Refactor as per review

Samk1710 · Samk1710 · commit 80394725e0b3 · 2026-01-08T02:34:53.000+05:30
Signed-off-by: Sampurna Pyne &lt;sampurnapyne1710@gmail.com&gt;
diff --git a/vulnerabilities/pipelines/v2_importers/tuxcare_importer.py b/vulnerabilities/pipelines/v2_importers/tuxcare_importer.py
@@ -1,15 +1,15 @@
 import json
 import logging
 from typing import Iterable
+from typing import Mapping
 
-from dateutil import parser as date_parser
-from django.utils import timezone
+from dateutil.parser import parse
 from packageurl import PackageURL
+from pytz import UTC
 from univers.version_range import GenericVersionRange
 
 from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importer import AffectedPackageV2
-from vulnerabilities.importer import ReferenceV2
 from vulnerabilities.importer import VulnerabilitySeverity
 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2
 from vulnerabilities.severity_systems import GENERIC
@@ -22,27 +22,25 @@ class TuxCareImporterPipeline(VulnerableCodeBaseImporterPipelineV2):
     pipeline_id = "tuxcare_importer_v2"
     spdx_license_expression = "Apache-2.0"
     license_url = "https://tuxcare.com/legal"
-    url = "https://cve.tuxcare.com/els/download-json?orderBy=updated-desc"
 
     @classmethod
     def steps(cls):
-        return (cls.collect_and_store_advisories,)
+        return (
+            cls.fetch,
+            cls.collect_and_store_advisories,
+        )
+
+    def fetch(self) -> Iterable[Mapping]:
+        url = "https://cve.tuxcare.com/els/download-json?orderBy=updated-desc"
+        self.log(f"Fetching `{url}`")
+        response = fetch_response(url)
+        self.response = response.json() if response else []
 
     def advisories_count(self) -> int:
-        response = fetch_response(self.url)
-        data = response.json() if response else []
-        return len(data)
+        return len(self.response)
 
     def collect_advisories(self) -> Iterable[AdvisoryData]:
-        response = fetch_response(self.url)
-        if not response:
-            return
-
-        data = response.json()
-        if not data:
-            return
-
-        for record in data:
+        for record in self.response:
             cve_id = record.get("cve", "").strip()
             if not cve_id or not cve_id.startswith("CVE-"):
                 continue
@@ -52,11 +50,9 @@ def collect_advisories(self) -> Iterable[AdvisoryData]:
             version = record.get("version", "").strip()
             score = record.get("score", "").strip()
             severity = record.get("severity", "").strip()
-            status = record.get("status", "").strip()
             last_updated = record.get("last_updated", "").strip()
 
-            safe_os = os_name.replace(" ", "_") if os_name else "unknown"
-            advisory_id = f"TUXCARE-{cve_id}-{safe_os}-{project_name}"
+            advisory_id = cve_id
 
             summary = f"TuxCare advisory for {cve_id}"
             if project_name:
@@ -67,13 +63,13 @@ def collect_advisories(self) -> Iterable[AdvisoryData]:
             affected_packages = []
             if project_name:
                 purl = PackageURL(type="generic", name=project_name)
-                
+
                 affected_version_range = None
                 if version:
                     try:
                         affected_version_range = GenericVersionRange.from_versions([version])
-                    except Exception:
-                        pass
+                    except ValueError as e:
+                        logger.warning(f"Failed to parse version {version} for {cve_id}: {e}")
 
                 affected_packages.append(
                     AffectedPackageV2(
@@ -87,28 +83,24 @@ def collect_advisories(self) -> Iterable[AdvisoryData]:
                 severities.append(
                     VulnerabilitySeverity(
                         system=GENERIC,
-                        value=f"{severity} ({score})",
-                        scoring_elements=f"score={score},severity={severity}",
+                        value=score,
+                        scoring_elements=severity,
                     )
                 )
 
