Move VulnerabilitySource to audit.py for shared usage

Author: ArBridgeman

exasol/toolbox/tools/security.py

@@ -18,10 +18,11 @@
 from functools import partial
 from inspect import cleandoc
 from pathlib import Path
-from typing import Optional
 
 import typer
 
+from exasol.toolbox.util.dependencies.audit import VulnerabilitySource
+
 stdout = print
 stderr = partial(print, file=sys.stderr)
 
@@ -104,32 +105,6 @@ def from_maven(report: str) -> Iterable[Issue]:
             )
 
 
-class VulnerabilitySource(str, Enum):
-    CVE = "CVE"
-    CWE = "CWE"
-    GHSA = "GHSA"
-    PYSEC = "PYSEC"
-
-    @classmethod
-    def from_prefix(cls, name: str) -> VulnerabilitySource | None:
-        for el in cls:
-            if name.upper().startswith(el.value):
-                return el
-        return None
-
-    def get_link(self, package: str, vuln_id: str) -> str:
-        if self == VulnerabilitySource.CWE:
-            cwe_id = vuln_id.upper().replace(f"{VulnerabilitySource.CWE.value}-", "")
-            return f"https://cwe.mitre.org/data/definitions/{cwe_id}.html"
-
-        map_link = {
-            VulnerabilitySource.CVE: "https://nvd.nist.gov/vuln/detail/{vuln_id}",
-            VulnerabilitySource.GHSA: "https://github.com/advisories/{vuln_id}",
-            VulnerabilitySource.PYSEC: "https://github.com/pypa/advisory-database/blob/main/vulns/{package}/{vuln_id}.yaml",
-        }
-        return map_link[self].format(package=package, vuln_id=vuln_id)
-
-
 def identify_pypi_references(
     references: list[str], package_name: str
 ) -> tuple[list[str], list[str], list[str]]:

exasol/toolbox/util/dependencies/audit.py

@@ -4,6 +4,7 @@
 import subprocess  # nosec
 import tempfile
 from dataclasses import dataclass
+from enum import Enum
 from pathlib import Path
 from re import search
 from typing import (
@@ -34,6 +35,32 @@ def __init__(self, subprocess_output: subprocess.CompletedProcess) -> None:
         self.stderr = subprocess_output.stderr
 
 
+class VulnerabilitySource(str, Enum):
+    CVE = "CVE"
+    CWE = "CWE"
+    GHSA = "GHSA"
+    PYSEC = "PYSEC"
+
+    @classmethod
+    def from_prefix(cls, name: str) -> VulnerabilitySource | None:
+        for el in cls:
+            if name.upper().startswith(el.value):
+                return el
+        return None
+
+    def get_link(self, package: str, vuln_id: str) -> str:
+        if self == VulnerabilitySource.CWE:
+            cwe_id = vuln_id.upper().replace(f"{VulnerabilitySource.CWE.value}-", "")
+            return f"https://cwe.mitre.org/data/definitions/{cwe_id}.html"
+
+        map_link = {
+            VulnerabilitySource.CVE: "https://nvd.nist.gov/vuln/detail/{vuln_id}",
+            VulnerabilitySource.GHSA: "https://github.com/advisories/{vuln_id}",
+            VulnerabilitySource.PYSEC: "https://github.com/pypa/advisory-database/blob/main/vulns/{package}/{vuln_id}.yaml",
+        }
+        return map_link[self].format(package=package, vuln_id=vuln_id)
+
+
 class Vulnerability(Package):
     id: str
     aliases: list[str]

test/unit/security_test.py

@@ -330,21 +330,6 @@ def test_from_json(json_input, expected):
     assert list(actual) == [expected_issue]
 
 
-@pytest.mark.parametrize(
-    "prefix,expected",
-    [
-        pytest.param("DUMMY", None, id="without_a_matching_prefix_returns_none"),
-        pytest.param(
-            f"{security.VulnerabilitySource.CWE.value.lower()}-1234",
-            security.VulnerabilitySource.CWE,
-            id="with_matching_prefix_returns_vulnerability_source",
-        ),
-    ],
-)
-def test_from_prefix(prefix: str, expected):
-    assert security.VulnerabilitySource.from_prefix(prefix) == expected
-
-
 @pytest.mark.parametrize(
     "reference, expected",
     [

test/unit/util/dependencies/audit_test.py

@@ -10,6 +10,7 @@
     PipAuditException,
     Vulnerabilities,
     Vulnerability,
+    VulnerabilitySource,
     audit_poetry_files,
     get_vulnerabilities,
     get_vulnerabilities_from_latest_tag,
@@ -138,6 +139,21 @@ def test_security_issue_dict(sample_vulnerability):
         assert result == [sample_vulnerability.security_issue_entry]
 
 
+@pytest.mark.parametrize(
+    "prefix,expected",
+    [
+        pytest.param("DUMMY", None, id="without_a_matching_prefix_returns_none"),
+        pytest.param(
+            f"{VulnerabilitySource.CWE.value.lower()}-1234",
+            VulnerabilitySource.CWE,
+            id="with_matching_prefix_returns_vulnerability_source",
+        ),
+    ],
+)
+def test_from_prefix(prefix: str, expected):
+    assert VulnerabilitySource.from_prefix(prefix) == expected
+
+
 class TestGetVulnerabilities:
     def test_with_mock(self, sample_vulnerability):
         with mock.patch(