diff --git a/PIPELINES-AVID.rst b/PIPELINES-AVID.rst index 3d82400f8..c65e92832 100644 --- a/PIPELINES-AVID.rst +++ b/PIPELINES-AVID.rst @@ -1,11 +1,13 @@ -.. list-table:: Pipeline AVID Mapping +.. list-table:: Pipeline Advisory UID Mapping :header-rows: 1 :widths: 35 65 * - pipeline name - - AVID + - Advisory UID + - datasource name * - alpine_linux_importer_v2 - {package_name}/{distroversion}/{version}/{vulnerability_id} + - alpine_linux * - aosp_dataset_fix_commits - CVE ID of the record * - apache_httpd_importer_v2 diff --git a/vulnerabilities/migrations/0130_advisoryv2_pipeline_id.py b/vulnerabilities/migrations/0130_advisoryv2_pipeline_id.py new file mode 100644 index 000000000..241703b2c --- /dev/null +++ b/vulnerabilities/migrations/0130_advisoryv2_pipeline_id.py @@ -0,0 +1,24 @@ +# Generated by Django 5.2.11 on 2026-05-18 08:52 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("vulnerabilities", "0129_advisorypoc"), + ] + + operations = [ + migrations.AddField( + model_name="advisoryv2", + name="pipeline_id", + field=models.CharField( + blank=True, + db_index=True, + help_text="Unique ID for the pipeline used for this advisory .e.g.: nginx_importer_v2", + max_length=200, + null=True, + ), + ), + ] diff --git a/vulnerabilities/migrations/0131_auto_20260518_0854.py b/vulnerabilities/migrations/0131_auto_20260518_0854.py new file mode 100644 index 000000000..0b7067668 --- /dev/null +++ b/vulnerabilities/migrations/0131_auto_20260518_0854.py @@ -0,0 +1,42 @@ +# Generated by Django 5.2.11 on 2026-05-18 08:54 + +from django.db import migrations, models +from django.db.models import F + + +class Migration(migrations.Migration): + + dependencies = [ + ("vulnerabilities", "0130_advisoryv2_pipeline_id"), + ] + + def populate_pipeline_id(apps, schema_editor): + Advisory = apps.get_model("vulnerabilities", "AdvisoryV2") + + Advisory.objects.update( + pipeline_id=F("datasource_id") + ) + + assert not Advisory.objects.filter(pipeline_id="").exists(), "Some advisories have an empty pipeline_id after the update" + + operations = [ + migrations.RunPython(populate_pipeline_id, reverse_code=migrations.RunPython.noop), + migrations.AlterField( + model_name="advisoryv2", + name="pipeline_id", + field=models.CharField( + db_index=True, + help_text="Unique ID for the pipeline used for this advisory .e.g.: nginx_importer_v2", + max_length=200, + ), + ), + migrations.AlterField( + model_name="advisoryv2", + name="datasource_id", + field=models.CharField( + db_index=True, + help_text="Unique ID for the datasource used for this advisory .e.g.: nginx", + max_length=200, + ), + ), + ] diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py index 2c9e385a3..69253f54b 100644 --- a/vulnerabilities/models.py +++ b/vulnerabilities/models.py @@ -3058,7 +3058,15 @@ class AdvisoryV2(models.Model): blank=False, null=False, db_index=True, - help_text="Unique ID for the datasource used for this advisory ." "e.g.: nginx_importer_v2", + help_text="Unique ID for the datasource used for this advisory ." "e.g.: nginx", + ) + + pipeline_id = models.CharField( + max_length=200, + blank=False, + null=False, + db_index=True, + help_text="Unique ID for the pipeline used for this advisory ." "e.g.: nginx_importer_v2", ) # This is similar to a name diff --git a/vulnerabilities/pipelines/__init__.py b/vulnerabilities/pipelines/__init__.py index 5d0fee2de..873aede8b 100644 --- a/vulnerabilities/pipelines/__init__.py +++ b/vulnerabilities/pipelines/__init__.py @@ -273,7 +273,7 @@ class VulnerableCodeBaseImporterPipelineV2(VulnerableCodePipeline): pipeline_id = None # Unique Pipeline ID, this should be the name of pipeline module. license_url = None - datasource_name = None + datasource_id = None spdx_license_expression = None repo_url = None ignorable_versions = [] @@ -319,6 +319,9 @@ def advisories_count(self) -> int: raise NotImplementedError def collect_and_store_advisories(self): + if not self.pipeline_id and not self.datasource_id: + self.log("Pipeline must have a unique pipeline_id or datasource_id defined.") + return collected_advisory_count = 0 estimated_advisory_count = self.advisories_count() @@ -338,6 +341,7 @@ def collect_and_store_advisories(self): if _obj := insert_advisory_v2( advisory=advisory, pipeline_id=self.pipeline_id, + datasource_id=self.datasource_id, logger=self.log, precedence=self.precedence, ): diff --git a/vulnerabilities/pipelines/v2_importers/alpine_linux_importer.py b/vulnerabilities/pipelines/v2_importers/alpine_linux_importer.py index 02aafb38a..e7417c5a1 100644 --- a/vulnerabilities/pipelines/v2_importers/alpine_linux_importer.py +++ b/vulnerabilities/pipelines/v2_importers/alpine_linux_importer.py @@ -38,6 +38,7 @@ class AlpineLinuxImporterPipeline(VulnerableCodeBaseImporterPipelineV2): pipeline_id = "alpine_linux_importer_v2" spdx_license_expression = "CC-BY-SA-4.0" + datasource_id = "alpine_linux" license_url = "https://secdb.alpinelinux.org/license.txt" repo_url = "git+https://github.com/aboutcode-org/aboutcode-mirror-alpine-secdb/" diff --git a/vulnerabilities/pipelines/v2_importers/aosp_importer.py b/vulnerabilities/pipelines/v2_importers/aosp_importer.py index 1abe91776..e4a0d6707 100644 --- a/vulnerabilities/pipelines/v2_importers/aosp_importer.py +++ b/vulnerabilities/pipelines/v2_importers/aosp_importer.py @@ -28,6 +28,7 @@ class AospImporterPipeline(VulnerableCodeBaseImporterPipelineV2): """ pipeline_id = "aosp_dataset_fix_commits" + datasource_id = "aosp_dataset" spdx_license_expression = "Apache-2.0" license_url = "https://github.com/quarkslab/aosp_dataset/blob/master/LICENSE" diff --git a/vulnerabilities/pipelines/v2_importers/apache_httpd_importer.py b/vulnerabilities/pipelines/v2_importers/apache_httpd_importer.py index 3987eea73..3d409b871 100644 --- a/vulnerabilities/pipelines/v2_importers/apache_httpd_importer.py +++ b/vulnerabilities/pipelines/v2_importers/apache_httpd_importer.py @@ -148,6 +148,7 @@ class ApacheHTTPDImporterPipeline(VulnerableCodeBaseImporterPipelineV2): """ pipeline_id = "apache_httpd_importer_v2" + datasource_id = "apache_httpd" spdx_license_expression = "Apache-2.0" license_url = "https://www.apache.org/licenses/LICENSE-2.0" base_url = "https://httpd.apache.org/security/json/" diff --git a/vulnerabilities/pipelines/v2_importers/apache_kafka_importer.py b/vulnerabilities/pipelines/v2_importers/apache_kafka_importer.py index d05ed757d..5e6fbcb17 100644 --- a/vulnerabilities/pipelines/v2_importers/apache_kafka_importer.py +++ b/vulnerabilities/pipelines/v2_importers/apache_kafka_importer.py @@ -33,6 +33,7 @@ class ApacheKafkaImporterPipeline(VulnerableCodeBaseImporterPipelineV2): """Import Apache Kafka Advisories""" pipeline_id = "apache_kafka_importer_v2" + datasource_id = "apache_kafka" spdx_license_expression = "Apache-2.0" importer_name = "Apache Kafka Importer V2" diff --git a/vulnerabilities/pipelines/v2_importers/apache_tomcat_importer.py b/vulnerabilities/pipelines/v2_importers/apache_tomcat_importer.py index f7dd12f57..cf47b9799 100644 --- a/vulnerabilities/pipelines/v2_importers/apache_tomcat_importer.py +++ b/vulnerabilities/pipelines/v2_importers/apache_tomcat_importer.py @@ -36,6 +36,7 @@ class ApacheTomcatImporterPipeline(VulnerableCodeBaseImporterPipelineV2): """ pipeline_id = "apache_tomcat_importer_v2" + datasource_id = "apache_tomcat" spdx_license_expression = "Apache-2.0" license_url = "https://www.apache.org/licenses/LICENSE-2.0" base_url = "https://tomcat.apache.org/security" diff --git a/vulnerabilities/pipelines/v2_importers/archlinux_importer.py b/vulnerabilities/pipelines/v2_importers/archlinux_importer.py index b666e48a2..35f620e77 100644 --- a/vulnerabilities/pipelines/v2_importers/archlinux_importer.py +++ b/vulnerabilities/pipelines/v2_importers/archlinux_importer.py @@ -29,6 +29,7 @@ class ArchLinuxImporterPipeline(VulnerableCodeBaseImporterPipelineV2): pipeline_id = "archlinux_importer_v2" spdx_license_expression = "MIT" + datasource_id = "archlinux" license_url = "https://github.com/archlinux/arch-security-tracker/blob/master/LICENSE" precedence = 200 diff --git a/vulnerabilities/pipelines/v2_importers/collect_fix_commits.py b/vulnerabilities/pipelines/v2_importers/collect_fix_commits.py index f57d3b61b..7ad67df92 100644 --- a/vulnerabilities/pipelines/v2_importers/collect_fix_commits.py +++ b/vulnerabilities/pipelines/v2_importers/collect_fix_commits.py @@ -3,184 +3,221 @@ class CollectLinuxFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_linux_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/torvalds/linux" class CollectBusyBoxFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_busybox_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/mirror/busybox" class CollectNginxFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_nginx_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/nginx/nginx" class CollectApacheTomcatFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_apache_tomcat_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/apache/tomcat" class CollectMysqlServerFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_mysql_server_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/mysql/mysql-server" class CollectPostgresqlFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_postgresql_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/postgres/postgres" class CollectMongodbFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_mongodb_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/mongodb/mongo" class CollectRedisFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_redis_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/redis/redis" class CollectSqliteFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_sqlite_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/sqlite/sqlite" class CollectPhpFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_php_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/php/php-src" class CollectPythonCpythonFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_python_cpython_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/python/cpython" class CollectRubyFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_ruby_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/ruby/ruby" class CollectGoFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_go_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/golang/go" class CollectNodeJsFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_node_js_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/nodejs/node" class CollectRustFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_rust_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/rust-lang/rust" class CollectOpenjdkFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_openjdk_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/openjdk/jdk" class CollectSwiftFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_swift_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/swiftlang/swift" class CollectDjangoFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_django_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/django/django" class CollectRailsFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_rails_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/rails/rails" class CollectLaravelFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_laravel_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/laravel/framework" class CollectSpringFrameworkFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_spring_framework_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/spring-projects/spring-framework" class CollectReactFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_react_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/facebook/react" class CollectAngularFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_angular_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/angular/angular" class CollectWordpressFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_wordpress_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/WordPress/WordPress" class CollectDockerMobyFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_docker_moby_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/moby/moby" class CollectKubernetesFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_kubernetes_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/kubernetes/kubernetes" class CollectQemuFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_qemu_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://gitlab.com/qemu-project/qemu" class CollectXenProjectFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_xen_project_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/xen-project/xen" class CollectVirtualboxFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_virtualbox_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/mirror/vbox" class CollectContainerdFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_containerd_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/containerd/containerd" class CollectAnsibleFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_ansible_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/ansible/ansible" class CollectTerraformFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_terraform_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/hashicorp/terraform" class CollectWiresharkFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_wireshark_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://gitlab.com/wireshark/wireshark" class CollectTcpdumpFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_tcpdump_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/the-tcpdump-group/tcpdump" class CollectGitFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_git_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/git/git" class CollectJenkinsFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_jenkins_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://github.com/jenkinsci/jenkins" class CollectGitlabFixCommitsPipeline(CollectVCSFixCommitPipeline): pipeline_id = "collect_gitlab_fix_commits" + datasource_id = pipeline_id.replace("collect_", "") repo_url = "https://gitlab.com/gitlab-org/gitlab-foss" diff --git a/vulnerabilities/pipelines/v2_importers/curl_importer.py b/vulnerabilities/pipelines/v2_importers/curl_importer.py index 23e62cbb9..aed5db0a3 100644 --- a/vulnerabilities/pipelines/v2_importers/curl_importer.py +++ b/vulnerabilities/pipelines/v2_importers/curl_importer.py @@ -32,6 +32,7 @@ class CurlImporterPipeline(VulnerableCodeBaseImporterPipelineV2): """ pipeline_id = "curl_importer_v2" + datasource_id = "curl" spdx_license_expression = "curl" license_url = "https://curl.se/docs/copyright.html" repo_url = "https://github.com/curl/curl-www/" diff --git a/vulnerabilities/pipelines/v2_importers/debian_importer.py b/vulnerabilities/pipelines/v2_importers/debian_importer.py index 67cba2b11..4f72aedc8 100644 --- a/vulnerabilities/pipelines/v2_importers/debian_importer.py +++ b/vulnerabilities/pipelines/v2_importers/debian_importer.py @@ -31,6 +31,7 @@ class DebianImporterPipeline(VulnerableCodeBaseImporterPipelineV2): """Debian Importer Pipeline""" pipeline_id = "debian_importer_v2" + datasource_id = "debian" spdx_license_expression = "LicenseRef-scancode-other-permissive" license_url = "https://www.debian.org/license" notice = """ diff --git a/vulnerabilities/pipelines/v2_importers/elixir_security_importer.py