From 5fa5e694a0fcb82d3d04a632da630d3fa5dedcc7 Mon Sep 17 00:00:00 2001
From: Samk <sampurnapyne1710@gmail.com>
Date: Sun, 24 Nov 2024 01:56:30 +0530
Subject: [PATCH 1/6] add vmware photon importer

---
 .qdrant-initialized                           |   0
 .../pipelines/vmwarephoton_importer.py        | 114 ++++++++++++++++++
 2 files changed, 114 insertions(+)
 create mode 100644 .qdrant-initialized
 create mode 100644 vulnerabilities/pipelines/vmwarephoton_importer.py

diff --git a/.qdrant-initialized b/.qdrant-initialized
new file mode 100644
index 000000000..e69de29bb
diff --git a/vulnerabilities/pipelines/vmwarephoton_importer.py b/vulnerabilities/pipelines/vmwarephoton_importer.py
new file mode 100644
index 000000000..adc65fc00
--- /dev/null
+++ b/vulnerabilities/pipelines/vmwarephoton_importer.py
@@ -0,0 +1,114 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/aboutcode-org/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+import gzip
+import json
+import logging
+from datetime import date
+from traceback import format_exc as traceback_format_exc
+from typing import Iterable
+
+import attr
+import requests
+from dateutil import parser as dateparser
+
+from vulnerabilities import severity_systems
+from vulnerabilities.importer import AdvisoryData
+from vulnerabilities.importer import Reference
+from vulnerabilities.importer import VulnerabilitySeverity
+from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipeline
+from vulnerabilities.utils import get_cwe_id
+from vulnerabilities.utils import get_item
+
+
+class VMWAREPHOTONImporterPipeline(VulnerableCodeBaseImporterPipeline):
+    """Collect advisories from VMWARE_PHOTON."""
+
+    pipeline_id = "vmwarephoton_importer"
+
+    # See https://github.com/nexB/vulnerablecode/issues/36 for follow up
+    spdx_license_expression = (
+        "LicenseRef-scancode-us-govt-public-domain  AND LicenseRef-scancode-cve-tou"
+    )
+    license_url = "https://nvd.nist.gov/general/FAQ-Sections/General-FAQs#faqLink7"
+    """
+    EXAMPLE:
+        {
+            "cve_id": "CVE-2020-11979",
+            "pkg": "apache-ant",
+            "cve_score": 7.5,
+            "aff_ver": "all versions before 1.10.8-2.ph1 are vulnerable",
+            "res_ver": "1.10.8-2.ph1"
+        },
+        {
+            "cve_id": "CVE-2020-1945",
+            "pkg": "apache-ant",
+            "cve_score": 6.3,
+            "aff_ver": "all versions before 1.10.8-1.ph1 are vulnerable",
+            "res_ver": "1.10.8-1.ph1"
+        },
+        {
+            "cve_id": "CVE-2021-36373",
+            "pkg": "apache-ant",
+            "cve_score": 5.5,
+            "aff_ver": "all versions before 1.10.8-4.ph1 are vulnerable",
+            "res_ver": "1.10.8-4.ph1"
+        }
+    """
+    importer_name = "PHOTON Importer"
+
+    
+
+    def advisories_count(self):
+        url = "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon1.0.json"
+
+        advisory_count = 0
+        try:
+            response = requests.get(url)
+            response.raise_for_status()
+            data = response.json()
+        except requests.HTTPError as http_err:
+            self.log(
+                f"HTTP error occurred: {http_err} \n {traceback_format_exc()}",
+                level=logging.ERROR,
+            )
+            return advisory_count
+
+        advisory_count = len(data)
+        return advisory_count
+    
+
+    
+    def collect_advisories(self) -> Iterable[AdvisoryData]:
+        if VMWAREPHOTONImporterPipeline.advisories_count():
+            VMWAREPHOTONImporterPipeline.to_advisory(self.data)
+
+
+    def to_advisory(data):
+        advisories=[]
+        for cve in data:
+            cve_id=cve.get("cve_id")
+            pkg=cve.get("pkg")
+            cve_scoore=cve.get("cve_score")
+            aff_ver=cve.get("aff_ver")
+            rev_ver=cve.get("res_ver")
+
+        """
+        Returns an AdvisoryData object from this CVE item and adds it to the advisory list
+        """
+        advisories.append(
+             AdvisoryData(
+                 
+                aliases=cve_id,
+                affected_packages=pkg,
+                
+            )
+        )
+        return advisories
+

