chg: [website] Added detection PySec IDs in the description of bundle…

…s and comments.

website/lib/utils.py

@@ -4,7 +4,7 @@
 
 
 def find_cve_ids(text: str) -> List[str]:
-    """Find CVE ids in a text. Returns a list of string."""
+    """Find CVE IDs in a text. Returns a list of string."""
     # Regex pattern to match CVE IDs (e.g., CVE-2021-34527 or cve-2021-34527)
     cve_pattern = r"CVE-\d{4}-\d{4,7}"
 
@@ -18,7 +18,7 @@ def find_cve_ids(text: str) -> List[str]:
 
 
 def find_ghsa_ids(text: str) -> List[str]:
-    """Find GHSA ids in a text. Returns a list of string."""
+    """Find GHSA IDs in a text. Returns a list of string."""
     # Regex pattern to match GHSA IDs (e.g., GHSA-xxxx-xxxx-xxxx or ghsa-xxxx-xxxx-xxxx)
     ghsa_pattern = r"GHSA-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}"
 
@@ -30,3 +30,16 @@ def find_ghsa_ids(text: str) -> List[str]:
     ghsa_ids = list(set(ghsa_ids))
 
     return ghsa_ids
+
+
+def find_pysec_ids(text: str) -> List[str]:
+    """Find PyPI Security Advisory (PySec) IDs in a text. Returns a list of string."""
+    # Regex pattern to match PySec IDs (e.g., PYSEC-YYYY-NNN or pysec-yyyy-nnn)
+    pysec_pattern = r"PYSEC-\d{4}-\d{2,5}"
+
+    # Find all matches in the text (case-insensitive search)
+    pysec_ids = re.findall(pysec_pattern, text, re.IGNORECASE)
+    pysec_ids = [item.upper() for item in pysec_ids]
+    pysec_ids = list(set(pysec_ids))
+
+    return pysec_ids

website/web/api/v1/bundle.py

@@ -15,6 +15,7 @@
 from vulnerabilitylookup.default import get_config
 from website.lib.utils import find_cve_ids
 from website.lib.utils import find_ghsa_ids
+from website.lib.utils import find_pysec_ids
 from website.web.bootstrap import db
 from website.validators import validate_json
 from website.web.api.v1.common import auth_func
@@ -202,14 +203,17 @@ def post(self) -> Tuple[ResultType, int]:
         bundle["vulnerability_lookup_origin"] = local_instance_uuid
         bundle["creation_timestamp"] = current_time.strftime("%Y-%m-%dT%H:%M:%S.%fZ")
         bundle["timestamp"] = current_time.strftime("%Y-%m-%dT%H:%M:%S.%fZ")
-        # find CVE ids in the description and add to the related vulnerabilities
+        # Find security advisories IDs in the description and add the result to the related vulnerabilities
         bundle.setdefault("related_vulnerabilities", [])
         bundle.get("related_vulnerabilities", []).extend(
             find_cve_ids(bundle.get("description", ""))
         )
         bundle.get("related_vulnerabilities", []).extend(
             find_ghsa_ids(bundle.get("description", ""))
         )
+        bundle.get("related_vulnerabilities", []).extend(
+            find_pysec_ids(bundle.get("description", ""))
+        )
 
         try:
             validate_json(bundle, "circl_bundle")

website/web/api/v1/comment.py

@@ -17,6 +17,7 @@
 from vulnerabilitylookup.default import get_config
 from website.lib.utils import find_cve_ids
 from website.lib.utils import find_ghsa_ids
+from website.lib.utils import find_pysec_ids
 from website.web.bootstrap import application
 from website.web.bootstrap import db
 from website.validators import validate_json
@@ -215,14 +216,17 @@ def post(self) -> Tuple[ResultType, int]:
         comment["vulnerability_lookup_origin"] = local_instance_uuid
         comment["creation_timestamp"] = current_time.strftime("%Y-%m-%dT%H:%M:%S.%fZ")
         comment["timestamp"] = current_time.strftime("%Y-%m-%dT%H:%M:%S.%fZ")
-        # find CVE ids in the description and add to the related vulnerabilities
+        # Find security advisories IDs in the description and add the result to the related vulnerabilities
         comment.setdefault("related_vulnerabilities", [])
         comment.get("related_vulnerabilities", []).extend(
             find_cve_ids(comment.get("description", ""))
         )
         comment.get("related_vulnerabilities", []).extend(
             find_ghsa_ids(comment.get("description", ""))
         )
+        comment.get("related_vulnerabilities", []).extend(
+            find_pysec_ids(comment.get("description", ""))
+        )
 
         # Validate the JSON payload
         try: