Merge branch 'main' of github.com:nexB/vulnerablecode

Signed-off-by: 司芳源 <[email protected]>

Author: 司芳源

Makefile

@@ -27,6 +27,7 @@ VENV=venv
 ACTIVATE?=. ${VENV}/bin/activate;
 VIRTUALENV_PYZ=etc/thirdparty/virtualenv.pyz
 BLACK_ARGS=-l 100 .
+ISORT_ARGS=.
 # Do not depend on Python to generate the SECRET_KEY
 GET_SECRET_KEY=`base64 /dev/urandom | head -c50`
 # Customize with `$ make envfile ENV_FILE=/etc/vulnerablecode/.env`
@@ -61,14 +62,20 @@ envfile:
 	@echo SECRET_KEY=\"${GET_SECRET_KEY}\" > ${ENV_FILE}
 
 check:
+	@echo "-> Run isort validation"
+	@${ACTIVATE} isort --check-only ${ISORT_ARGS}
 	@echo "-> Run black validation"
 	@${ACTIVATE} black --check ${BLACK_ARGS}
 
 black:
 	@echo "-> Apply black code formatter"
 	${VENV}/bin/black ${BLACK_ARGS}
 
-valid: black
+isort:
+	@echo "-> Apply isort code formatter"
+	${VENV}/bin/isort ${ISORT_ARGS}
+
+valid: isort black
 
 clean:
 	@echo "-> Clean the Python env"

pyproject.toml

@@ -43,4 +43,10 @@ addopts = [
     "-rfExXw",
     "--strict",
     "--doctest-modules"
-]
+]
+
+[tool.isort]
+profile = "black"
+line_length = 100
+force_single_line = true
+skip_gitignore = true

requirements-dev.txt

@@ -1,5 +1,6 @@
-pytest
-pytest-django
-freezegun
-ipython
-black
+black==22.1.0
+freezegun==1.1.0
+ipython==8.0.1
+isort==5.10.1
+pytest==7.0.0
+pytest-django==4.5.2

setup.py

@@ -4,7 +4,6 @@
 from setuptools import find_packages
 from setuptools import setup
 
-
 requirements = [
     r.strip() for r in open("requirements.txt") if r.strip() and not r.strip().startswith("#")
 ]

vulnerabilities/admin.py

@@ -23,13 +23,11 @@
 
 from django.contrib import admin
 
-from vulnerabilities.models import (
-    PackageRelatedVulnerability,
-    Package,
-    Vulnerability,
-    VulnerabilityReference,
-    VulnerabilitySeverity,
-)
+from vulnerabilities.models import Package
+from vulnerabilities.models import PackageRelatedVulnerability
+from vulnerabilities.models import Vulnerability
+from vulnerabilities.models import VulnerabilityReference
+from vulnerabilities.models import VulnerabilitySeverity
 
 
 @admin.register(Vulnerability)

vulnerabilities/api.py

@@ -25,10 +25,11 @@
 
 from django_filters import rest_framework as filters
 from packageurl import PackageURL
-
-from rest_framework import serializers, viewsets
+from rest_framework import serializers
+from rest_framework import viewsets
 from rest_framework.decorators import action
 from rest_framework.response import Response
+
 from vulnerabilities.models import Package
 from vulnerabilities.models import Vulnerability
 from vulnerabilities.models import VulnerabilityReference

vulnerabilities/forms.py

@@ -22,7 +22,9 @@
 
 from django import forms
 
-from vulnerabilities.models import Package, PackageRelatedVulnerability, Vulnerability
+from vulnerabilities.models import Package
+from vulnerabilities.models import PackageRelatedVulnerability
+from vulnerabilities.models import Vulnerability
 
 
 def get_package_types():

vulnerabilities/import_runner.py

@@ -25,14 +25,13 @@
 import datetime
 import json
 import logging
-from typing import List
 from typing import Iterable
-
+from typing import List
 
 from vulnerabilities import models
-from vulnerabilities.models import Advisory
 from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importer import Importer
+from vulnerabilities.models import Advisory
 
 logger = logging.getLogger(__name__)
 

vulnerabilities/importer.py

@@ -20,19 +20,19 @@
 #  VulnerableCode is a free software code scanning tool from nexB Inc. and others.
 #  Visit https://github.com/nexB/vulnerablecode/ for support and download.
 import dataclasses
+import datetime
 import logging
 import os
 import shutil
 import tempfile
 import traceback
 import xml.etree.ElementTree as ET
-import datetime
 from pathlib import Path
+from typing import Iterable
 from typing import List
 from typing import Mapping
 from typing import Optional
 from typing import Set
-from typing import Iterable
 from typing import Tuple
 
 from binaryornot.helpers import is_binary_string
@@ -41,11 +41,12 @@
 from packageurl import PackageURL
 from univers.version_range import VersionRange
 from univers.versions import Version
-from vulnerabilities.helpers import nearest_patched_package
+
 from vulnerabilities.helpers import classproperty
+from vulnerabilities.helpers import nearest_patched_package
 from vulnerabilities.oval_parser import OvalParser
-from vulnerabilities.severity_systems import ScoringSystem
 from vulnerabilities.severity_systems import SCORING_SYSTEMS
+from vulnerabilities.severity_systems import ScoringSystem
 
 logger = logging.getLogger(__name__)
 

vulnerabilities/importers/alpine_linux.py

@@ -29,10 +29,10 @@
 import saneyaml
 from bs4 import BeautifulSoup
 
+from vulnerabilities.helpers import is_cve
 from vulnerabilities.importer import Advisory
 from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
-from vulnerabilities.helpers import is_cve
 
 BASE_URL = "https://secdb.alpinelinux.org/"
 

vulnerabilities/importers/apache_httpd.py

@@ -27,16 +27,16 @@
 import requests
 from bs4 import BeautifulSoup
 from packageurl import PackageURL
-from univers.versions import SemverVersion
 from univers.version_specifier import VersionSpecifier
+from univers.versions import SemverVersion
 
+from vulnerabilities.helpers import nearest_patched_package
 from vulnerabilities.importer import Advisory
 from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
 from vulnerabilities.importer import VulnerabilitySeverity
 from vulnerabilities.package_managers import GitHubTagsAPI
 from vulnerabilities.severity_systems import scoring_systems
-from vulnerabilities.helpers import nearest_patched_package
 
 
 class ApacheHTTPDImporter(Importer):

vulnerabilities/importers/apache_kafka.py

@@ -25,14 +25,14 @@
 import requests
 from bs4 import BeautifulSoup
 from packageurl import PackageURL
-from univers.versions import MavenVersion
 from univers.version_specifier import VersionSpecifier
+from univers.versions import MavenVersion
 
+from vulnerabilities.helpers import nearest_patched_package
 from vulnerabilities.importer import Advisory
 from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
 from vulnerabilities.package_managers import GitHubTagsAPI
-from vulnerabilities.helpers import nearest_patched_package
 
 GH_PAGE_URL = "https://raw.githubusercontent.com/apache/kafka-site/asf-site/cve-list.html"
 ASF_PAGE_URL = "https://kafka.apache.org/cve-list"

vulnerabilities/importers/apache_tomcat.py

@@ -24,19 +24,18 @@
 import dataclasses
 import re
 
-
 import requests
 from bs4 import BeautifulSoup
+from packageurl import PackageURL
 from univers.version_specifier import VersionSpecifier
 from univers.versions import MavenVersion
 from univers.versions import SemverVersion
-from packageurl import PackageURL
 
+from vulnerabilities.helpers import create_etag
+from vulnerabilities.helpers import nearest_patched_package
 from vulnerabilities.importer import Advisory
 from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
-from vulnerabilities.helpers import create_etag
-from vulnerabilities.helpers import nearest_patched_package
 from vulnerabilities.package_managers import MavenVersionAPI
 
 

vulnerabilities/importers/archlinux.py

@@ -30,11 +30,11 @@
 
 from packageurl import PackageURL
 
+from vulnerabilities.helpers import nearest_patched_package
 from vulnerabilities.importer import Advisory
 from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
 from vulnerabilities.importer import VulnerabilitySeverity
-from vulnerabilities.helpers import nearest_patched_package
 from vulnerabilities.severity_systems import scoring_systems
 
 

vulnerabilities/importers/debian.py

@@ -22,19 +22,19 @@
 #  Visit https://github.com/nexB/vulnerablecode/ for support and download.
 
 import dataclasses
-from dateutil import parser as dateparser
 from typing import Any
 from typing import List
 from typing import Mapping
 from typing import Set
 
 import requests
+from dateutil import parser as dateparser
 from packageurl import PackageURL
 
+from vulnerabilities.helpers import nearest_patched_package
 from vulnerabilities.importer import Advisory
 from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
-from vulnerabilities.helpers import nearest_patched_package
 
 
 class DebianImporter(Importer):

vulnerabilities/importers/debian_oval.py

@@ -27,9 +27,9 @@
 
 import requests
 
+from vulnerabilities.helpers import create_etag
 from vulnerabilities.importer import OvalImporter
 from vulnerabilities.package_managers import DebianVersionAPI
-from vulnerabilities.helpers import create_etag
 
 
 class DebianOvalImporter(OvalImporter):

vulnerabilities/importers/elixir_security.py

@@ -26,11 +26,11 @@
 from univers.version_specifier import VersionSpecifier
 from univers.versions import SemverVersion
 
+from vulnerabilities.helpers import load_yaml
+from vulnerabilities.helpers import nearest_patched_package
 from vulnerabilities.importer import Advisory
 from vulnerabilities.importer import GitImporter
 from vulnerabilities.importer import Reference
-from vulnerabilities.helpers import load_yaml
-from vulnerabilities.helpers import nearest_patched_package
 from vulnerabilities.package_managers import HexVersionAPI
 
 

vulnerabilities/importers/gentoo.py

@@ -26,10 +26,10 @@
 
 from packageurl import PackageURL
 
-from vulnerabilities.importer import GitImporter
+from vulnerabilities.helpers import nearest_patched_package
 from vulnerabilities.importer import Advisory
+from vulnerabilities.importer import GitImporter
 from vulnerabilities.importer import Reference
-from vulnerabilities.helpers import nearest_patched_package
 
 
 class GentooImporter(GitImporter):

vulnerabilities/importers/github.py

@@ -21,32 +21,32 @@
 #  Visit https://github.com/nexB/vulnerablecode/ for support and download.
 
 import asyncio
-import os
 import dataclasses
-from dateutil import parser as dateparser
-from typing import Set
-from typing import Tuple
+import os
 from typing import List
 from typing import Mapping
 from typing import Optional
+from typing import Set
+from typing import Tuple
 
 import requests
+from dateutil import parser as dateparser
 from packageurl import PackageURL
 from univers.version_specifier import VersionSpecifier
 from univers.versions import version_class_by_package_type
 
+from vulnerabilities.helpers import nearest_patched_package
 from vulnerabilities.importer import Advisory
 from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
 from vulnerabilities.importer import VulnerabilitySeverity
+from vulnerabilities.package_managers import ComposerVersionAPI
 from vulnerabilities.package_managers import MavenVersionAPI
 from vulnerabilities.package_managers import NugetVersionAPI
-from vulnerabilities.package_managers import ComposerVersionAPI
 from vulnerabilities.package_managers import PypiVersionAPI
 from vulnerabilities.package_managers import GoproxyVersionAPI
 from vulnerabilities.package_managers import RubyVersionAPI
 from vulnerabilities.severity_systems import scoring_systems
-from vulnerabilities.helpers import nearest_patched_package
 
 # set of all possible values of first '%s' = {'MAVEN','COMPOSER', 'NUGET', 'RUBYGEMS', 'PYPI'}
 # second '%s' is interesting, it will have the value '' for the first request,

vulnerabilities/importers/istio.py

@@ -20,21 +20,21 @@
 #  VulnerableCode is a free software tool from nexB Inc. and others.
 #  Visit https://github.com/nexB/vulnerablecode/ for support and download.
 import asyncio
-import pytz
 import re
-from dateutil import parser
 from typing import Set
 
+import pytz
 import saneyaml
+from dateutil import parser
 from packageurl import PackageURL
 from univers.version_specifier import VersionSpecifier
 from univers.versions import SemverVersion
 
+from vulnerabilities.helpers import nearest_patched_package
+from vulnerabilities.helpers import split_markdown_front_matter
 from vulnerabilities.importer import Advisory
 from vulnerabilities.importer import GitImporter
 from vulnerabilities.importer import Reference
-from vulnerabilities.helpers import nearest_patched_package
-from vulnerabilities.helpers import split_markdown_front_matter
 from vulnerabilities.package_managers import GitHubTagsAPI
 
 is_release = re.compile(r"^[\d.]+$", re.IGNORECASE).match

vulnerabilities/importers/kaybee.py

@@ -22,11 +22,11 @@
 
 from packageurl import PackageURL
 
-from vulnerabilities.importer import GitImporter
-from vulnerabilities.importer import Advisory
-from vulnerabilities.importer import Reference
 from vulnerabilities.helpers import load_yaml
 from vulnerabilities.helpers import nearest_patched_package
+from vulnerabilities.importer import Advisory
+from vulnerabilities.importer import GitImporter
+from vulnerabilities.importer import Reference
 
 
 class KaybeeImporter(GitImporter):