity for: {severity} with error:\n{traceback_format_exc()}",
                         level=logging.ERROR,
                     )
-            if not created:
-                if logger:
-                    logger(
-                        f"Severity updated for reference {ref.url!r} to value: {severity.value!r} "
-                        f"and scoring_elements: {severity.scoring_elements!r}",
-                        level=logging.DEBUG,
-                    )
 
     for affected_purl in affected_purls or []:
         vulnerable_package, _ = Package.objects.get_or_create_from_purl(purl=affected_purl)