             date_published = None
             if last_updated:
                 try:
-                    date_published = date_parser.parse(last_updated)
-                    if timezone.is_naive(date_published):
-                        date_published = timezone.make_aware(date_published, timezone=timezone.utc)
-                except Exception:
-                    pass
+                    date_published = parse(last_updated).replace(tzinfo=UTC)
+                except ValueError as e:
+                    logger.warning(f"Failed to parse date {last_updated} for {cve_id}: {e}")
 
             yield AdvisoryData(
                 advisory_id=advisory_id,
-                aliases=[cve_id],
                 summary=summary,
                 affected_packages=affected_packages,
-                references_v2=[ReferenceV2(url="https://cve.tuxcare.com/")],
                 severities=severities,
                 date_published=date_published,
-                url="https://cve.tuxcare.com/",
+                url=f"https://cve.tuxcare.com/els/cve/{cve_id}",
                 original_advisory_text=json.dumps(record, indent=2, ensure_ascii=False),
             )
diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_tuxcare_importer_v2.py b/vulnerabilities/tests/pipelines/v2_importers/test_tuxcare_importer_v2.py
@@ -22,27 +22,17 @@
 class TestTuxCareImporterPipeline(TestCase):
     @patch("vulnerabilities.pipelines.v2_importers.tuxcare_importer.fetch_response")
     def test_collect_advisories(self, mock_fetch):
-        """Test collecting and parsing advisories from test data"""
         sample_path = TEST_DATA / "data.json"
         sample_data = json.loads(sample_path.read_text(encoding="utf-8"))
 
         mock_fetch.return_value = Mock(json=lambda: sample_data)
 
         pipeline = TuxCareImporterPipeline()
+        pipeline.fetch()
+
         advisories = [data.to_dict() for data in list(pipeline.collect_advisories())]
 
         expected_file = TEST_DATA / "expected.json"
         util_tests.check_results_against_json(advisories, expected_file)
 
