Fix debian OVAL importer (#1361)

Signed-off-by: Tushar Goel <[email protected]>

Author: TG1999

vulnerabilities/importer.py

@@ -431,7 +431,6 @@ def get_data_from_xml_doc(
             # connected/linked to an OvalDefinition
             vuln_id = definition_data["vuln_id"]
             description = definition_data["description"]
-
             severities = []
             severity = definition_data.get("severity")
             if severity:
@@ -453,7 +452,8 @@ def get_data_from_xml_doc(
                         except Exception as e:
                             logger.error(
                                 f"Failed to parse version range {affected_version_range!r} "
-                                f"for package {package_name!r}:\n{e}"
+                                f"for package {package_name!r}:\n{e}\n"
+                                f"{definition_data!r}"
                             )
                             continue
                     if package_name:

vulnerabilities/importers/debian_oval.py

@@ -8,6 +8,7 @@
 #
 
 
+import bz2
 import xml.etree.ElementTree as ET
 
 import requests
@@ -64,9 +65,10 @@ def __init__(self, *args, **kwargs):
     def _fetch(self):
         releases = ["wheezy", "stretch", "jessie", "buster", "bullseye"]
         for release in releases:
-            file_url = f"https://www.debian.org/security/oval/oval-definitions-{release}.xml"
+            file_url = f"https://www.debian.org/security/oval/oval-definitions-{release}.xml.bz2"
             resp = requests.get(file_url).content
+            extracted = bz2.decompress(resp)
             yield (
                 {"type": "deb", "namespace": "debian", "qualifiers": {"distro": release}},
-                ET.ElementTree(ET.fromstring(resp.decode("utf-8"))),
+                ET.ElementTree(ET.fromstring(extracted.decode("utf-8"))),
             )