b/vulnerabilities/pipelines/v2_importers/elixir_security_importer.py index 2269d0fbc..211743a93 100644 --- a/vulnerabilities/pipelines/v2_importers/elixir_security_importer.py +++ b/vulnerabilities/pipelines/v2_importers/elixir_security_importer.py @@ -36,6 +36,7 @@ class ElixirSecurityImporterPipeline(VulnerableCodeBaseImporterPipelineV2): license_url = "https://github.com/dependabot/elixir-security-advisories/blob/master/LICENSE.txt" repo_url = "git+https://github.com/dependabot/elixir-security-advisories" run_once = True + datasource_id = "elixir_security" precedence = 400 diff --git a/vulnerabilities/pipelines/v2_importers/epss_importer_v2.py b/vulnerabilities/pipelines/v2_importers/epss_importer_v2.py index 007341d0c..8f3a57d95 100644 --- a/vulnerabilities/pipelines/v2_importers/epss_importer_v2.py +++ b/vulnerabilities/pipelines/v2_importers/epss_importer_v2.py @@ -29,6 +29,7 @@ class EPSSImporterPipeline(VulnerableCodeBaseImporterPipelineV2): pipeline_id = "epss_importer_v2" spdx_license_expression = "unknown" importer_name = "EPSS Importer" + datasource_id = "epss" exclude_from_package_todo = True diff --git a/vulnerabilities/pipelines/v2_importers/fireeye_importer_v2.py b/vulnerabilities/pipelines/v2_importers/fireeye_importer_v2.py index 3e9dc2c40..b9d647628 100644 --- a/vulnerabilities/pipelines/v2_importers/fireeye_importer_v2.py +++ b/vulnerabilities/pipelines/v2_importers/fireeye_importer_v2.py @@ -30,6 +30,7 @@ class FireeyeImporterPipeline(VulnerableCodeBaseImporterPipelineV2): spdx_license_expression = "CC-BY-SA-4.0 AND MIT" + datasource_id = "fireeye" license_url = "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/README.md" notice = """ Copyright (c) Mandiant diff --git a/vulnerabilities/pipelines/v2_importers/gentoo_importer.py b/vulnerabilities/pipelines/v2_importers/gentoo_importer.py index 5db00a649..91f1d85c3 100644 --- a/vulnerabilities/pipelines/v2_importers/gentoo_importer.py +++ b/vulnerabilities/pipelines/v2_importers/gentoo_importer.py @@ -30,6 +30,7 @@ class GentooImporterPipeline(VulnerableCodeBaseImporterPipelineV2): repo_url = "git+https://anongit.gentoo.org/git/data/glsa.git" spdx_license_expression = "CC-BY-SA-4.0" + datasource_id = "gentoo" # the license notice is at this url https://anongit.gentoo.org/ says: # The contents of this document, unless otherwise expressly stated, are licensed # under the [CC-BY-SA-4.0](https://creativecommons.org/licenses/by-sa/4.0/) license. diff --git a/vulnerabilities/pipelines/v2_importers/github_osv_importer.py b/vulnerabilities/pipelines/v2_importers/github_osv_importer.py index 33acaf7f8..34775fc8c 100644 --- a/vulnerabilities/pipelines/v2_importers/github_osv_importer.py +++ b/vulnerabilities/pipelines/v2_importers/github_osv_importer.py @@ -27,6 +27,7 @@ class GithubOSVImporterPipeline(VulnerableCodeBaseImporterPipelineV2): """ pipeline_id = "github_osv_importer_v2" + datasource_id = "github_osv" spdx_license_expression = "CC-BY-4.0" license_url = "https://github.com/github/advisory-database/blob/main/LICENSE.md" repo_url = "git+https://github.com/github/advisory-database/" diff --git a/vulnerabilities/pipelines/v2_importers/gitlab_importer.py b/vulnerabilities/pipelines/v2_importers/gitlab_importer.py index 2c12f3a1a..ce9ff91cb 100644 --- a/vulnerabilities/pipelines/v2_importers/gitlab_importer.py +++ b/vulnerabilities/pipelines/v2_importers/gitlab_importer.py @@ -41,6 +41,7 @@ class GitLabImporterPipeline(VulnerableCodeBaseImporterPipelineV2): """ pipeline_id = "gitlab_importer_v2" + datasource_id = "gitlab" spdx_license_expression = "MIT" license_url = "https://gitlab.com/gitlab-org/advisories-community/-/blob/main/LICENSE" repo_url = "git+https://gitlab.com/gitlab-org/advisories-community/" diff --git a/vulnerabilities/pipelines/v2_importers/istio_importer.py b/vulnerabilities/pipelines/v2_importers/istio_importer.py index 71cf6bc7b..3d7095763 100644 --- a/vulnerabilities/pipelines/v2_importers/istio_importer.py +++ b/vulnerabilities/pipelines/v2_importers/istio_importer.py @@ -40,6 +40,7 @@ class IstioImporterPipeline(VulnerableCodeBaseImporterPipelineV2): """ pipeline_id = "istio_importer_v2" + datasource_id = "istio" spdx_license_expression = "Apache-2.0" license_url = "https://github.com/istio/istio.io/blob/master/LICENSE" repo_url = "git+https://github.com/istio/istio.io" diff --git a/vulnerabilities/pipelines/v2_importers/mattermost_importer.py b/vulnerabilities/pipelines/v2_importers/mattermost_importer.py index 7bfa7280e..cd4a5deb6 100644 --- a/vulnerabilities/pipelines/v2_importers/mattermost_importer.py +++ b/vulnerabilities/pipelines/v2_importers/mattermost_importer.py @@ -37,6 +37,7 @@ class MattermostImporterPipeline(VulnerableCodeBaseImporterPipelineV2): """ pipeline_id = "mattermost_importer_v2" + datasource_id = "mattermost" url = "https://securityupdates.mattermost.com/security_updates.json" spdx_license_expression = "LicenseRef-scancode-other-permissive" diff --git a/vulnerabilities/pipelines/v2_importers/mozilla_importer.py b/vulnerabilities/pipelines/v2_importers/mozilla_importer.py index 66765766a..2fa6f5002 100644 --- a/vulnerabilities/pipelines/v2_importers/mozilla_importer.py +++ b/vulnerabilities/pipelines/v2_importers/mozilla_importer.py @@ -41,6 +41,7 @@ class MozillaImporterPipeline(VulnerableCodeBaseImporterPipelineV2): """ pipeline_id = "mozilla_importer_v2" + datasource_id = "mozilla" repo_url = "git+https://github.com/mozilla/foundation-security-advisories" spdx_license_expression = "MPL-2.0" license_url = "https://github.com/mozilla/foundation-security-advisories/blob/master/LICENSE" diff --git a/vulnerabilities/pipelines/v2_importers/nginx_importer.py b/vulnerabilities/pipelines/v2_importers/nginx_importer.py index f5f3e3c67..b97e8863d 100644 --- a/vulnerabilities/pipelines/v2_importers/nginx_importer.py +++ b/vulnerabilities/pipelines/v2_importers/nginx_importer.py @@ -32,6 +32,7 @@ class NginxImporterPipeline(VulnerableCodeBaseImporterPipelineV2): """Collect Nginx security advisories.""" pipeline_id = "nginx_importer_v2" + datasource_id = "nginx" spdx_license_expression = "BSD-2-Clause" license_url = "https://nginx.org/LICENSE" diff --git a/vulnerabilities/pipelines/v2_importers/npm_importer.py b/vulnerabilities/pipelines/v2_importers/npm_importer.py index 9ec4c16dc..06099c6e7 100644 --- a/vulnerabilities/pipelines/v2_importers/npm_importer.py +++ b/vulnerabilities/pipelines/v2_importers/npm_importer.py @@ -37,6 +37,7 @@ class NpmImporterPipeline(VulnerableCodeBaseImporterPipelineV2): """ pipeline_id = "nodejs_security_wg" + datasource_id = "npm" spdx_license_expression = "MIT" license_url = "https://github.com/nodejs/security-wg/blob/main/LICENSE.md" repo_url = "git+https://github.com/nodejs/security-wg" diff --git a/vulnerabilities/pipelines/v2_importers/nvd_importer.py b/vulnerabilities/pipelines/v2_importers/nvd_importer.py index 7c5faf73e..4a3ecf411 100644 --- a/vulnerabilities/pipelines/v2_importers/nvd_importer.py +++ b/vulnerabilities/pipelines/v2_importers/nvd_importer.py @@ -36,6 +36,7 @@ class NVDImporterPipeline(VulnerableCodeBaseImporterPipelineV2): """ pipeline_id = "nvd_importer_v2" + datasource_id = "nvd" # See https://github.com/nexB/vulnerablecode/issues/665 for follow up spdx_license_expression = ( "LicenseRef-scancode-us-govt-public-domain AND LicenseRef-scancode-cve-tou" diff --git a/vulnerabilities/pipelines/v2_importers/openssl_importer.py b/vulnerabilities/pipelines/v2_importers/openssl_importer.py index cd2ec2006..8365b5f4b 100644 --- a/vulnerabilities/pipelines/v2_importers/openssl_importer.py +++ b/vulnerabilities/pipelines/v2_importers/openssl_importer.py @@ -36,6 +36,7 @@ class OpenSSLImporterPipeline(VulnerableCodeBaseImporterPipelineV2): pipeline_id = "openssl_importer_v2" spdx_license_expression = "Apache-2.0" importer_name = "OpenSSL Importer V2" + datasource_id = "openssl" license_url = "https://github.com/openssl/openssl/blob/master/LICENSE.txt" repo_url = "git+https://github.com/openssl/release-metadata/" diff --git a/vulnerabilities/pipelines/v2_importers/oss_fuzz.py b/vulnerabilities/pipelines/v2_importers/oss_fuzz.py index a22e53b77..121bb255b 100644 --- a/vulnerabilities/pipelines/v2_importers/oss_fuzz.py +++ b/vulnerabilities/pipelines/v2_importers/oss_fuzz.py @@ -26,6 +26,7 @@ class OSSFuzzImporterPipeline(VulnerableCodeBaseImporterPipelineV2): spdx_license_expression = "CC-BY-4.0" license_url = "https://github.com/google/oss-fuzz-vulns/blob/main/LICENSE" repo_url = "git+https://github.com/google/oss-fuzz-vulns" + datasource_id = "oss_fuzz" precedence = 100 diff --git a/vulnerabilities/pipelines/v2_importers/postgresql_importer.py b/vulnerabilities/pipelines/v2_importers/postgresql_importer.py index 10a6136e7..72ac1f3d3 100644 --- a/vulnerabilities/pipelines/v2_importers/postgresql_importer.py +++ b/vulnerabilities/pipelines/v2_importers/postgresql_importer.py @@ -35,6 +35,7 @@ class PostgreSQLImporterPipeline(VulnerableCodeBaseImporterPipelineV2): license_url = "https://www.postgresql.org/about/licence/" spdx_license_expression = "PostgreSQL" base_url = "https://www.postgresql.org/support/security/" + datasource_id = "postgresql" links = set() diff --git a/vulnerabilities/pipelines/v2_importers/project_kb_msr2019_importer.py b/vulnerabilities/pipelines/v2_importers/project_kb_msr2019_importer.py index 269c92f71..6c1a032fc 100644 --- a/vulnerabilities/pipelines/v2_importers/project_kb_msr2019_importer.py +++ b/vulnerabilities/pipelines/v2_importers/project_kb_msr2019_importer.py @@ -29,6 +29,7 @@ class ProjectKBMSR2019Pipeline(VulnerableCodeBaseImporterPipelineV2): spdx_license_expression = "Apache-2.0" license_url = "https://github.com/SAP/project-kb/blob/main/LICENSE.txt" repo_url = "git+https://github.com/SAP/project-kb" + datasource_id = "project_kb_msr2019" exclude_from_package_todo = True diff --git a/vulnerabilities/pipelines/v2_importers/project_kb_statements_importer.py b/vulnerabilities/pipelines/v2_importers/project_kb_statements_importer.py index a4200cedb..dbf43b921 100644 --- a/vulnerabilities/pipelines/v2_importers/project_kb_statements_importer.py +++ b/vulnerabilities/pipelines/v2_importers/project_kb_statements_importer.py @@ -36,6 +36,7 @@ class ProjectKBStatementsPipeline(VulnerableCodeBaseImporterPipelineV2): spdx_license_expression = "Apache-2.0" license_url = "https://github.com/SAP/project-kb/blob/main/LICENSE.txt" repo_url = "git+https://github.com/SAP/project-kb@vulnerability-data" + datasource_id = "project_kb_statements" exclude_from_package_todo = True diff --git a/vulnerabilities/pipelines/v2_importers/pypa_importer.py b/vulnerabilities/pipelines/v2_importers/pypa_importer.py index 142c8a385..82d1041b7 100644 --- a/vulnerabilities/pipelines/v2_importers/pypa_importer.py +++ b/vulnerabilities/pipelines/v2_importers/pypa_importer.py @@ -26,6 +26,7 @@ class PyPaImporterPipeline(VulnerableCodeBaseImporterPipelineV2): Collect advisories from PyPA GitHub repository.""" pipeline_id = "pypa_importer_v2" + datasource_id = "pypa" spdx_license_expression = "CC-BY-4.0" license_url = "https://github.com/pypa/advisory-database/blob/main/LICENSE" repo_url = "git+https://github.com/pypa/advisory-database" diff --git a/vulnerabilities/pipelines/v2_importers/pysec_importer.py b/vulnerabilities/pipelines/v2_importers/pysec_importer.py index e9225a4f5..7dfa628e1 100644 --- a/vulnerabilities/pipelines/v2_importers/pysec_importer.py +++ b/vulnerabilities/pipelines/v2_importers/pysec_importer.py @@ -26,6 +26,7 @@ class PyPIImporterPipeline(VulnerableCodeBaseImporterPipelineV2): Collect advisories from PyPI.""" pipeline_id = "pysec_importer_v2" + datasource_id = "pysec" license_url = "https://github.com/pypa/advisory-database/blob/main/LICENSE" url = "https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip" spdx_license_expression = "CC-BY-4.0" diff --git a/vulnerabilities/pipelines/v2_importers/redhat_importer.py b/vulnerabilities/pipelines/v2_importers/redhat_importer.py index 5dde4ce8f..31a6e8d64 100644 --- a/vulnerabilities/pipelines/v2_importers/redhat_importer.py +++ b/vulnerabilities/pipelines/v2_importers/redhat_importer.py @@ -45,6 +45,7 @@ class RedHatImporterPipeline(VulnerableCodeBaseImporterPipelineV2): spdx_license_expression = "CC-BY-4.0" license_url = "https://access.redhat.com/security/data/" url = "https://security.access.redhat.com/data/csaf/v2/advisories/" + datasource_id = "redhat" precedence = 200 diff --git a/vulnerabilities/pipelines/v2_importers/retiredotnet_importer.py b/vulnerabilities/pipelines/v2_importers/retiredotnet_importer.py index de9f131ee..19ed61e88 100644 --- a/vulnerabilities/pipelines/v2_importers/retiredotnet_importer.py +++ b/vulnerabilities/pipelines/v2_importers/retiredotnet_importer.py @@ -28,6 +28,7 @@ class RetireDotnetImporterPipeline(VulnerableCodeBaseImporterPipelineV2): spdx_license_expression = "MIT" repo_url = "git+https://github.com/RetireNet/Packages/" pipeline_id = "retiredotnet_importer_v2" + datasource_id = "retiredotnet" run_once = True precedence = 400 diff --git a/vulnerabilities/pipelines/v2_importers/ruby_importer.py b/vulnerabilities/pipelines/v2_importers/ruby_importer.py index 210f73566..5858ad00c 100644 --- a/vulnerabilities/pipelines/v2_importers/ruby_importer.py +++ b/vulnerabilities/pipelines/v2_importers/ruby_importer.py @@ -39,6 +39,7 @@ class RubyImporterPipeline(VulnerableCodeBaseImporterPipelineV2): repo_url = "git+https://github.com/rubysec/ruby-advisory-db" importer_name = "Ruby Importer" pipeline_id = "ruby_importer_v2" + datasource_id = "ruby_advisory_db" spdx_license_expression = "LicenseRef-scancode-public-domain-disclaimer" notice = """ If you submit code or data to the ruby-advisory-db that is copyrighted by diff --git a/vulnerabilities/pipelines/v2_importers/suse_score_importer.py b/vulnerabilities/pipelines/v2_importers/suse_score_importer.py index 299dcb256..d0da48e13 100644 --- a/vulnerabilities/pipelines/v2_importers/suse_score_importer.py +++ b/vulnerabilities/pipelines/v2_importers/suse_score_importer.py @@ -19,6 +19,7 @@ class SUSESeverityScoreImporterPipeline(VulnerableCodeBaseImporterPipelineV2): spdx_license_expression = "CC-BY-4.0" + datasource_id = "suse_score" license_url = "https://ftp.suse.com/pub/projects/security/yaml/LICENSE" pipeline_id = "suse_importer_v2" url = "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" diff --git a/vulnerabilities/pipelines/v2_importers/ubuntu_osv_importer.py b/vulnerabilities/pipelines/v2_importers/ubuntu_osv_importer.py index 9643e3c11..0621912a3 100644 --- a/vulnerabilities/pipelines/v2_importers/ubuntu_osv_importer.py +++ b/vulnerabilities/pipelines/v2_importers/ubuntu_osv_importer.py @@ -27,6 +27,7 @@ class UbuntuOSVImporterPipeline(VulnerableCodeBaseImporterPipelineV2): """ pipeline_id = "ubuntu_osv_importer_v2" + datasource_id = "ubuntu_osv" spdx_license_expression = "CC-BY-4.0" license_url = "https://github.com/canonical/ubuntu-security-notices/blob/main/LICENSE" repo_url = "git+https://github.com/canonical/ubuntu-security-notices/" diff --git a/vulnerabilities/pipelines/v2_importers/vulnrichment_importer.py b/vulnerabilities/pipelines/v2_importers/vulnrichment_importer.py index 84846a1bf..218f97a32 100644 --- a/vulnerabilities/pipelines/v2_importers/vulnrichment_importer.py +++ b/vulnerabilities/pipelines/v2_importers/vulnrichment_importer.py @@ -29,6 +29,7 @@ class VulnrichImporterPipeline(VulnerableCodeBaseImporterPipelineV2): """ pipeline_id = "vulnrichment_importer_v2" + datasource_id = "vulnrichment" spdx_license_expression = "CC0-1.0" license_url = "https://github.com/cisagov/vulnrichment/blob/develop/LICENSE" repo_url = "git+https://github.com/cisagov/vulnrichment.git" diff --git a/vulnerabilities/pipelines/v2_importers/xen_importer.py b/vulnerabilities/pipelines/v2_importers/xen_importer.py index 8bd2d6453..af1282e30 100644 --- a/vulnerabilities/pipelines/v2_importers/xen_importer.py +++ b/vulnerabilities/pipelines/v2_importers/xen_importer.py @@ -25,6 +25,7 @@ class XenImporterPipeline(VulnerableCodeBaseImporterPipelineV2): """ pipeline_id = "xen_importer_v2" + datasource_id = "xen" url = "https://xenbits.xen.org/xsa/xsa.json" spdx_license_expression = "LicenseRef-scancode-other-permissive" license_url = "https://xenbits.xen.org/xsa/" diff --git a/vulnerabilities/pipelines/v2_improvers/relate_severities.py b/vulnerabilities/pipelines/v2_improvers/relate_severities.py index 9ce3e0a30..8ef70445b 100644 --- a/vulnerabilities/pipelines/v2_improvers/relate_severities.py +++ b/vulnerabilities/pipelines/v2_improvers/relate_severities.py @@ -59,7 +59,7 @@ def relate_severities(self): """ # Filter severities by supported scoring systems severity_score_advisories = ( - AdvisoryV2.objects.filter(datasource_id__in=self.pipelines) + AdvisoryV2.objects.filter(pipeline_id__in=self.pipelines) .filter(severities__scoring_system__in=self.SUPPORTED_SYSTEMS) .latest_per_avid() .distinct() diff --git a/vulnerabilities/pipes/advisory.py b/vulnerabilities/pipes/advisory.py index 9250f2679..732e2e0ab 100644 --- a/vulnerabilities/pipes/advisory.py +++ b/vulnerabilities/pipes/advisory.py @@ -292,6 +292,7 @@ def insert_advisory_v2( advisory: AdvisoryDataV2, pipeline_id: str, logger: Callable, + datasource_id: str, precedence: int = 0, ): from vulnerabilities.models import ImpactedPackage @@ -303,9 +304,10 @@ def insert_advisory_v2( content_id = compute_content_id_v2(advisory_data=advisory) try: default_data = { - "datasource_id": pipeline_id, + "datasource_id": datasource_id, + "pipeline_id": pipeline_id, "advisory_id": advisory.advisory_id, - "avid": f"{pipeline_id}/{advisory.advisory_id}", + "avid": f"{datasource_id}/{advisory.advisory_id}", "summary": advisory.summary, "date_published": advisory.date_published, "original_advisory_text": advisory.original_advisory_text, @@ -315,7 +317,8 @@ def insert_advisory_v2( advisory_obj, created = AdvisoryV2.objects.get_or_create( advisory_id=advisory.advisory_id, - datasource_id=pipeline_id, + datasource_id=datasource_id, + pipeline_id=pipeline_id, unique_content_id=content_id, defaults=default_data, ) @@ -335,7 +338,7 @@ def insert_advisory_v2( return advisory_obj AdvisoryV2.objects.filter( - avid=f"{pipeline_id}/{advisory.advisory_id}", + avid=f"{datasource_id}/{advisory.advisory_id}", is_latest=True, ).update(is_latest=False) advisory_obj.is_latest = True diff --git a/vulnerabilities/tests/pipelines/exporters/test_federate_vulnerabilities.py b/vulnerabilities/tests/pipelines/exporters/test_federate_vulnerabilities.py index af36cc711..800163bfa 100644 --- a/vulnerabilities/tests/pipelines/exporters/test_federate_vulnerabilities.py +++ b/vulnerabilities/tests/pipelines/exporters/test_federate_vulnerabilities.py @@ -87,11 +87,13 @@ def setUp(self): advisory=advisory1, pipeline_id="test_pipeline_v2", logger=self.logger.write, + datasource_id="test", ) insert_advisory_v2( advisory=advisory2, pipeline_id="test_pipeline_v2", logger=self.logger.write, + datasource_id="test", ) @patch( diff --git a/vulnerabilities/tests/pipelines/v2_improvers/test_collect_commits_v2.py b/vulnerabilities/tests/pipelines/v2_improvers/test_collect_commits_v2.py index d79ca0eb0..268163473 100644 --- a/vulnerabilities/tests/pipelines/v2_improvers/test_collect_commits_v2.py +++ b/vulnerabilities/tests/pipelines/v2_improvers/test_collect_commits_v2.py @@ -61,6 +61,7 @@ def test_is_vcs_url_already_processed_true(): url="https://example.com/advisory/CVE-2025-9999", unique_content_id="11111", date_collected=datetime.now(), + pipeline_id="test_pipeline_v2", ) package = PackageV2.objects.create( type="bar", @@ -86,6 +87,7 @@ def test_collect_fix_commits_pipeline_creates_entry(): url="https://example.com/advisory/CVE-2025-1000", unique_content_id="11111", date_collected=datetime.now(), + pipeline_id="test_pipeline_v2", ) package = PackageV2.objects.create( type="foo", @@ -115,6 +117,7 @@ def test_collect_fix_commits_pipeline_skips_non_commit_urls(): advisory = AdvisoryV2.objects.create( advisory_id="CVE-2025-2000", datasource_id="test-ds", + pipeline_id="test-ds_v2", avid="test-ds/CVE-2025-2000", url="https://example.com/advisory/CVE-2025-2000", unique_content_id="11111", diff --git a/vulnerabilities/tests/pipelines/v2_improvers/test_collect_ssvc_trees.py b/vulnerabilities/tests/pipelines/v2_improvers/test_collect_ssvc_trees.py index ad4a6bcb6..ef55826a6 100644 --- a/vulnerabilities/tests/pipelines/v2_improvers/test_collect_ssvc_trees.py +++ b/vulnerabilities/tests/pipelines/v2_improvers/test_collect_ssvc_trees.py @@ -37,6 +37,7 @@ def vulnrichment_advisory(db): unique_content_id="unique-1234", date_collected=datetime.now(), is_latest=True, + pipeline_id="ds_importer_v2", ) @@ -61,6 +62,7 @@ def related_advisory(db): unique_content_id="unique-5678", date_collected=datetime.now(), is_latest=True, + pipeline_id="ds_importer_v2", ) diff --git a/vulnerabilities/tests/pipelines/v2_improvers/test_compute_advisory_todo_v2.py b/vulnerabilities/tests/pipelines/v2_improvers/test_compute_advisory_todo_v2.py index 3d289e8d6..a1bbe0465 100644 --- a/vulnerabilities/tests/pipelines/v2_improvers/test_compute_advisory_todo_v2.py +++ b/vulnerabilities/tests/pipelines/v2_improvers/test_compute_advisory_todo_v2.py @@ -185,6 +185,7 @@ def test_advisory_todo_missing_summary(self): advisory=self.advisory_data1, pipeline_id="test_pipeline1", logger=self.log.write, + datasource_id="test1", ) adv = AdvisoryV2.objects.first() adv.summary = "" @@ -202,6 +203,7 @@ def test_advisory_todo_missing_fixed(self): advisory=self.advisory_data2, pipeline_id="test_pipeline1", logger=self.log.write, + datasource_id="test1", ) pipeline = ComputeToDo() pipeline.execute() @@ -214,8 +216,9 @@ def test_advisory_todo_missing_fixed(self): def test_advisory_todo_missing_affected(self): insert_advisory_v2( advisory=self.advisory_data3, - pipeline_id="test_pipeline1", logger=self.log.write, + datasource_id="test1", + pipeline_id="test_pipeline1", ) pipeline = ComputeToDo() pipeline.execute() @@ -228,13 +231,15 @@ def test_advisory_todo_missing_affected(self): def test_advisory_todo_conflicting_fixed_affected(self): insert_advisory_v2( advisory=self.advisory_data1, - pipeline_id="test_pipeline1", logger=self.log.write, + datasource_id="test1", + pipeline_id="test_pipeline1", ) insert_advisory_v2( advisory=self.advisory_data4, - pipeline_id="test_pipeline2", logger=self.log.write, + datasource_id="test4", + pipeline_id="test_pipeline4", ) for imp in ImpactedPackage.objects.all(): imp.last_successful_range_unfurl_at = datetime.now() @@ -249,7 +254,7 @@ def test_advisory_todo_conflicting_fixed_affected(self): self.assertEqual(1, AdvisoryToDoV2.objects.count()) self.assertEqual("CONFLICTING_AFFECTED_AND_FIXED_BY_PACKAGES", todo.issue_type) self.assertIn( - '"conflict_checksum": "57f32de5f41f137f0e3808535c2d974d54eeeda426c4279e7fb90475d26f0313",', + '"conflict_checksum": "87d9e2627a8461fc5c068335d822af4aa0a40a8f265a92895c51d275d97ab0d6",', todo.issue_detail, ) self.assertEqual(2, todo.advisories.count()) @@ -260,11 +265,13 @@ def test_todo_at_package_alias_intersection(self): advisory=self.advisory_data4, pipeline_id="test_pipeline4", logger=self.log.write, + datasource_id="test4", ) insert_advisory_v2( advisory=self.advisory_data5, pipeline_id="test_pipeline5", logger=self.log.write, + datasource_id="test5", ) for