Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed logging in import runner #1809

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fixed logging in import runner #1809

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion vulnerabilities/import_runner.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,12 @@ def create_valid_vulnerability_reference(url, reference_id=None):
try:
reference.full_clean()
except ValidationError as e:
logger.warning(f"Invalid vulnerability reference: {reference!r}: {e}")
error_message = str(e)
if "Vulnerability reference with this Url already exists." in error_message:
logger.debug(f"Duplicate vulnerability reference ignored: {reference!r}")
else:
logger.warning(f"Invalid vulnerability reference: {reference!r}: {e}")

return

reference.save()
Expand Down
46 changes: 46 additions & 0 deletions vulnerabilities/tests/test_import_runner.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,17 @@
# See https://aboutcode.org for more information about nexB OSS projects.
#

import logging
from unittest import mock

import pytest
from django.core.exceptions import ValidationError
from django.utils import timezone
from univers.version_range import VersionRange

from vulnerabilities import models
from vulnerabilities.import_runner import ImportRunner
from vulnerabilities.import_runner import logger
from vulnerabilities.import_runner import process_inferences
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importer import AffectedPackage
Expand Down Expand Up @@ -214,3 +219,44 @@ def test_process_inferences_idempotency():
process_inferences(INFERENCES, DUMMY_ADVISORY, improver_name="test_improver")
process_inferences(INFERENCES, DUMMY_ADVISORY, improver_name="test_improver")
assert all_objects == get_objects_in_all_tables_used_by_process_inferences()


def test_vulnerability_reference_logging():
"""Test that duplicate vulnerability references are logged as DEBUG while other errors are WARNINGS."""

reference = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1509"

# Mock the logger
with mock.patch.object(logger, "debug") as mock_debug, mock.patch.object(
logger, "warning"
) as mock_warning:

# Simulate a ValidationError for duplicate reference
duplicate_error = ValidationError("Vulnerability reference with this Url already exists.")
try:
raise duplicate_error
except ValidationError as e:
error_message = str(e)
if "Vulnerability reference with this Url already exists." in error_message:
logger.debug(f"Duplicate vulnerability reference ignored: {reference!r}")
else:
logger.warning(f"Invalid vulnerability reference: {reference!r}: {e}")

# Simulate a ValidationError for a different case
other_error = ValidationError("Some other validation error.")
try:
raise other_error
except ValidationError as e:
error_message = str(e)
if "Vulnerability reference with this Url already exists." in error_message:
logger.debug(f"Duplicate vulnerability reference ignored: {reference!r}")
else:
logger.warning(f"Invalid vulnerability reference: {reference!r}: {e}")

# Assertions
mock_debug.assert_called_once_with(
f"Duplicate vulnerability reference ignored: {reference!r}"
)
mock_warning.assert_called_once_with(
f"Invalid vulnerability reference: {reference!r}: {other_error}"
)