MCPcopy Create free account
hub / github.com/aboutcode-org/vulnerablecode / import_advisory

Function import_advisory

vulnerabilities/pipes/advisory.py:423–530  ·  view source on GitHub ↗

Create initial Vulnerability Package relationships for the advisory, including references and severity scores. Package relationships are established only for resolved (concrete) versions.

(
    advisory: Advisory,
    pipeline_id: str,
    confidence: int = MAX_CONFIDENCE,
    logger: Callable = None,
)

Source from the content-addressed store, hash-verified

421
422@transaction.atomic
423def import_advisory(
424 advisory: Advisory,
425 pipeline_id: str,
426 confidence: int = MAX_CONFIDENCE,
427 logger: Callable = None,
428):
429 """
430 Create initial Vulnerability Package relationships for the advisory,
431 including references and severity scores.
432
433 Package relationships are established only for resolved (concrete) versions.
434 """
435 from vulnerabilities import import_runner
436 from vulnerabilities.improvers import default
437
438 advisory_data: AdvisoryData = advisory.to_advisory_data()
439 if logger:
440 logger(f"Importing advisory id: {advisory.id}", level=logging.DEBUG)
441
442 affected_purls = []
443 fixed_purls = []
444 for affected_package in advisory_data.affected_packages:
445 package_affected_purls, package_fixed_purls = default.get_exact_purls(
446 affected_package=affected_package
447 )
448 affected_purls.extend(package_affected_purls)
449 fixed_purls.extend(package_fixed_purls)
450
451 aliases = get_or_create_aliases(advisory_data.aliases)
452 vulnerability = import_runner.get_or_create_vulnerability_and_aliases(
453 vulnerability_id=None,
454 aliases=aliases,
455 summary=advisory_data.summary,
456 advisory=advisory,
457 )
458
459 if not vulnerability:
460 if logger:
461 logger(f"Unable to get vulnerability for advisory: {advisory!r}", level=logging.ERROR)
462 return
463
464 for ref in advisory_data.references:
465 reference = VulnerabilityReference.objects.get_or_none(
466 reference_id=ref.reference_id,
467 url=ref.url,
468 )
469 if not reference:
470 reference = import_runner.create_valid_vulnerability_reference(
471 reference_id=ref.reference_id,
472 url=ref.url,
473 )
474 if reference:
475 VulnerabilityRelatedReference.objects.update_or_create(
476 reference=reference,
477 vulnerability=vulnerability,
478 )
479 for severity in ref.severities:
480 try:

Calls 9

get_or_create_aliasesFunction · 0.85
get_or_noneMethod · 0.80
update_or_createMethod · 0.80
addMethod · 0.80
to_advisory_dataMethod · 0.45
saveMethod · 0.45