Revert "Add support for reference_type (#1502)" (#1517)

This reverts commit 474301d.

Author: TG1999

vulnerabilities/api.py

@@ -47,7 +47,7 @@ class VulnerabilityReferenceSerializer(serializers.ModelSerializer):
 
     class Meta:
         model = VulnerabilityReference
-        fields = ["reference_url", "reference_id", "reference_type", "scores", "url"]
+        fields = ["reference_url", "reference_id", "scores", "url"]
 
 
 class BaseResourceSerializer(serializers.HyperlinkedModelSerializer):

vulnerabilities/importer.py

@@ -76,7 +76,6 @@ def from_dict(cls, severity: dict):
 @dataclasses.dataclass(order=True)
 class Reference:
     reference_id: str = ""
-    reference_type: str = ""
     url: str = ""
     severities: List[VulnerabilitySeverity] = dataclasses.field(default_factory=list)
 
@@ -86,17 +85,11 @@ def __post_init__(self):
 
     def normalized(self):
         severities = sorted(self.severities)
-        return Reference(
-            reference_id=self.reference_id,
-            url=self.url,
-            severities=severities,
-            reference_type=self.reference_type,
-        )
+        return Reference(reference_id=self.reference_id, url=self.url, severities=severities)
 
     def to_dict(self):
         return {
             "reference_id": self.reference_id,
-            "reference_type": self.reference_type,
             "url": self.url,
             "severities": [severity.to_dict() for severity in self.severities],
         }
@@ -105,7 +98,6 @@ def to_dict(self):
     def from_dict(cls, ref: dict):
         return cls(
             reference_id=ref["reference_id"],
-            reference_type=ref["reference_type"],
             url=ref["url"],
             severities=[
                 VulnerabilitySeverity.from_dict(severity) for severity in ref["severities"]

vulnerabilities/importers/fireeye.py

@@ -89,9 +89,9 @@ def get_references(references):
     """
     Return a list of Reference from a list of URL reference in md format
     >>> get_references(["- http://1-4a.com/cgi-bin/alienform/af.cgi"])
-    [Reference(reference_id='', reference_type='', url='http://1-4a.com/cgi-bin/alienform/af.cgi', severities=[])]
+    [Reference(reference_id='', url='http://1-4a.com/cgi-bin/alienform/af.cgi', severities=[])]
     >>> get_references(["- [Mitre CVE-2021-42712](https://www.cve.org/CVERecord?id=CVE-2021-42712)"])
-    [Reference(reference_id='', reference_type='', url='https://www.cve.org/CVERecord?id=CVE-2021-42712', severities=[])]
+    [Reference(reference_id='', url='https://www.cve.org/CVERecord?id=CVE-2021-42712', severities=[])]
     """
     urls = []
     for ref in references:

vulnerabilities/improve_runner.py

@@ -98,14 +98,12 @@ def process_inferences(
 
             reference = VulnerabilityReference.objects.get_or_none(
                 reference_id=ref.reference_id,
-                reference_type=ref.reference_type,
                 url=ref.url,
             )
 
             if not reference:
                 reference = create_valid_vulnerability_reference(
                     reference_id=ref.reference_id,
-                    reference_type=ref.reference_type,
                     url=ref.url,
                 )
                 if not reference:
@@ -169,15 +167,14 @@ def process_inferences(
     return inferences_processed_count
 
 
-def create_valid_vulnerability_reference(url, reference_type="", reference_id=None):
+def create_valid_vulnerability_reference(url, reference_id=None):
     """
     Create and return a new validated VulnerabilityReference from a
     ``url`` and ``reference_id``.
     Return None and log a warning if this is not a valid reference.
     """
     reference = VulnerabilityReference(
         reference_id=reference_id,
-        reference_type=reference_type,
         url=url,
     )
 

vulnerabilities/migrations/0058_vulnerabilityreference_reference_type.py

@@ -359,22 +359,6 @@ class VulnerabilityReference(models.Model):
         unique=True,
     )
 