-    @patch("vulnerabilities.pipelines.v2_importers.tuxcare_importer.fetch_response")
-    def test_advisories_count(self, mock_fetch):
-        """Test counting advisories"""
-        sample_path = TEST_DATA / "data.json"
-        sample_data = json.loads(sample_path.read_text(encoding="utf-8"))
-
-        mock_fetch.return_value = Mock(json=lambda: sample_data)
-
-        pipeline = TuxCareImporterPipeline()
-        count = pipeline.advisories_count()
-
-        assert count == 5
+        assert pipeline.advisories_count() == 5
diff --git a/vulnerabilities/tests/test_data/tuxcare/expected.json b/vulnerabilities/tests/test_data/tuxcare/expected.json
@@ -1,7 +1,7 @@
 [
   {
-    "advisory_id": "TUXCARE-CVE-2023-52922-CloudLinux_7_ELS-squid",
-    "aliases": ["CVE-2023-52922"],
+    "advisory_id": "CVE-2023-52922",
+    "aliases": [],
     "summary": "TuxCare advisory for CVE-2023-52922 in squid on CloudLinux 7 ELS",
     "affected_packages": [
       {
@@ -12,16 +12,16 @@
         "fixed_by_commit_patches": []
       }
     ],
-    "references_v2": [{"reference_id": "", "reference_type": "", "url": "https://cve.tuxcare.com/"}],
+    "references_v2": [],
     "patches": [],
-    "severities": [{"system": "generic_textual", "value": "HIGH (7.8)", "scoring_elements": "score=7.8,severity=HIGH"}],
+    "severities": [{"system": "generic_textual", "value": "7.8", "scoring_elements": "HIGH"}],
     "date_published": "2025-12-23T10:08:36.423446+00:00",
     "weaknesses": [],
-    "url": "https://cve.tuxcare.com/"
+    "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52922"
   },
   {
-    "advisory_id": "TUXCARE-CVE-2023-52922-Oracle_Linux_7_ELS-squid",
-    "aliases": ["CVE-2023-52922"],
+    "advisory_id": "CVE-2023-52922",
+    "aliases": [],
     "summary": "TuxCare advisory for CVE-2023-52922 in squid on Oracle Linux 7 ELS",
     "affected_packages": [
       {
@@ -32,16 +32,16 @@
         "fixed_by_commit_patches": []
       }
     ],
-    "references_v2": [{"reference_id": "", "reference_type": "", "url": "https://cve.tuxcare.com/"}],
+    "references_v2": [],
     "patches": [],
-    "severities": [{"system": "generic_textual", "value": "HIGH (7.8)", "scoring_elements": "score=7.8,severity=HIGH"}],
+    "severities": [{"system": "generic_textual", "value": "7.8", "scoring_elements": "HIGH"}],
     "date_published": "2025-12-23T10:08:35.944749+00:00",
     "weaknesses": [],
-    "url": "https://cve.tuxcare.com/"
+    "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52922"
   },
   {
-    "advisory_id": "TUXCARE-CVE-2023-48161-RHEL_7_ELS-java-11-openjdk",
-    "aliases": ["CVE-2023-48161"],
+    "advisory_id": "CVE-2023-48161",
+    "aliases": [],
     "summary": "TuxCare advisory for CVE-2023-48161 in java-11-openjdk on RHEL 7 ELS",
     "affected_packages": [
       {
@@ -52,16 +52,16 @@
         "fixed_by_commit_patches": []
       }
     ],
-    "references_v2": [{"reference_id": "", "reference_type": "", "url": "https://cve.tuxcare.com/"}],
+    "references_v2": [],
     "patches": [],
-    "severities": [{"system": "generic_textual", "value": "HIGH (7.1)", "scoring_elements": "score=7.1,severity=HIGH"}],
+    "severities": [{"system": "generic_textual", "value": "7.1", "scoring_elements": "HIGH"}],
     "date_published": "2025-12-23T08:55:12.096092+00:00",
     "weaknesses": [],
-    "url": "https://cve.tuxcare.com/"
+    "url": "https://cve.tuxcare.com/els/cve/CVE-2023-48161"
   },
   {
-    "advisory_id": "TUXCARE-CVE-2024-21147-RHEL_7_ELS-java-11-openjdk",
-    "aliases": ["CVE-2024-21147"],
+    "advisory_id": "CVE-2024-21147",
+    "aliases": [],
     "summary": "TuxCare advisory for CVE-2024-21147 in java-11-openjdk on RHEL 7 ELS",
     "affected_packages": [
       {
@@ -72,16 +72,16 @@
         "fixed_by_commit_patches": []
       }
     ],
-    "references_v2": [{"reference_id": "", "reference_type": "", "url": "https://cve.tuxcare.com/"}],
+    "references_v2": [],
     "patches": [],
-    "severities": [{"system": "generic_textual", "value": "HIGH (7.4)", "scoring_elements": "score=7.4,severity=HIGH"}],
+    "severities": [{"system": "generic_textual", "value": "7.4", "scoring_elements": "HIGH"}],
     "date_published": "2025-12-23T08:55:07.139188+00:00",
     "weaknesses": [],
-    "url": "https://cve.tuxcare.com/"
+    "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21147"
   },
   {
-    "advisory_id": "TUXCARE-CVE-2025-21587-RHEL_7_ELS-java-11-openjdk",
-    "aliases": ["CVE-2025-21587"],
+    "advisory_id": "CVE-2025-21587",
+    "aliases": [],
     "summary": "TuxCare advisory for CVE-2025-21587 in java-11-openjdk on RHEL 7 ELS",
     "affected_packages": [
       {
@@ -92,11 +92,11 @@
         "fixed_by_commit_patches": []
       }
     ],
-    "references_v2": [{"reference_id": "", "reference_type": "", "url": "https://cve.tuxcare.com/"}],
+    "references_v2": [],
     "patches": [],
-    "severities": [{"system": "generic_textual", "value": "HIGH (7.4)", "scoring_elements": "score=7.4,severity=HIGH"}],
+    "severities": [{"system": "generic_textual", "value": "7.4", "scoring_elements": "HIGH"}],
     "date_published": "2025-12-23T08:55:06.706873+00:00",
     "weaknesses": [],
-    "url": "https://cve.tuxcare.com/"
+    "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21587"
   }
 ]
