Merge pull request #1057 from nexB/970-migrate-apache-tomcat-importer

Migrate apache tomcat importer

Author: TG1999

vulnerabilities/importers/__init__.py

@@ -9,6 +9,7 @@
 
 from vulnerabilities.importers import alpine_linux
 from vulnerabilities.importers import apache_httpd
+from vulnerabilities.importers import apache_tomcat
 from vulnerabilities.importers import archlinux
 from vulnerabilities.importers import debian
 from vulnerabilities.importers import debian_oval
@@ -55,6 +56,7 @@
     project_kb_msr2019.ProjectKBMSRImporter,
     suse_scores.SUSESeverityScoreImporter,
     elixir_security.ElixirSecurityImporter,
+    apache_tomcat.ApacheTomcatImporter,
 ]
 
 IMPORTERS_REGISTRY = {x.qualified_name: x for x in IMPORTERS_REGISTRY}

vulnerabilities/importers/apache_tomcat.py

@@ -124,6 +124,27 @@ def compute(self, scoring_elements: str) -> str:
     name="Apache Httpd Severity",
     url="https://httpd.apache.org/security/impact_levels.html",
 )
+APACHE_HTTPD.choices = [
+    "Critical",
+    "Important",
+    "Moderate",
+    "Low",
+]
+
+# This is essentially identical to apache_http except for the addition of the "High" score,
+# which seems to be used interchangeably for "Important".
+APACHE_TOMCAT = ScoringSystem(
+    identifier="apache_tomcat",
+    name="Apache Tomcat Severity",
+    url="https://tomcat.apache.org/security-impact.html",
+)
+APACHE_TOMCAT.choices = [
+    "Critical",
+    "High",
+    "Important",
+    "Moderate",
+    "Low",
+]
 
 SCORING_SYSTEMS = {
     system.identifier: system
@@ -137,5 +158,6 @@ def compute(self, scoring_elements: str) -> str:
         CVSS31_QUALITY,
         GENERIC,
         APACHE_HTTPD,
+        APACHE_TOMCAT,
     )
 }

vulnerabilities/severity_systems.py

@@ -26,7 +26,6 @@ def no_rmtree(monkeypatch):
 # Step 3: Migrate all the tests
 collect_ignore = [
     "test_apache_kafka.py",
-    "test_apache_tomcat.py",
     "test_api.py",
     "test_models.py",
     "test_package_managers.py",