From dcd7fcd0c57908e6d71b99d6179a5d6ea162ce11 Mon Sep 17 00:00:00 2001
From: Samk <sampurnapyne1710@gmail.com>
Date: Mon, 25 Nov 2024 01:09:48 +0530
Subject: [PATCH 2/6] added to pipelines/__init__.py

---
 vulnerabilities/importers/__init__.py         |  2 +
 .../pipelines/vmwarephoton_importer.py        | 97 +++++++------------
 2 files changed, 36 insertions(+), 63 deletions(-)

diff --git a/vulnerabilities/importers/__init__.py b/vulnerabilities/importers/__init__.py
index 3394dd989..b887c823d 100644
--- a/vulnerabilities/importers/__init__.py
+++ b/vulnerabilities/importers/__init__.py
@@ -42,6 +42,7 @@
 from vulnerabilities.pipelines import nvd_importer
 from vulnerabilities.pipelines import pypa_importer
 from vulnerabilities.pipelines import pysec_importer
+from vulnerabilities.pipelines import vmwarephoton_importer
 
 IMPORTERS_REGISTRY = [
     alpine_linux.AlpineImporter,
@@ -78,6 +79,7 @@
     github_importer.GitHubAPIImporterPipeline,
     nvd_importer.NVDImporterPipeline,
     pysec_importer.PyPIImporterPipeline,
+    vmwarephoton_importer.VMWAREPHOTONImporterPipeline,
 ]
 
 IMPORTERS_REGISTRY = {
diff --git a/vulnerabilities/pipelines/vmwarephoton_importer.py b/vulnerabilities/pipelines/vmwarephoton_importer.py
index adc65fc00..1e41bab23 100644
--- a/vulnerabilities/pipelines/vmwarephoton_importer.py
+++ b/vulnerabilities/pipelines/vmwarephoton_importer.py
@@ -1,12 +1,3 @@
-#
-# Copyright (c) nexB Inc. and others. All rights reserved.
-# VulnerableCode is a trademark of nexB Inc.
-# SPDX-License-Identifier: Apache-2.0
-# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-# See https://github.com/aboutcode-org/vulnerablecode for support or download.
-# See https://aboutcode.org for more information about nexB OSS projects.
-#
-
 import gzip
 import json
 import logging
@@ -31,40 +22,12 @@ class VMWAREPHOTONImporterPipeline(VulnerableCodeBaseImporterPipeline):
     """Collect advisories from VMWARE_PHOTON."""
 
     pipeline_id = "vmwarephoton_importer"
+    repo_url = "https://github.com/vmware/photon/wiki/Security-Advisories"
+    spdx_license_expression = "CC BY-SA 4.0"
+    license_url = "https://creativecommons.org/licenses/by-sa/4.0/"
 
-    # See https://github.com/nexB/vulnerablecode/issues/36 for follow up
-    spdx_license_expression = (
-        "LicenseRef-scancode-us-govt-public-domain  AND LicenseRef-scancode-cve-tou"
-    )
-    license_url = "https://nvd.nist.gov/general/FAQ-Sections/General-FAQs#faqLink7"
-    """
-    EXAMPLE:
-        {
-            "cve_id": "CVE-2020-11979",
-            "pkg": "apache-ant",
-            "cve_score": 7.5,
-            "aff_ver": "all versions before 1.10.8-2.ph1 are vulnerable",
-            "res_ver": "1.10.8-2.ph1"
-        },
-        {
-            "cve_id": "CVE-2020-1945",
-            "pkg": "apache-ant",
-            "cve_score": 6.3,
-            "aff_ver": "all versions before 1.10.8-1.ph1 are vulnerable",
-            "res_ver": "1.10.8-1.ph1"
-        },
-        {
-            "cve_id": "CVE-2021-36373",
-            "pkg": "apache-ant",
-            "cve_score": 5.5,
-            "aff_ver": "all versions before 1.10.8-4.ph1 are vulnerable",
-            "res_ver": "1.10.8-4.ph1"
-        }
-    """
     importer_name = "PHOTON Importer"
 
