Rename and improve cpe<->purl mapping

* Use proper queryset instead of duplicated code.
* Update Package and Vulnerability querysets and use these
  This streamlines some of the core naming and duplication issues
* Refactor NVD importer core logic around a CveItem object
* Use new querysets rather than refetching from the NVD
* Add license and license notice
* Update documentation and tests accordingly

Signed-off-by: Philippe Ombredanne <[email protected]>

Author: pombredanne

docs/source/command-line-interface.rst

@@ -3,7 +3,7 @@
 Command Line Interface
 ======================
 
-The main entry point is Django's :guilabel:`manage.py` management commands.
+The main entry point is the Django :guilabel:`manage.py` management command script.
 
 ``$ ./manage.py --help``
 ------------------------
@@ -14,9 +14,10 @@ VulnerableCode's own commands are listed under the ``[vulnerabilities]`` section
     $ ./manage.py --help
     ...
     [vulnerabilities]
-        create_cpe_to_purl_map
-        importer
-        improver
+        import
+        improve
+        purl2cpe
+
 
 ``$ ./manage.py <subcommand> --help``
 ---------------------------------------
@@ -58,3 +59,17 @@ Other variations:
 
 * ``--list`` List all available improvers
 * ``--all`` Run all available improvers
+
+
+
+``$ ./manage.py purl2cpe --destination <directory``
+------------------------------------------
+
+Dump a mapping of CPEs to PURLs grouped by vulnerability in the ``destination``
+directory.
+
+
+Other variations:
+
+* ``--limit`` Limit the number of processed vulnerabilities
+

pyproject.toml

@@ -66,7 +66,7 @@ addopts = [
     "--ignore=vulnerabilities/importers/mozilla.py",
     "--ignore=vulnerabilities/importers/mattermost.py",
     "--ignore=vulnerabilities/importers/xen.py",
-    "--ignore=vulnerabilities/management/commands/create_cpe_to_purl_map.py",
+    "--ignore=vulnerabilities/management/commands/purl2cpe.py",
     "--ignore=vulnerabilities/lib_oval.py",
 ]
 

vulnerabilities/api.py

@@ -93,7 +93,7 @@ class VulnerabilitySerializer(serializers.HyperlinkedModelSerializer):
     fixed_packages = MinimalPackageSerializer(
         many=True, source="filtered_fixed_packages", read_only=True
     )
-    affected_packages = MinimalPackageSerializer(many=True, source="vulnerable_to", read_only=True)
+    affected_packages = MinimalPackageSerializer(many=True, read_only=True)
 
     references = VulnerabilityReferenceSerializer(many=True, source="vulnerabilityreference_set")
     aliases = AliasSerializer(many=True, source="alias")