Merge pull request #899 from TG1999/ref_url_mandatory

Make URLs mandatory for references #891

Author: TG1999

vulnerabilities/importer.py

@@ -71,8 +71,8 @@ class Reference:
     severities: List[VulnerabilitySeverity] = dataclasses.field(default_factory=list)
 
     def __post_init__(self):
-        if not any([self.url, self.reference_id]):
-            raise TypeError
+        if not self.url:
+            raise TypeError("Reference must have a url")
 
     def normalized(self):
         severities = sorted(self.severities)

vulnerabilities/importers/openssl.py

@@ -88,7 +88,9 @@ def to_advisory_data(xml_issue) -> AdvisoryData:
                 cve = f"CVE-{cve}"
                 madeup_alias = f"{madeup_alias}-{cve}"
                 aliases.append(cve)
-                references.append(Reference(reference_id=cve))
+                references.append(
+                    Reference(reference_id=cve, url=f"https://nvd.nist.gov/vuln/detail/{cve}")
+                )
             aliases.append(madeup_alias)
 
         elif info.tag == "affects":

vulnerabilities/migrations/0020_auto_20220905_1248.py

@@ -0,0 +1,21 @@
+# Generated by Django 4.0.4 on 2022-09-05 12:48
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('vulnerabilities', '0019_alter_vulnerabilityreference_options'),
+    ]
+
+    def delete_reference_with_empty_urls(apps, _):
+        """
+        Delete all references with empty URLs.
+        """
+        Reference = apps.get_model("vulnerabilities", "VulnerabilityReference")
+        Reference.objects.filter(url="").delete()
+
+    operations = [
+        migrations.RunPython(delete_reference_with_empty_urls, migrations.RunPython.noop),
+    ]

vulnerabilities/migrations/0021_alter_vulnerabilityreference_url.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.0.4 on 2022-09-05 13:02
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('vulnerabilities', '0020_auto_20220905_1248'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='vulnerabilityreference',
+            name='url',
+            field=models.URLField(help_text='URL to the vulnerability reference', max_length=1024),
+        ),
+    ]

vulnerabilities/models.py

@@ -106,9 +106,7 @@ class VulnerabilityReference(models.Model):
         through="VulnerabilityRelatedReference",
     )
 
-    url = models.URLField(
-        max_length=1024, help_text="URL to the vulnerability reference", blank=True
-    )
+    url = models.URLField(max_length=1024, help_text="URL to the vulnerability reference")
     reference_id = models.CharField(
         max_length=200,
         help_text="An optional reference ID, such as DSA-4465-1 when available",

vulnerabilities/tests/test_data/openssl/improver/improver-advisories.json

@@ -46,7 +46,7 @@
     "references": [
       {
         "reference_id": "CVE-2022-0778",
-        "url": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778",
         "severities": []
       },
       {
@@ -124,7 +124,7 @@
     "references": [
       {
         "reference_id": "CVE-2021-4160",
-        "url": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4160",
         "severities": []
       },
       {
@@ -178,7 +178,7 @@
     "references": [
       {
         "reference_id": "CVE-2021-4044",
-        "url": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4044",
         "severities": []
       },
       {
@@ -234,7 +234,7 @@
     "references": [
       {
         "reference_id": "CVE-2020-1971",
-        "url": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1971",
         "severities": []
       },
       {

vulnerabilities/tests/test_data/openssl/improver/improver-inferences-expected.json

@@ -36,7 +36,7 @@
     "references": [
       {
         "reference_id": "CVE-2022-0778",
-        "url": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778",
         "severities": []
       },
       {
@@ -199,7 +199,7 @@
     "references": [
       {
         "reference_id": "CVE-2022-0778",
-        "url": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778",
         "severities": []
       },
       {
@@ -482,7 +482,7 @@
     "references": [
       {
         "reference_id": "CVE-2022-0778",
-        "url": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778",
         "severities": []
       },
       {
@@ -541,7 +541,7 @@
     "references": [
       {
         "reference_id": "CVE-2021-4160",
-        "url": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4160",
         "severities": []
       },
       {
@@ -696,7 +696,7 @@
     "references": [
       {
         "reference_id": "CVE-2021-4160",
-        "url": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4160",
         "severities": []
       },
       {
@@ -971,7 +971,7 @@
     "references": [
       {
         "reference_id": "CVE-2021-4160",
-        "url": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4160",
         "severities": []
       },
       {
@@ -1030,7 +1030,7 @@
     "references": [
       {
         "reference_id": "CVE-2021-4044",
-        "url": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4044",
         "severities": []
       },
       {
@@ -1143,7 +1143,7 @@
     "references": [
       {
         "reference_id": "CVE-2020-1971",
-        "url": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1971",
         "severities": []
       },
       {
@@ -1381,7 +1381,7 @@
     "references": [
       {
         "reference_id": "CVE-2020-1971",
-        "url": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1971",
         "severities": []
       },
       {