@@ -143,6 +143,7 @@ def process_advisories(data_source: DataSource, create_vulcodes) -> None:
143143 for batch in advisory_batches :
144144 for advisory in batch :
145145 try :
146+
146147 if not advisory .identifier and not create_vulcodes :
147148 continue
148149
@@ -154,9 +155,11 @@ def process_advisories(data_source: DataSource, create_vulcodes) -> None:
154155 reference_id = vuln_ref .reference_id ,
155156 )
156157
157- if vuln_created or not vuln_ref_exists (vuln , vuln_ref .url , vuln_ref .reference_id ):
158- # A vulnerability reference can't exist if the vulnerability is just created so
159- # insert it
158+ if vuln_created or not vuln_ref_exists (
159+ vuln , vuln_ref .url , vuln_ref .reference_id
160+ ):
161+ # A vulnerability reference can't exist if the vulnerability is
162+ # just created, so insert it
160163 bulk_create_vuln_refs .add (ref )
161164
162165 for purl in chain (advisory .impacted_package_urls , advisory .resolved_package_urls ):
@@ -176,25 +179,27 @@ def process_advisories(data_source: DataSource, create_vulcodes) -> None:
176179 existing_ref = get_vuln_pkg_refs (vuln , pkg )
177180 if not existing_ref :
178181 bulk_create_vuln_pkg_refs .add (pkg_vuln_ref )
179- # A vulnerability-package relationship does not exist already if either the
180- # vulnerability or the package is just created.
182+ # A vulnerability-package relationship does not exist already
183+ # if either the vulnerability or the package is just created.
181184
182185 else :
183- # insert only if it there is no existing vulnerability-package relationship.
186+ # insert only if it there is no existing vulnerability-package relationship. # nopep8
184187 existing_ref = get_vuln_pkg_refs (vuln , pkg )
185188 if not existing_ref :
186189 bulk_create_vuln_pkg_refs .add (pkg_vuln_ref )
187190
188191 else :
189192 # This handles conflicts between existing data and obtained data
190193 if existing_ref [0 ].is_vulnerable != pkg_vuln_ref .is_vulnerable :
191- handle_conflicts ([existing_ref [0 ], pkg_vuln_ref .to_model_object ()])
194+ handle_conflicts (
195+ [existing_ref [0 ], pkg_vuln_ref .to_model_object ()]
196+ )
192197 existing_ref .delete ()
198+
193199 except Exception :
194200 # TODO: store error but continue
195201 logger .error (
196- f"Failed to process advisory: { advisory !r} \n "
197- + traceback .format_exc ()
202+ f"Failed to process advisory: { advisory !r} \n " + traceback .format_exc ()
198203 )
199204
200205 models .VulnerabilityReference .objects .bulk_create (
@@ -259,17 +264,20 @@ def _get_or_create_vulnerability(
259264 advisory : Advisory ,
260265) -> Tuple [models .Vulnerability , bool ]:
261266
262- vuln , created = models .Vulnerability .objects .get_or_create (identifier = advisory .identifier )
267+ try :
268+ vuln , created = models .Vulnerability .objects .get_or_create (identifier = advisory .identifier )
263269
264- # Eventually we only want to keep summary from NVD and ignore other descriptions.
265- if advisory .summary and vuln .summary != advisory .summary :
266- vuln .summary = advisory .summary
267- vuln .save ()
270+ # Eventually we only want to keep summary from NVD and ignore other descriptions.
271+ if advisory .summary and vuln .summary != advisory .summary :
272+ vuln .summary = advisory .summary
273+ vuln .save ()
274+
275+ return vuln , created
268276
269277 except Exception :
270278 logger .error (
271- f"Failed to _get_or_create_vulnerability: { query_kwargs !r} \n "
272- + traceback . format_exc () )
279+ f"Failed to _get_or_create_vulnerability: { query_kwargs !r} \n " + traceback . format_exc ()
280+ )
273281 raise
274282
275283
0 commit comments