➕ Add a VulCode importer

sbs2001 · sbs2001 · commit 5e1547a15643 · 2020-09-27T12:21:43.000+05:30
Signed-off-by: Shivam Sandbhor &lt;shivam.sandbhor@gmail.com&gt;
diff --git a/vulnerabilities/data_source.py b/vulnerabilities/data_source.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2017 nexB Inc. and others. All rights reserved.
+# Copyright (c) nexB Inc. and others. All rights reserved.
 # http://nexb.com and https://github.com/nexB/vulnerablecode/
 # The VulnerableCode software is licensed under the Apache License version 2.0.
 # Data generated with VulnerableCode require an acknowledgment.
diff --git a/vulnerabilities/importer_yielder.py b/vulnerabilities/importer_yielder.py
@@ -172,7 +172,6 @@
             'db_url': 'https://usn.ubuntu.com/usn-db/database-all.json.bz2'
         },
     },
-
     {
         'name': 'github',
         'license': '',
@@ -182,6 +181,16 @@
             'endpoint': 'https://api.github.com/graphql',
             'ecosystems': ['MAVEN', 'NUGET', 'COMPOSER']
         }
+    },
+
+    {
+        'name': 'vulcodes',
+        'license': '',
+        'last_run': None,
+        'data_source': 'VulCodeDataSource',
+        'data_source_cfg': {
+            'repository_url': 'https://github.com/sbs2001/vulcodes.git'
+        }
     }
 
 ]
diff --git a/vulnerabilities/importers/__init__.py b/vulnerabilities/importers/__init__.py
@@ -38,3 +38,4 @@
 from vulnerabilities.importers.ubuntu_usn import UbuntuUSNDataSource
 from vulnerabilities.importers.github import GitHubAPIDataSource
 from vulnerabilities.importers.nvd import NVDDataSource
+from vulnerabilities.importers.vulcodes import VulCodeDataSource
diff --git a/vulnerabilities/importers/vulcodes.py b/vulnerabilities/importers/vulcodes.py
@@ -0,0 +1,66 @@
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# http://nexb.com and https://github.com/nexB/vulnerablecode/
+# The VulnerableCode software is licensed under the Apache License version 2.0.
+# Data generated with VulnerableCode require an acknowledgment.
+#
+# You may not use this software except in compliance with the License.
+# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+#
+# When you publish or redistribute any data created with VulnerableCode or any VulnerableCode
+# derivative work, you must accompany this data with the following acknowledgment:
+#
+#  Generated with VulnerableCode and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
+#  OR CONDITIONS OF ANY KIND, either express or implied. No content created from
+#  VulnerableCode should be considered or used as legal advice. Consult an Attorney
+#  for any legal advice.
+#  VulnerableCode is a free software code scanning tool from nexB Inc. and others.
+#  Visit https://github.com/nexB/vulnerablecode/ for support and download.
+
+import json
+
+from packageurl import PackageURL
+
+from vulnerabilities.data_source import GitDataSource
+from vulnerabilities.data_source import Advisory
+from vulnerabilities.data_source import Reference
+
+
+class VulCodeDataSource(GitDataSource):
+    def __enter__(self):
+        super(VulCodeDataSource, self).__enter__()
+
+        if not getattr(self, "_added_files", None):
+            self._added_files, self._updated_files = self.file_changes(
+                file_ext="json",
+            )
+
+    def updated_advisories(self):
+
+        advisories = []
+        for file in self._added_files.union(self._updated_files):
+            with open(file) as f:
+                data = json.load(f)
+                references = []
+
+                for ref in data["references"]:
+                    references.append(Reference(url=ref["url"], reference_id=ref["reference_id"]))
+
+                advisories.append(
+                    Advisory(
+                        identifier=data["identifier"],
+                        summary=data["summary"],
+                        impacted_package_urls=[
+                            PackageURL.from_string(purl) for purl in data["vulnerable_packages"]
+                        ],
+                        resolved_package_urls=[
+                            PackageURL.from_string(purl) for purl in data["resolved_packages"]
+                        ],
+                        vuln_references=references,
+                    )
+                )
+
+        return self.batch_advisories(advisories)

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-# Copyright (c) 2017 nexB Inc. and others. All rights reserved.`
	`1`	`+# Copyright (c) nexB Inc. and others. All rights reserved.`
`2`	`2`	`# http://nexb.com and https://github.com/nexB/vulnerablecode/`
`3`	`3`	`# The VulnerableCode software is licensed under the Apache License version 2.0.`
`4`	`4`	`# Data generated with VulnerableCode require an acknowledgment.`
Original file line number	Diff line number	Diff line change
`@@ -172,7 +172,6 @@`
`172`	`172`	`'db_url': 'https://usn.ubuntu.com/usn-db/database-all.json.bz2'`
`173`	`173`	`},`
`174`	`174`	`},`
`175`		`-`
`176`	`175`	`{`
`177`	`176`	`'name': 'github',`
`178`	`177`	`'license': '',`
`@@ -182,6 +181,16 @@`
`182`	`181`	`'endpoint': 'https://api.github.com/graphql',`
`183`	`182`	`'ecosystems': ['MAVEN', 'NUGET', 'COMPOSER']`
`184`	`183`	`}`
	`184`	`+ },`
	`185`	`+`
	`186`	`+ {`
	`187`	`+ 'name': 'vulcodes',`
	`188`	`+ 'license': '',`
	`189`	`+ 'last_run': None,`
	`190`	`+ 'data_source': 'VulCodeDataSource',`
	`191`	`+ 'data_source_cfg': {`
	`192`	`+ 'repository_url': 'https://github.com/sbs2001/vulcodes.git'`
	`193`	`+ }`
`185`	`194`	`}`
`186`	`195`
`187`	`196`	`]`