-    
-
     def advisories_count(self):
         url = "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon1.0.json"
 
@@ -82,33 +45,41 @@ def advisories_count(self):
 
         advisory_count = len(data)
         return advisory_count
-    
 
-    
     def collect_advisories(self) -> Iterable[AdvisoryData]:
-        if VMWAREPHOTONImporterPipeline.advisories_count():
-            VMWAREPHOTONImporterPipeline.to_advisory(self.data)
+        # Fetch advisory data from the URL
+        url = "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon1.0.json"
+        try:
+            response = requests.get(url)
+            response.raise_for_status()
+            advisories_data = response.json()  # Fetch the data from the API
+        except requests.HTTPError as http_err:
+            self.log(
+                f"HTTP error occurred: {http_err} \n {traceback_format_exc()}",
+                level=logging.ERROR,
+            )
+            return []
 
+        # Pass the fetched data to the to_advisory method
+        advisories = self.to_advisory(advisories_data)
+        return advisories
 
-    def to_advisory(data):
-        advisories=[]
+    def to_advisory(self, data) -> Iterable[AdvisoryData]:
+        advisories = []
         for cve in data:
-            cve_id=cve.get("cve_id")
-            pkg=cve.get("pkg")
-            cve_scoore=cve.get("cve_score")
-            aff_ver=cve.get("aff_ver")
-            rev_ver=cve.get("res_ver")
-
-        """
-        Returns an AdvisoryData object from this CVE item and adds it to the advisory list
-        """
-        advisories.append(
-             AdvisoryData(
-                 
-                aliases=cve_id,
-                affected_packages=pkg,
-                
+            cve_id = cve.get("cve_id")
+            pkg = cve.get("pkg")
+            cve_score = cve.get("cve_score")
+            aff_ver = cve.get("aff_ver")
+            rev_ver = cve.get("res_ver")
+
+            advisories.append(
+                AdvisoryData(
+                    aliases=[cve_id],  # Pass cve_id as aliases
+                    affected_packages=[pkg],  # Package list
+                    # cve_score = [cve_score],
+                    # aff_ver = [aff_ver],
+                    # rev_ver = [rev_ver]
+                )
             )
-        )
         return advisories
-

From ca6f6549290d9c6f167b8e96492aaf1b72cdf24b Mon Sep 17 00:00:00 2001
From: Samk <sampurnapyne1710@gmail.com>
Date: Mon, 25 Nov 2024 18:29:37 +0530
Subject: [PATCH 3/6] Added PackageURL import and usage, modified AdvisoryData
 creation with affected packages, and added error handling and logging for
 advisory processing

---
 vulnerabilities/pipelines/og.py               | 104 ++++++++++++++++++
 .../pipelines/vmwarephoton_importer.py        |  49 +++++++--
 2 files changed, 143 insertions(+), 10 deletions(-)
 create mode 100644 vulnerabilities/pipelines/og.py

