Skip to content

Commit

Permalink
Remove excessive network calls from redhat importer #1161
Browse files Browse the repository at this point in the history
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
  • Loading branch information
TG1999 committed Mar 29, 2023
1 parent 33b3d92 commit 1f18d1a
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 63 deletions.
41 changes: 6 additions & 35 deletions vulnerabilities/importers/redhat.py
Original file line number Diff line number Diff line change
Expand Up @@ -98,24 +98,12 @@ def to_advisory(advisory_data):
bugzilla = advisory_data.get("bugzilla")
if bugzilla:
url = "https://bugzilla.redhat.com/show_bug.cgi?id={}".format(bugzilla)
bugzilla_url = f"https://bugzilla.redhat.com/rest/bug/{bugzilla}"
bugzilla_data = get_data_from_url(bugzilla_url)
bugs = bugzilla_data.get("bugs") or []
if bugs:
# why [0] only here?
severity = bugs[0].get("severity")
if severity:
bugzilla_severity = VulnerabilitySeverity(
system=severity_systems.REDHAT_BUGZILLA,
value=severity,
)
references.append(
Reference(
severities=[bugzilla_severity],
url=url,
reference_id=bugzilla,
)
)
references.append(
Reference(
url=url,
reference_id=bugzilla,
)
)

for rh_adv in advisory_data.get("advisories") or []:
# RH provides 3 types of advisories RHSA, RHBA, RHEA. Only RHSA's contain severity score.
Expand All @@ -126,25 +114,8 @@ def to_advisory(advisory_data):
continue

if "RHSA" in rh_adv.upper():
rhsa_url = f"https://access.redhat.com/hydra/rest/securitydata/cvrf/{rh_adv}.json"
rhsa_data = get_data_from_url(rhsa_url)
if not rhsa_data:
continue
rhsa_aggregate_severities = []
if rhsa_data.get("cvrfdoc"):
# not all RHSA errata have a corresponding CVRF document
value = get_item(rhsa_data, "cvrfdoc", "aggregate_severity")
if value:
rhsa_aggregate_severities.append(
VulnerabilitySeverity(
system=severity_systems.REDHAT_AGGREGATE,
value=value,
)
)

references.append(
Reference(
severities=rhsa_aggregate_severities,
url="https://access.redhat.com/errata/{}".format(rh_adv),
reference_id=rh_adv,
)
Expand Down
37 changes: 9 additions & 28 deletions vulnerabilities/tests/test_data/redhat/redhat-expected.json
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,7 @@
{
"reference_id": 2077736,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077736",
"severities": [
{
"system": "rhbs",
"value": "medium",
"scoring_elements": ""
}
]
"severities": []
},
{
"reference_id": "",
Expand Down Expand Up @@ -197,35 +191,22 @@
{
"reference_id": 2075788,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075788",
"severities": [
{
"system": "rhbs",
"value": "medium",
"scoring_elements": ""
}
]
"severities": []
},
{
"reference_id": "RHSA-2022:1439",
"url": "https://access.redhat.com/errata/RHSA-2022:1439",
"severities": [
{
"system": "rhas",
"value": "Important",
"scoring_elements": ""
}
]
"severities": []
},
{
"reference_id": "RHSA-2022:1437",
"url": "https://access.redhat.com/errata/RHSA-2022:1437",
"severities": [
{
"system": "rhas",
"value": "Important",
"scoring_elements": ""
}
]
"severities": []
},
{
"reference_id": "RHSA-2022:1436",
"url": "https://access.redhat.com/errata/RHSA-2022:1436",
"severities": []
},
{
"reference_id": "",
Expand Down

0 comments on commit 1f18d1a

Please sign in to comment.