Move VulnerabilitySource to audit.py for shared usage

Author: ArBridgeman

exasol/toolbox/tools/security.py

@@ -18,10 +18,11 @@
 from functools import partial
 from inspect import cleandoc
 from pathlib import Path
-from typing import Optional
 
 import typer
 
+from exasol.toolbox.util.dependencies.audit import VulnerabilitySource
+
 stdout = print
 stderr = partial(print, file=sys.stderr)
 
@@ -104,32 +105,6 @@ def from_maven(report: str) -> Iterable[Issue]:
             )
 
 
-class VulnerabilitySource(str, Enum):
-    CVE = "CVE"
-    CWE = "CWE"
-    GHSA = "GHSA"
-    PYSEC = "PYSEC"
-
-    @classmethod
-    def from_prefix(cls, name: str) -> VulnerabilitySource | None:
-        for el in cls:
-            if name.upper().startswith(el.value):
-                return el
-        return None
-
-    def get_link(self, package: str, vuln_id: str) -> str:
-        if self == VulnerabilitySource.CWE:
-            cwe_id = vuln_id.upper().replace(f"{VulnerabilitySource.CWE.value}-", "")
-            return f"https://cwe.mitre.org/data/definitions/{cwe_id}.html"
-
-        map_link = {
-            VulnerabilitySource.CVE: "https://nvd.nist.gov/vuln/detail/{vuln_id}",
-            VulnerabilitySource.GHSA: "https://github.com/advisories/{vuln_id}",
-            VulnerabilitySource.PYSEC: "https://github.com/pypa/advisory-database/blob/main/vulns/{package}/{vuln_id}.yaml",
-        }
-        return map_link[self].format(package=package, vuln_id=vuln_id)
-
-
 def identify_pypi_references(
     references: list[str], package_name: str
 ) -> tuple[list[str], list[str], list[str]]:

exasol/toolbox/util/dependencies/audit.py

@@ -4,6 +4,7 @@
 import subprocess  # nosec
 import tempfile
 from dataclasses import dataclass
+from enum import Enum
 from pathlib import Path
 from re import search
 from typing import (
@@ -34,6 +35,32 @@ def __init__(self, subprocess_output: subprocess.CompletedProcess) -> None:
         self.stderr = subprocess_output.stderr
 
 
+class VulnerabilitySource(str, Enum):
+    CVE = "CVE"
+    CWE = "CWE"
+    GHSA = "GHSA"
+    PYSEC = "PYSEC"
+
+    @classmethod
+    def from_prefix(cls, name: str) -> VulnerabilitySource | None:
+        for el in cls:
+            if name.upper().startswith(el.value):
+                return el
+        return None
+
+    def get_link(self, package: str, vuln_id: str) -> str:
+        if self == VulnerabilitySource.CWE:
+            cwe_id = vuln_id.upper().replace(f"{VulnerabilitySource.CWE.value}-", "")
+            return f"https://cwe.mitre.org/data/definitions/{cwe_id}.html"
+
+        map_link = {
+            VulnerabilitySource.CVE: "https://nvd.nist.gov/vuln/detail/{vuln_id}",
+            VulnerabilitySource.GHSA: "https://github.com/advisories/{vuln_id}",
+            VulnerabilitySource.PYSEC: "https://github.com/pypa/advisory-database/blob/main/vulns/{package}/{vuln_id}.yaml",
+        }
+        return map_link[self].format(package=package, vuln_id=vuln_id)
+
+
 class Vulnerability(Package):
     id: str
     aliases: list[str]

test/unit/security_test.py

@@ -7,6 +7,7 @@
 from unittest import mock
 
 import pytest
+import toolbox.util.dependencies.audit
 
 from exasol.toolbox.tools import security
 
@@ -335,14 +336,17 @@ def test_from_json(json_input, expected):
     [
         pytest.param("DUMMY", None, id="without_a_matching_prefix_returns_none"),
         pytest.param(
-            f"{security.VulnerabilitySource.CWE.value.lower()}-1234",
-            security.VulnerabilitySource.CWE,
+            f"{toolbox.util.dependencies.audit.VulnerabilitySource.CWE.value.lower()}-1234",
+            toolbox.util.dependencies.audit.VulnerabilitySource.CWE,
             id="with_matching_prefix_returns_vulnerability_source",
         ),
     ],
 )
 def test_from_prefix(prefix: str, expected):
-    assert security.VulnerabilitySource.from_prefix(prefix) == expected
+    assert (
+        toolbox.util.dependencies.audit.VulnerabilitySource.from_prefix(prefix)
+        == expected
+    )
 
 
 @pytest.mark.parametrize(