Move get_versions to fetchcode_utils pipe

Signed-off-by: Keshav Priyadarshi <git@keshav.space>

Author: keshav-space

vulnerabilities/pipelines/flag_ghost_packages.py

@@ -9,15 +9,14 @@
 
 import logging
 from itertools import groupby
-from traceback import format_exc as traceback_format_exc
 
 from aboutcode.pipeline import LoopProgress
 from fetchcode.package_versions import SUPPORTED_ECOSYSTEMS as FETCHCODE_SUPPORTED_ECOSYSTEMS
-from fetchcode.package_versions import versions
 from packageurl import PackageURL
 
 from vulnerabilities.models import Package
 from vulnerabilities.pipelines import VulnerableCodePipeline
+from vulnerabilities.pipes.fetchcode_utils import get_versions
 
 
 class FlagGhostPackagePipeline(VulnerableCodePipeline):
@@ -89,16 +88,3 @@ def flag_ghost_packages(base_purl, packages, logger=None):
         pkg.save()
 
     return ghost_packages
-
-
-def get_versions(purl, logger=None):
-    """Return set of known versions for the given purl."""
-    try:
-        return {v.value.lstrip("vV") for v in versions(str(purl))}
-    except Exception as e:
-        if logger:
-            logger(
-                f"Error while fetching known versions for {purl!s}: {e!r} \n {traceback_format_exc()}",
-                level=logging.ERROR,
-            )
-        return

vulnerabilities/pipes/advisory.py

@@ -7,12 +7,14 @@
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
+import hashlib
 import logging
 from datetime import datetime
 from datetime import timezone
 from traceback import format_exc as traceback_format_exc
 from typing import Callable
 from typing import List
+from typing import Union
 
 from django.db import transaction
 from django.db.models.query import QuerySet
@@ -183,3 +185,14 @@ def import_advisory(
 
     advisory.date_imported = datetime.now(timezone.utc)
     advisory.save()
+
+
+def advisories_checksum(advisories: Union[Advisory, List[Advisory]]) -> str:
+    if isinstance(advisories, Advisory):
+        advisories = [advisories]
+
+    contents = sorted([advisory.unique_content_id for advisory in advisories])
+    combined_contents = "".join(contents)
+
+    checksum = hashlib.sha1(combined_contents.encode())
+    return checksum.hexdigest()

vulnerabilities/pipes/fetchcode_utils.py

@@ -0,0 +1,31 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/aboutcode-org/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+import logging
+from traceback import format_exc as traceback_format_exc
+from typing import Callable
+
+from fetchcode.package_versions import SUPPORTED_ECOSYSTEMS as FETCHCODE_SUPPORTED_ECOSYSTEMS
+from fetchcode.package_versions import versions
+from packageurl import PackageURL
+
+
+def get_versions(purl: PackageURL, logger: Callable = None):
+    """Return set of known versions for the given purl."""
+    if purl.type not in FETCHCODE_SUPPORTED_ECOSYSTEMS:
+        return
+
+    try:
+        return {v.value.lstrip("vV") for v in versions(str(purl))}
+    except Exception as e:
+        if logger:
+            logger(
+                f"Error while fetching known versions for {purl!s}: {e!r} \n {traceback_format_exc()}",
+                level=logging.ERROR,
+            )

vulnerabilities/tests/pipelines/test_flag_ghost_packages.py

@@ -23,7 +23,7 @@
 class FlagGhostPackagePipelineTest(TestCase):
     data = Path(__file__).parent.parent / "test_data"
 
-    @mock.patch("vulnerabilities.pipelines.flag_ghost_packages.versions")
+    @mock.patch("vulnerabilities.pipes.fetchcode_utils.versions")
     def test_flag_ghost_package(self, mock_fetchcode_versions):
         Package.objects.create(type="pypi", name="foo", version="2.3.0")
         Package.objects.create(type="pypi", name="foo", version="3.0.0")
@@ -43,7 +43,7 @@ def test_flag_ghost_package(self, mock_fetchcode_versions):
         self.assertEqual(1, flagged_package_count)
         self.assertEqual(1, Package.objects.filter(is_ghost=True).count())
 
-    @mock.patch("vulnerabilities.pipelines.flag_ghost_packages.versions")
+    @mock.patch("vulnerabilities.pipes.fetchcode_utils.versions")
     def test_detect_and_flag_ghost_packages(self, mock_fetchcode_versions):
         Package.objects.create(type="pypi", name="foo", version="2.3.0")
         Package.objects.create(type="pypi", name="foo", version="3.0.0")