imp in ImpactedPackage.objects.all(): imp.last_successful_range_unfurl_at = datetime.now() @@ -280,7 +287,7 @@ def test_todo_conflict_details_partial_curation(self): expected_partial_curation_advisory = { "advisory_id": "PLACEHOLDER_PARTIAL_CURATION_AVID", "aliases": ["CVE-000-000"], - "summary": "('test_pipeline5/test_id_5', 'test_pipeline6/test_id_6'): Test summary", + "summary": "('test5/test_id_5', 'test6/test_id_6'): Test summary", "affected_packages": [ { "package": { @@ -353,11 +360,13 @@ def test_todo_conflict_details_partial_curation(self): advisory=self.advisory_data5, pipeline_id="test_pipeline5", logger=self.log.write, + datasource_id="test5", ) insert_advisory_v2( advisory=self.advisory_data6, pipeline_id="test_pipeline6", logger=self.log.write, + datasource_id="test6", ) for imp in ImpactedPackage.objects.all(): imp.last_successful_range_unfurl_at = datetime.now() @@ -372,6 +381,8 @@ def test_todo_conflict_details_partial_curation(self): result_partial_curation = issue_details["partial_curation_advisory"] self.assertEqual(1, AdvisoryToDoV2.objects.count()) self.assertEqual("CONFLICTING_FIXED_BY_PACKAGES", todo.issue_type) + print(result_partial_curation) + # breakpoint() self.assertDictEqual(expected_partial_curation_advisory, result_partial_curation) def test_todo_conflict_details_partial_curation_unpaired_purl_and_conflicting_affected_and_fixed( @@ -380,7 +391,7 @@ def test_todo_conflict_details_partial_curation_unpaired_purl_and_conflicting_af expected_partial_curation_advisory = { "advisory_id": "PLACEHOLDER_PARTIAL_CURATION_AVID", "aliases": ["CVE-000-000"], - "summary": "('test_pipeline1/test_id', 'test_pipeline5/test_id_5'): Test summary", + "summary": "('test1/test_id', 'test5/test_id_5'): Test summary", "affected_packages": [ { "package": { @@ -411,11 +422,13 @@ def test_todo_conflict_details_partial_curation_unpaired_purl_and_conflicting_af advisory=self.advisory_data5, pipeline_id="test_pipeline5", logger=self.log.write, + datasource_id="test5", ) insert_advisory_v2( advisory=self.advisory_data1, pipeline_id="test_pipeline1", logger=self.log.write, + datasource_id="test1", ) for imp in ImpactedPackage.objects.all(): imp.last_successful_range_unfurl_at = datetime.now() @@ -430,13 +443,15 @@ def test_todo_conflict_details_partial_curation_unpaired_purl_and_conflicting_af result_partial_curation = issue_details["partial_curation_advisory"] self.assertEqual(1, AdvisoryToDoV2.objects.count()) self.assertEqual("CONFLICTING_AFFECTED_AND_FIXED_BY_PACKAGES", todo.issue_type) + print(result_partial_curation) + # breakpoint() self.assertDictEqual(expected_partial_curation_advisory, result_partial_curation) def test_todo_conflict_details_partial_curation_unpaired_purl_and_conflicting_fixed(self): expected_partial_curation_advisory = { "advisory_id": "PLACEHOLDER_PARTIAL_CURATION_AVID", "aliases": ["CVE-000-000"], - "summary": "('test_pipeline1/test_id', 'test_pipeline7/test_id_5'): Test summary", + "summary": "('test1/test_id', 'test7/test_id_5'): Test summary", "affected_packages": [ { "package": { @@ -481,11 +496,13 @@ def test_todo_conflict_details_partial_curation_unpaired_purl_and_conflicting_fi advisory=self.advisory_data1, pipeline_id="test_pipeline1", logger=self.log.write, + datasource_id="test1", ) insert_advisory_v2( advisory=self.advisory_data7, pipeline_id="test_pipeline7", logger=self.log.write, + datasource_id="test7", ) for imp in ImpactedPackage.objects.all(): imp.last_successful_range_unfurl_at = datetime.now() @@ -500,13 +517,15 @@ def test_todo_conflict_details_partial_curation_unpaired_purl_and_conflicting_fi result_partial_curation = issue_details["partial_curation_advisory"] self.assertEqual(1, AdvisoryToDoV2.objects.count()) self.assertEqual("CONFLICTING_FIXED_BY_PACKAGES", todo.issue_type) + print(result_partial_curation) + # breakpoint() self.assertDictEqual(expected_partial_curation_advisory, result_partial_curation) def test_todo_conflict_details_partial_curation_unpaired_purl_and_conflicting_affected(self): expected_partial_curation_advisory = { "advisory_id": "PLACEHOLDER_PARTIAL_CURATION_AVID", "aliases": ["CVE-000-000"], - "summary": "('test_pipeline1/test_id', 'test_pipeline7/test_id_5'): Test summary", + "summary": "('test1/test_id', 'test8/test_id_5'): Test summary", "affected_packages": [ { "package": { @@ -549,13 +568,15 @@ def test_todo_conflict_details_partial_curation_unpaired_purl_and_conflicting_af insert_advisory_v2( advisory=self.advisory_data1, - pipeline_id="test_pipeline1", logger=self.log.write, + datasource_id="test1", + pipeline_id="test_pipeline1", ) insert_advisory_v2( advisory=self.advisory_data8, - pipeline_id="test_pipeline7", logger=self.log.write, + datasource_id="test8", + pipeline_id="test_pipeline8", ) for imp in ImpactedPackage.objects.all(): imp.last_successful_range_unfurl_at = datetime.now() @@ -570,4 +591,6 @@ def test_todo_conflict_details_partial_curation_unpaired_purl_and_conflicting_af result_partial_curation = issue_details["partial_curation_advisory"] self.assertEqual(1, AdvisoryToDoV2.objects.count()) self.assertEqual("CONFLICTING_AFFECTED_PACKAGES", todo.issue_type) + print(result_partial_curation) + # breakpoint() self.assertDictEqual(expected_partial_curation_advisory, result_partial_curation) diff --git a/vulnerabilities/tests/pipelines/v2_improvers/test_compute_package_risk_v2.py b/vulnerabilities/tests/pipelines/v2_improvers/test_compute_package_risk_v2.py index 305abf429..ff6d1fd61 100644 --- a/vulnerabilities/tests/pipelines/v2_improvers/test_compute_package_risk_v2.py +++ b/vulnerabilities/tests/pipelines/v2_improvers/test_compute_package_risk_v2.py @@ -30,6 +30,7 @@ def test_simple_risk_pipeline(): advisory_id="VCID-Existing", summary="vulnerability description here", datasource_id="ds", + pipeline_id="ds_importer_v2", avid="ds/VCID-Existing", unique_content_id="ajkef", url="https://test.com", diff --git a/vulnerabilities/tests/pipelines/v2_improvers/test_enhance_with_exploitdb_v2.py b/vulnerabilities/tests/pipelines/v2_improvers/test_enhance_with_exploitdb_v2.py index 41f96d706..46d0a4092 100644 --- a/vulnerabilities/tests/pipelines/v2_improvers/test_enhance_with_exploitdb_v2.py +++ b/vulnerabilities/tests/pipelines/v2_improvers/test_enhance_with_exploitdb_v2.py @@ -41,6 +41,7 @@ def test_exploit_db_improver(mock_get): adv1 = AdvisoryV2.objects.create( advisory_id="VCIO-123-2002", datasource_id="ds", + pipeline_id="ds_importer_v2", avid="ds/VCIO-123-2002", unique_content_id="i3giu", url="https://test.com", diff --git a/vulnerabilities/tests/pipelines/v2_improvers/test_enhance_with_kev_v2.py b/vulnerabilities/tests/pipelines/v2_improvers/test_enhance_with_kev_v2.py index ab4df9cf2..8950f3b9d 100644 --- a/vulnerabilities/tests/pipelines/v2_improvers/test_enhance_with_kev_v2.py +++ b/vulnerabilities/tests/pipelines/v2_improvers/test_enhance_with_kev_v2.py @@ -41,6 +41,7 @@ def test_kev_improver(mock_get): adv1 = AdvisoryV2.objects.create( advisory_id="VCIO-123-2002", datasource_id="ds", + pipeline_id="ds_importer_v2", avid="ds/VCIO-123-2002", unique_content_id="i3giu", url="https://test.com", diff --git a/vulnerabilities/tests/pipelines/v2_improvers/test_enhance_with_metasploit_v2.py b/vulnerabilities/tests/pipelines/v2_improvers/test_enhance_with_metasploit_v2.py index 447dea9d3..d5030a292 100644 --- a/vulnerabilities/tests/pipelines/v2_improvers/test_enhance_with_metasploit_v2.py +++ b/vulnerabilities/tests/pipelines/v2_improvers/test_enhance_with_metasploit_v2.py @@ -44,6 +44,7 @@ def test_metasploit_improver(mock_get): adv1 = AdvisoryV2.objects.create( advisory_id="VCIO-123-2002", datasource_id="ds", + pipeline_id="ds_importer_v2", avid="ds/VCIO-123-2002", unique_content_id="i3giu", url="https://test.com", diff --git a/vulnerabilities/tests/pipelines/v2_improvers/test_relate_severities.py b/vulnerabilities/tests/pipelines/v2_improvers/test_relate_severities.py index 27cf1f849..04a730d70 100644 --- a/vulnerabilities/tests/pipelines/v2_improvers/test_relate_severities.py +++ b/vulnerabilities/tests/pipelines/v2_improvers/test_relate_severities.py @@ -26,16 +26,18 @@ def test_relate_severities_by_advisory_id(): url="https://example.com/advisory/CVE-2024-0001", date_collected="2024-01-01", is_latest=True, + pipeline_id="test_pipeline_v2", ) severity_advisory = AdvisoryV2.objects.create( advisory_id="CVE-2024-0001", - datasource_id="epss_importer_v2", + datasource_id="epss", avid="epss/CVE-2024-0001", unique_content_id="ab2", url="https://example.com/epss/CVE-2024-0001", date_collected="2024-01-02", is_latest=True, + pipeline_id="epss_importer_v2", ) severity_advisory.severities.create( scoring_system=EPSS.identifier, @@ -62,18 +64,20 @@ def test_relate_severities_via_alias(): url="https://example.com/advisory/CVE-2024-0002", date_collected="2024-01-01", is_latest=True, + pipeline_id="nvd_importer_v2", ) base.aliases.create(alias="CVE-2024-ALIAS") severity_advisory = AdvisoryV2.objects.create( advisory_id="CVE-2024-ALIAS", - datasource_id="epss_importer_v2", + datasource_id="epss", avid="epss/CVE-2024-ALIAS", unique_content_id="ab4", url="https://example.com/epss/CVE-2024-ALIAS", date_collected="2024-01-02", is_latest=True, + pipeline_id="epss_importer_v2", ) severity_advisory.severities.create( scoring_system=EPSS.identifier, @@ -90,12 +94,13 @@ def test_relate_severities_via_alias(): def test_no_self_relation_created(): advisory = AdvisoryV2.objects.create( advisory_id="CVE-2024-0003", - datasource_id="epss_importer_v2", + datasource_id="epss", unique_content_id="ab5", url="https://example.com/advisory/CVE-2024-0003", date_collected="2024-01-03", avid="epss/CVE-2024-0003", is_latest=True, + pipeline_id="epss_importer_v2", ) advisory.severities.create( scoring_system=EPSS.identifier, @@ -118,16 +123,18 @@ def test_unsupported_severity_system_is_ignored(): date_collected="2024-01-01", avid="nvd/CVE-2024-0004", is_latest=True, + pipeline_id="nvd_importer_v2", ) severity_advisory = AdvisoryV2.objects.create( advisory_id="CVE-2024-0004", - datasource_id="epss_importer_v2", + datasource_id="epss", unique_content_id="ab7", url="https://example.com/epss/CVE-2024-0004", date_collected="2024-01-02", avid="epss/CVE-2024-0004", is_latest=True, + pipeline_id="epss_importer_v2", ) severity_advisory.severities.create( scoring_system="UNKNOWN_SYSTEM", @@ -145,6 +152,7 @@ def test_pipeline_is_idempotent(): base = AdvisoryV2.objects.create( advisory_id="CVE-2024-0005", datasource_id="nvd", + pipeline_id="nvd_importer_v2", unique_content_id="ab8", url="https://example.com/advisory/CVE-2024-0005", date_collected="2024-01-01", @@ -154,12 +162,13 @@ def test_pipeline_is_idempotent(): severity = AdvisoryV2.objects.create( advisory_id="CVE-2024-0005", - datasource_id="epss_importer_v2", + datasource_id="epss", unique_content_id="ab9", url="https://example.com/epss/CVE-2024-0005", date_collected="2024-01-02", is_latest=True, avid="epss/CVE-2024-0005", + pipeline_id="epss_importer_v2", ) severity.severities.create( scoring_system=EPSS.identifier, diff --git a/vulnerabilities/tests/pipelines/v2_improvers/test_unfurl_version_range.py b/vulnerabilities/tests/pipelines/v2_improvers/test_unfurl_version_range.py index 3d73c6884..c5378e294 100644 --- a/vulnerabilities/tests/pipelines/v2_improvers/test_unfurl_version_range.py +++ b/vulnerabilities/tests/pipelines/v2_improvers/test_unfurl_version_range.py @@ -99,6 +99,7 @@ def test_affecting_version_range_unfurl(self, mock_fetch): advisory=self.advisory1, pipeline_id="test_pipeline_v2", logger=self.logger.write, + datasource_id="test", ) self.assertEqual(1, PackageV2.objects.count()) mock_fetch.return_value = {"3.4.1", "3.9.0", "2.1.0", "4.0.0", "4.1.0"} @@ -119,6 +120,7 @@ def test_impacted_package_qs_dont_process_empty_vers(self): advisory=self.advisory2, pipeline_id="test_pipeline_v2", logger=self.logger.write, + datasource_id="test", ) self.assertEqual(3, ImpactedPackage.objects.count()) @@ -129,6 +131,7 @@ def test_impacted_package_qs_dont_process_empty_vers(self): advisory=self.advisory2, pipeline_id="test_pipeline_v2", logger=self.logger.write, + datasource_id="test", ) impact = ImpactedPackage.objects.filter(affecting_vers__isnull=False).first() impact.last_range_unfurl_at = timezone.now() @@ -141,6 +144,7 @@ def test_impacted_package_qs_prioritize_never_unfurled_impact_first(self): advisory=self.advisory2, pipeline_id="test_pipeline_v2", logger=self.logger.write, + datasource_id="test", ) impact = ImpactedPackage.objects.filter(affecting_vers__isnull=False).first() impact.last_range_unfurl_at = timezone.now() - timedelta(days=4) @@ -155,6 +159,7 @@ def test_impacted_package_reunfurl_vers(self): advisory=self.advisory2, pipeline_id="test_pipeline_v2", logger=self.logger.write, + datasource_id="test", ) impact = ImpactedPackage.objects.filter(affecting_vers__isnull=False).first() impact.last_range_unfurl_at = timezone.now() diff --git a/vulnerabilities/tests/pipes/test_advisory.py b/vulnerabilities/tests/pipes/test_advisory.py index 67c073b61..ad98e915a 100644 --- a/vulnerabilities/tests/pipes/test_advisory.py +++ b/vulnerabilities/tests/pipes/test_advisory.py @@ -323,15 +323,17 @@ def setUp(self): advisory=self.advisory1, pipeline_id="test_pipeline_v2", logger=self.logger.write, + datasource_id="test", ) def test_latest_advisory_update_on_advisory_insert(self): - adv_old = AdvisoryV2.objects.get(avid="test_pipeline_v2/GHSA-1234", is_latest=True) + adv_old = AdvisoryV2.objects.get(avid="test/GHSA-1234", is_latest=True) insert_advisory_v2( advisory=self.advisory2, pipeline_id="test_pipeline_v2", logger=self.logger.write, + datasource_id="test", ) - adv_new = AdvisoryV2.objects.get(avid="test_pipeline_v2/GHSA-1234", is_latest=True) + adv_new = AdvisoryV2.objects.get(avid="test/GHSA-1234", is_latest=True) self.assertEqual("Test advisory old", adv_old.summary) self.assertEqual("Test advisory new", adv_new.summary) diff --git a/vulnerabilities/tests/pipes/test_vulnerablecode_importer_pipeline_v2.py b/vulnerabilities/tests/pipes/test_vulnerablecode_importer_pipeline_v2.py index 120938b88..646cad825 100644 --- a/vulnerabilities/tests/pipes/test_vulnerablecode_importer_pipeline_v2.py +++ b/vulnerabilities/tests/pipes/test_vulnerablecode_importer_pipeline_v2.py @@ -32,7 +32,8 @@ class DummyImporter(VulnerableCodeBaseImporterPipelineV2): - pipeline_id = "dummy" + pipeline_id = "dummy_importer_v2" + datasource_id = "dummy" log_messages = [] def log(self, message, level=logging.INFO): diff --git a/vulnerabilities/tests/test_advisory_merge.py b/vulnerabilities/tests/test_advisory_merge.py index 08b586ff3..71c214bbb 100644 --- a/vulnerabilities/tests/test_advisory_merge.py +++ b/vulnerabilities/tests/test_advisory_merge.py @@ -34,6 +34,7 @@ def create_advisory(self, advisory_id, affected_versions, fixed_versions=None, p adv = AdvisoryV2.objects.create( datasource_id="ghsa", advisory_id=advisory_id, + pipeline_id="ghsa_importer_v2", avid=f"ghsa/{advisory_id}", unique_content_id=unique_content_id, url="https://example.com/advisory", diff --git a/vulnerabilities/tests/test_api_v2.py b/vulnerabilities/tests/test_api_v2.py index be447ab0b..c9ee9a0ce 100644 --- a/vulnerabilities/tests/test_api_v2.py +++ b/vulnerabilities/tests/test_api_v2.py @@ -791,6 +791,7 @@ class CodeFixV2APITest(APITestCase): def setUp(self): self.advisory = AdvisoryV2.objects.create( datasource_id="test_source", + pipeline_id="test_source_v2", advisory_id="TEST-2025-001", avid="test_source/TEST-2025-001", unique_content_id="a" * 64, diff --git a/vulnerabilities/tests/test_api_v3.py b/vulnerabilities/tests/test_api_v3.py index be4b1d923..14ec04a04 100644 --- a/vulnerabilities/tests/test_api_v3.py +++ b/vulnerabilities/tests/test_api_v3.py @@ -33,6 +33,7 @@ def setUp(self): url="https://example.com/advisory", ), pipeline_id="ghsa", + datasource_id="ghsa", logger=self.logger.write, ) @@ -180,7 +181,7 @@ def setUp(self): original_advisory_text="Sample advisory text", ) - insert_advisory_v2(advisory, "ghsa_importer", print, 100) + insert_advisory_v2(advisory, "ghsa_importer", print, "ghsa", 100) self.client = APIClient(enforce_csrf_checks=True) @@ -197,7 +198,7 @@ def test_advisories_post(self): self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(len(response.data["results"]), 100) advisory = response.data["results"][0] - self.assertEqual(advisory["advisory_id"], "ghsa_importer/GHSA-12341") + self.assertEqual(advisory["advisory_id"], "ghsa/GHSA-12341") class APIV3TestCaseOneAdvisoryMultiplePackages(APITestCase): @@ -223,7 +224,7 @@ def setUp(self): original_advisory_text="Sample advisory text", ) - insert_advisory_v2(advisory, "ghsa_importer", print, 100) + insert_advisory_v2(advisory, "ghsa_importer", print, "ghsa", 100) self.client = APIClient(enforce_csrf_checks=True) diff --git a/vulnerabilities/tests/test_commit_code.py b/vulnerabilities/tests/test_commit_code.py index ea7f857cd..9db281b83 100644 --- a/vulnerabilities/tests/test_commit_code.py +++ b/vulnerabilities/tests/test_commit_code.py @@ -20,6 +20,7 @@ def setup_method(self): advisory_id="test_id", avid="test_pipeline/test_id", datasource_id="test_pipeline", + pipeline_id="test_pipeline_v2", ) self.impacted = ImpactedPackage.objects.create( diff --git a/vulnerabilities/tests/test_data/exporters/federate_vulnerabilities/1.2.4/advisories-expected.yml b/vulnerabilities/tests/test_data/exporters/federate_vulnerabilities/1.2.4/advisories-expected.yml index eb0c3737d..b8d11493b 100644 --- a/vulnerabilities/tests/test_data/exporters/federate_vulnerabilities/1.2.4/advisories-expected.yml +++ b/vulnerabilities/tests/test_data/exporters/federate_vulnerabilities/1.2.4/advisories-expected.yml @@ -1,5 +1,5 @@ - purl: pkg:npm/foobar@1.2.4 affected_by_advisories: - - test_pipeline_v2/ADV-002 + - test/ADV-002 fixing_advisories: - - test_pipeline_v2/ADV-001 + - test/ADV-001 diff --git a/vulnerabilities/tests/test_data/exporters/federate_vulnerabilities/ADV-001-expected.yml b/vulnerabilities/tests/test_data/exporters/federate_vulnerabilities/ADV-001-expected.yml index 57ea7e36c..c50efefd7 100644 --- a/vulnerabilities/tests/test_data/exporters/federate_vulnerabilities/ADV-001-expected.yml +++ b/vulnerabilities/tests/test_data/exporters/federate_vulnerabilities/ADV-001-expected.yml @@ -1,5 +1,5 @@ advisory_id: ADV-001 -datasource_id: test_pipeline_v2/ADV-001 +datasource_id: test/ADV-001 datasource_url: https://example.com/advisory/1 aliases: - CVE-2025-0001 diff --git a/vulnerabilities/tests/test_data/exporters/federate_vulnerabilities/ADV-002-expected.yml b/vulnerabilities/tests/test_data/exporters/federate_vulnerabilities/ADV-002-expected.yml index 0b1861940..79903f2dc 100644 --- a/vulnerabilities/tests/test_data/exporters/federate_vulnerabilities/ADV-002-expected.yml +++ b/vulnerabilities/tests/test_data/exporters/federate_vulnerabilities/ADV-002-expected.yml @@ -1,5 +1,5 @@ advisory_id: ADV-002 -datasource_id: test_pipeline_v2/ADV-002 +datasource_id: test/ADV-002 datasource_url: https://example.com/advisory/2 aliases: - CVE-2025-0002 diff --git a/vulnerabilities/tests/test_data_migrations.py b/vulnerabilities/tests/test_data_migrations.py index 17c916347..213fe98b8 100644 --- a/vulnerabilities/tests/test_data_migrations.py +++ b/vulnerabilities/tests/test_data_migrations.py @@ -983,6 +983,7 @@ def setUpBeforeMigration(self, apps): advisory_id="old_adv", avid="test_pipeline/old_adv", datasource_id="test_pipeline", + # pipeline_id="test_pipeline_v2", ) ImpactedPackage.objects.create(advisory=adv, base_purl="pkg:pypi/oldpkg") @@ -1052,6 +1053,7 @@ def setUpBeforeMigration(self, apps): advisory_id="test_adv", avid="test_pipeline/test_adv", datasource_id="test_pipeline", + # pipeline_id="test_pipeline_v2", ) AdvisoryV2.objects.create( @@ -1061,6 +1063,7 @@ def setUpBeforeMigration(self, apps): advisory_id="test_adv", avid="test_pipeline/test_adv", datasource_id="test_pipeline", + # pipeline_id="test_pipeline_v2", ) AdvisoryV2.objects.create( @@ -1070,6 +1073,7 @@ def setUpBeforeMigration(self, apps): advisory_id="test_adv", avid="test_pipeline/test_adv", datasource_id="test_pipeline", + # pipeline_id="test_pipeline_v2", ) def test_no_duplicate_is_latest_for_avid(self): @@ -1166,6 +1170,7 @@ def setUpBeforeMigration(self, apps): advisory_id=raw_input, avid=f"alpine_linux_importer_v2/{raw_input}", datasource_id="alpine_linux_importer_v2", + # pipeline_id="test_pipeline_v2", ) alias = AdvisoryAlias.objects.create(alias=raw_input) adv.aliases.add(alias) @@ -1203,6 +1208,7 @@ def setUpBeforeMigration(self, apps): advisory_id="test_adv1", avid="test_pipeline/test_adv", datasource_id="test_pipeline", + # pipeline_id="test_pipeline_v2", ) self.advisory2 = AdvisoryV2.objects.create( @@ -1212,6 +1218,7 @@ def setUpBeforeMigration(self, apps): advisory_id="test_adv2", avid="test_pipeline/test_adv", datasource_id="test_pipeline", + # pipeline_id="test_pipeline_v2", ) ImpactedPackage.objects.create( diff --git a/vulnerabilities/tests/test_models.py b/vulnerabilities/tests/test_models.py index 9bebc6ba6..b72eef02f 100644 --- a/vulnerabilities/tests/test_models.py +++ b/vulnerabilities/tests/test_models.py @@ -774,7 +774,10 @@ def test_advisoryv2_to_advisory_data_patch_seralization(self): from vulnerabilities.pipes.advisory import insert_advisory_v2 insert_advisory_v2( - advisory=self.advisoryv2_data1, pipeline_id="test_pipeline", logger=self.logger.write + advisory=self.advisoryv2_data1, + pipeline_id="test_pipeline", + logger=self.logger.write, + datasource_id="test", ) result = models.AdvisoryV2.objects.first().to_advisory_data() @@ -820,10 +823,16 @@ def test_advisoryv2_duplication_data(self): from vulnerabilities.pipes.advisory import insert_advisory_v2 insert_advisory_v2( - advisory=self.advisoryv2_data1, pipeline_id="test_pipeline", logger=self.logger.write + advisory=self.advisoryv2_data1, + pipeline_id="test_pipeline", + logger=self.logger.write, + datasource_id="test", ) insert_advisory_v2( - advisory=self.advisoryv2_data2, pipeline_id="test_pipeline", logger=self.logger.write + advisory=self.advisoryv2_data2, + pipeline_id="test_pipeline", + logger=self.logger.write, + datasource_id="test", ) result = models.AdvisoryV2.objects.count() diff --git a/vulnerabilities/tests/test_same_avid_different_content_id.py b/vulnerabilities/tests/test_same_avid_different_content_id.py index 1dc6dd686..6e60ab4c3 100644 --- a/vulnerabilities/tests/test_same_avid_different_content_id.py +++ b/vulnerabilities/tests/test_same_avid_different_content_id.py @@ -31,7 +31,8 @@ def _create(*, advisory_id, summary): advisory_id=advisory_id, url="https://example.com/advisory", ), - pipeline_id="source", + pipeline_id="source_importer_v2", + datasource_id="source", logger=logger.write, ) diff --git a/vulnerabilities/tests/test_utils.py b/vulnerabilities/tests/test_utils.py index 40e92f239..9aac66c83 100644 --- a/vulnerabilities/tests/test_utils.py +++ b/vulnerabilities/tests/test_utils.py @@ -241,6 +241,7 @@ def setUp(self): insert_advisory_v2( advisory=self.advisory1, pipeline_id="test_pipeline_v2", + datasource_id="test", logger=self.logger.write, )