-    ADVISORY = "advisory"
-    EXPLOIT = "exploit"
-    MAILING_LIST = "mailing_list"
-    BUG = "bug"
-    OTHER = "other"
-
-    REFERENCE_TYPES = [
-        (ADVISORY, "Advisory"),
-        (EXPLOIT, "Exploit"),
-        (MAILING_LIST, "Mailing List"),
-        (BUG, "Bug"),
-        (OTHER, "Other"),
-    ]
-
-    reference_type = models.CharField(max_length=20, choices=REFERENCE_TYPES, blank=True)
-
     reference_id = models.CharField(
         max_length=200,
         help_text="An optional reference ID, such as DSA-4465-1 when available",

vulnerabilities/models.py

@@ -244,7 +244,6 @@
                     <thead>
                         <tr>
                             <th style="width: 250px;"> Reference id </th>
-                            <th style="width: 250px;"> Reference type </th>
                             <th> URL </th>
                         </tr>
                     </thead>
@@ -255,13 +254,6 @@
                         {% else %}
                         <td></td>
                         {% endif %}
-
-                        {% if ref.reference_type %}
-                        <td class="wrap-strings">{{ ref.get_reference_type_display }}</td>
-                        {% else %}
-                        <td></td>
-                        {% endif %}
-
                         <td class="wrap-strings"><a href="{{ ref.url }}" target="_blank">{{ ref.url }}<i
                                     class="fa fa-external-link fa_link_custom"></i></a></td>
                     </tr>

vulnerabilities/templates/vulnerability_details.html

@@ -21,7 +21,6 @@
 
 from vulnerabilities.api import MinimalPackageSerializer
 from vulnerabilities.api import PackageSerializer
-from vulnerabilities.api import VulnerabilityReferenceSerializer
 from vulnerabilities.models import Alias
 from vulnerabilities.models import ApiUser
 from vulnerabilities.models import Package
@@ -162,9 +161,6 @@ def setUp(self):
             namespace="ubuntu",
             qualifiers={"distro": "jessie"},
         )
-        self.ref = VulnerabilityReference.objects.create(
-            reference_type="advisory", reference_id="CVE-xxx-xxx", url="https://example.com"
-        )
         self.user = ApiUser.objects.create_api_user(username="[email protected]")
         self.auth = f"Token {self.user.auth_token.key}"
         self.client = APIClient(enforce_csrf_checks=True)
@@ -185,16 +181,6 @@ def test_package_serializer(self):
         purls = {r["purl"] for r in response}
         self.assertIn("pkg:deb/ubuntu/[email protected]?distro=jessie", purls)
 
-    def test_vulnerability_reference_serializer(self):
-        response = VulnerabilityReferenceSerializer(instance=self.ref).data
-        assert response == {
-            "reference_url": "https://example.com",
-            "reference_id": "CVE-xxx-xxx",
-            "reference_type": "advisory",
-            "scores": [],
-            "url": "https://example.com",
-        }
-
 
 class APITestCaseVulnerability(TransactionTestCase):
     def setUp(self):

vulnerabilities/tests/test_api.py

@@ -20,7 +20,6 @@
   "references": [
     {
       "reference_id": "CVE-1999-1199",
-      "reference_type": "",
       "url": "https://httpd.apache.org/security/json/CVE-1999-1199.json",
       "severities": [
         {

vulnerabilities/tests/test_data/apache_httpd/CVE-1999-1199-apache-httpd-expected.json

@@ -20,7 +20,6 @@
   "references": [
     {
       "reference_id": "CVE-2017-9798",
-      "reference_type": "",
       "url": "https://httpd.apache.org/security/json/CVE-2017-9798.json",
       "severities": [
         {

vulnerabilities/tests/test_data/apache_httpd/CVE-2017-9798-apache-httpd-expected.json

@@ -20,7 +20,6 @@
   "references": [
     {
       "reference_id": "CVE-2021-44224",
-      "reference_type": "",
       "url": "https://httpd.apache.org/security/json/CVE-2021-44224.json",
       "severities": [
         {

vulnerabilities/tests/test_data/apache_httpd/CVE-2021-44224-apache-httpd-expected.json

@@ -20,7 +20,6 @@
   "references": [
     {
       "reference_id": "CVE-2022-28614",
-      "reference_type": "",
       "url": "https://httpd.apache.org/security/json/CVE-2022-28614.json",
       "severities": [
         {

vulnerabilities/tests/test_data/apache_httpd/CVE-2022-28614-apache-httpd-expected.json

@@ -43,7 +43,6 @@
     "references": [
       {
         "reference_id": "CVE-2021-44224",
-        "reference_type": "",
         "url": "https://httpd.apache.org/security/json/CVE-2021-44224.json",
         "severities": [
           {
@@ -92,7 +91,6 @@
     "references": [
       {
         "reference_id": "CVE-2021-44224",
-        "reference_type": "",
         "url": "https://httpd.apache.org/security/json/CVE-2021-44224.json",
         "severities": [
           {