def test_register_source() -> None: DummyAdvisorySource._name = "dummy2" register_source("dummy2", DummyAdvisorySource) assert is_registered_source("dummy2") _config = Configuration() assert "dummy2" in _config.available_sources
@property def total_count(self) -> int: return len(self._advisories.keys()) def update(self) -> None: request = urllib.request.Request(url=self._url, headers={"User-Agent": "Mozilla/5.0"}) with urllib.request.urlopen(request) as response: with open(self.path, "wb") as fh: fh.write(response.read()) def has_security_advisory_for(self, package_name: str) -> bool: return package_name.strip().lower() in self.advisories.keys() def is_vulnerable_package( self, package_name: str, package_version: str) -> Tuple[bool, List[SecurityAdvisory]]: if not self.has_security_advisory_for(package_name): return False, [] advisories = [] for candidate in self.advisories[package_name.strip().lower()]: if candidate.is_affected(package_version): advisories.append(candidate) return len(advisories) > 0, advisories register_source("gemnasium", Gemnasium)
self._advisories = defaultdict(list) with open(self.path, "rb") as fh: for item in json.load(fh): obj = GithubSecurityAdvisory.using(item) self._advisories[obj.package_name].append(obj) @property def path(self) -> str: return os.path.join(self._cache_dir, "github.cache") def update(self) -> None: with open(self.path, "w") as fh: json.dump(list(_fetch_github_security_advisories()), fh) def has_security_advisory_for(self, package_name: str) -> bool: return package_name.strip() in self.advisories.keys() def is_vulnerable_package( self, package_name: str, package_version: str) -> Tuple[bool, List[SecurityAdvisory]]: advisories = [] for candidate in self.advisories[package_name]: if candidate.is_affected(package_version): advisories.append(candidate) return len(advisories) > 0, advisories register_source("github", Github)
def test_register_source_twice() -> None: with pytest.raises(SkjoldException): register_source("dummy", DummyAdvisorySource) assert is_registered_source("dummy") register_source("dummy", DummyAdvisorySource)
def total_count(self) -> int: return 0 def update(self) -> None: pass def has_security_advisory_for(self, package_name: str) -> bool: """Always return `True` since to ensure we always call the OSV API for every package.""" return True def is_vulnerable_package( self, package_name: str, package_version: str ) -> Tuple[bool, Sequence[SecurityAdvisory]]: findings = _osv_dev_api_request(package_name.strip().lower(), package_version) if not len(findings): return False, [] advisories = [] for finding in findings: advisory = OSVSecurityAdvisory.using(finding) advisories.append(advisory) return True, advisories def get_security_advisories(self) -> MutableMapping[str, SecurityAdvisoryList]: raise NotImplementedError register_source("osv", OSV)
for advisory in advisories: obj = PyUpSecurityAdvisory.using(package_name, advisory) self._advisories[obj.package_name].append(obj) def update(self) -> None: request_ = urllib.request.Request( url=self._url, headers={"Accept": "application/json"}, ) with urllib.request.urlopen(request_) as response: json_ = json.loads(response.read()) with open(self.path, "w") as fh: json.dump(json_, fh) def has_security_advisory_for(self, package_name: str) -> bool: return package_name.strip() in self.advisories.keys() def is_vulnerable_package( self, package_name: str, package_version: str) -> Tuple[bool, List[SecurityAdvisory]]: advisories = [] for candidate in self.advisories[package_name]: if candidate.is_affected(package_version): advisories.append(candidate) return len(advisories) > 0, advisories register_source("pyup", PyUp)
@property def total_count(self) -> int: return len(self._advisories.keys()) def update(self) -> None: request = urllib.request.Request(url=self._url, headers={"User-Agent": "Mozilla/5.0"}) with urllib.request.urlopen(request) as response: with open(self.path, "wb") as fh: fh.write(response.read()) def has_security_advisory_for(self, package_name: str) -> bool: return package_name.strip().lower() in self.advisories.keys() def is_vulnerable_package( self, package_name: str, package_version: str) -> Tuple[bool, List[SecurityAdvisory]]: if not self.has_security_advisory_for(package_name): return False, [] advisories = [] for candidate in self.advisories[package_name.strip().lower()]: if candidate.is_affected(package_version): advisories.append(candidate) return len(advisories) > 0, advisories register_source("pypa", PyPAAdvisoryDB)