refactor: encapsulate vendor fetch to CVEDB (#1417)

BreadGenie · web-flow · commit 77a3a87fcb74 · 2021-11-18T11:45:07.000-08:00
* refactor: encapsulate vendor fetch to CVEDB * fixes #1416
diff --git a/cve_bin_tool/cvedb.py b/cve_bin_tool/cvedb.py
@@ -718,6 +718,47 @@ def clear_cached_data(self):
             self.LOGGER.warning(f"Deleting old cachedir {OLD_CACHE_DIR}")
             shutil.rmtree(OLD_CACHE_DIR)
 
+    def get_vendor_product_pairs(self, package_names):
+        """
+        Fetches vendor from the database for packages that doesn't have vendor info for Package List Parser Utility and Universal Python package checker.
+        """
+        self.db_open()
+        cursor = self.connection.cursor()
+        vendor_package_pairs = []
+        query = """
+        SELECT DISTINCT vendor FROM cve_range
+        WHERE product=?
+        """
+
+        # For python package checkers we don't need the progress bar running
+        if type(package_names) != list:
+            cursor.execute(query, [package_names])
+            vendors = list(map(lambda x: x[0], cursor.fetchall()))
+            for vendor in vendors:
+                if vendor != "":
+                    vendor_package_pairs.append(
+                        {
+                            "vendor": vendor,
+                            "product": package_names,
+                        }
+                    )
+        else:
+            for package_name in track(
+                package_names, description="Processing the given list...."
+            ):
+                cursor.execute(query, [package_name["name"].lower()])
+                vendors = list(map(lambda x: x[0], cursor.fetchall()))
+                for vendor in vendors:
+                    if vendor != "":
+                        vendor_package_pairs.append(
+                            {
+                                "vendor": vendor,
+                                "product": package_name["name"],
+                            }
+                        )
+        self.db_close()
+        return vendor_package_pairs
+
     def db_open(self):
         """Opens connection to sqlite database."""
         if not self.connection:
diff --git a/cve_bin_tool/package_list_parser.py b/cve_bin_tool/package_list_parser.py
@@ -10,6 +10,7 @@
 
 import distro
 
+from cve_bin_tool.cvedb import CVEDB
 from cve_bin_tool.error_handler import (
     EmptyTxtError,
     ErrorHandler,
@@ -19,8 +20,6 @@
 from cve_bin_tool.log import LOGGER
 from cve_bin_tool.util import ProductInfo, Remarks
 
-from .vendor_fetch import VendorFetch
-
 ROOT_PATH = join(dirname(__file__), "..")
 PYPI_CSV = join(ROOT_PATH, "package_list_parser", "pypi_list.csv")
 
@@ -132,10 +131,10 @@ def parse_list(self):
                     if package_name in txt_package_names:
                         self.package_names_without_vendor.append(installed_package)
 
-        with VendorFetch() as vendor_fetch:
-            vendor_package_pairs = vendor_fetch.get_vendor_product_pairs(
-                self.package_names_without_vendor
-            )
+        cve_db = CVEDB()
+        vendor_package_pairs = cve_db.get_vendor_product_pairs(
+            self.package_names_without_vendor
+        )
 
         self.add_vendor(vendor_package_pairs)
         self.parse_data()
diff --git a/cve_bin_tool/package_list_parser/vendor_fetch.py b/cve_bin_tool/package_list_parser/vendor_fetch.py
diff --git a/cve_bin_tool/version_scanner.py b/cve_bin_tool/version_scanner.py
@@ -8,12 +8,12 @@
 
 import pkg_resources
 
+from cve_bin_tool.cvedb import CVEDB
 from cve_bin_tool.egg_updater import IS_DEVELOP, update_egg
 from cve_bin_tool.error_handler import ErrorMode
 from cve_bin_tool.extractor import Extractor
 from cve_bin_tool.file import is_binary
 from cve_bin_tool.log import LOGGER
-from cve_bin_tool.package_list_parser.vendor_fetch import VendorFetch
 from cve_bin_tool.strings import Strings
 from cve_bin_tool.util import DirWalk, ProductInfo, inpath
 
@@ -177,8 +177,8 @@ def run_python_package_checkers(self, filename, lines):
             product = search(compile(r"^Name: (.+)$", MULTILINE), lines).group(1)
             version = search(compile(r"^Version: (.+)$", MULTILINE), lines).group(1)
 
-            with VendorFetch() as vendor_fetch:
-                vendor_package_pair = vendor_fetch.get_vendor_product_pairs(product)
+            cve_db = CVEDB()
+            vendor_package_pair = cve_db.get_vendor_product_pairs(product)
 
             if vendor_package_pair != []:
                 vendor = vendor_package_pair[0]["vendor"]