diff --git a/vulnerabilities/pipelines/og.py b/vulnerabilities/pipelines/og.py
new file mode 100644
index 000000000..ab211f17c
--- /dev/null
+++ b/vulnerabilities/pipelines/og.py
@@ -0,0 +1,104 @@
+import gzip
+import json
+import logging
+from datetime import date
+from traceback import format_exc as traceback_format_exc
+from typing import Iterable
+
+import attr
+import requests
+from dateutil import parser as dateparser
+from packageurl import PackageURL
+
+from vulnerabilities import severity_systems
+from vulnerabilities.importer import AdvisoryData
+from vulnerabilities.importer import AffectedPackage
+from vulnerabilities.importer import Reference
+from vulnerabilities.importer import VulnerabilitySeverity
+from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipeline
+from vulnerabilities.utils import get_cwe_id
+from vulnerabilities.utils import get_item
+
+
+class VMWAREPHOTONImporterPipeline(VulnerableCodeBaseImporterPipeline):
+    """Collect advisories from VMWARE_PHOTON."""
+
+    pipeline_id = "vmwarephoton_importer"
+    repo_url = "https://github.com/vmware/photon/wiki/Security-Advisories"
+    spdx_license_expression = "CC BY-SA 4.0"
+    license_url = "https://creativecommons.org/licenses/by-sa/4.0/"
+
+    importer_name = "PHOTON Importer"
+
+    def advisories_count(self):
+        url = "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon1.0.json"
+
+        advisory_count = 0
+        try:
+            response = requests.get(url)
+            response.raise_for_status()
+            data = response.json()
+        except requests.HTTPError as http_err:
+            self.log(
+                f"HTTP error occurred: {http_err} \n {traceback_format_exc()}",
+                level=logging.ERROR,
+            )
+            return advisory_count
+
+        advisory_count = len(data)
+        return advisory_count
+
+    def collect_advisories(self) -> Iterable[AdvisoryData]:
+        # Fetch advisory data from the URL
+        url = "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon1.0.json"
+        try:
+            response = requests.get(url)
+            response.raise_for_status()
+            advisories_data = response.json()  # Fetch the data from the API
+        except requests.HTTPError as http_err:
+            self.log(
+                f"HTTP error occurred: {http_err} \n {traceback_format_exc()}",
+                level=logging.ERROR,
+            )
+            return []
+
+        # Pass the fetched data to the to_advisory method
+        advisories = self.to_advisory(advisories_data)
+        return advisories
+
+    def to_advisory(self, data) -> Iterable[AdvisoryData]:
+        advisories = []
+        for cve in data:
+            cve_id = cve.get("cve_id")
+            pkg_name = cve.get("pkg")
+            aff_ver = cve.get("aff_ver")
+            rev_ver = cve.get("res_ver")
+            url = cve.get("url", "https://github.com/vmware/photon/wiki/Security-Advisories")  # Default URL
+
+            # Validate required fields
+            if not cve_id or not pkg_name or not aff_ver or not rev_ver:
+                logging.warning(f"Skipping advisory due to missing data: {cve}")
+                continue
+
+            try:
+                # Create a PackageURL object
+                pkg = PackageURL(name=pkg_name, type="generic")
+
+                affected_packages = [
+                    AffectedPackage(
+                        package=pkg,
+                        affected_version_range=aff_ver,
+                        fixed_version=rev_ver,
+                    )
+                ]
+                advisories.append(
+                    AdvisoryData(
+                        aliases=[cve_id],
+                        affected_packages=affected_packages,
+                        url=url,  # Ensure a valid URL is provided
+                    )
+                )
+            except Exception as e:
+                logging.error(f"Error processing advisory {cve_id}: {e}")
+                continue
+        return advisories
diff --git a/vulnerabilities/pipelines/vmwarephoton_importer.py b/vulnerabilities/pipelines/vmwarephoton_importer.py
index 1e41bab23..b03acf8c6 100644
--- a/vulnerabilities/pipelines/vmwarephoton_importer.py
+++ b/vulnerabilities/pipelines/vmwarephoton_importer.py
@@ -8,9 +8,12 @@
 import attr
 import requests
 from dateutil import parser as dateparser
+from packageurl import PackageURL
+from univers.version_range import VersionRange
 
 from vulnerabilities import severity_systems
 from vulnerabilities.importer import AdvisoryData
+from vulnerabilities.importer import AffectedPackage
 from vulnerabilities.importer import Reference
 from vulnerabilities.importer import VulnerabilitySeverity
 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipeline
@@ -68,18 +71,44 @@ def to_advisory(self, data) -> Iterable[AdvisoryData]:
         advisories = []
         for cve in data:
             cve_id = cve.get("cve_id")
-            pkg = cve.get("pkg")
-            cve_score = cve.get("cve_score")
+            pkg_name = cve.get("pkg")
             aff_ver = cve.get("aff_ver")
             rev_ver = cve.get("res_ver")
+            url = cve.get("url", "https://github.com/vmware/photon/wiki/Security-Advisories")  # Default URL
 
-            advisories.append(
-                AdvisoryData(
-                    aliases=[cve_id],  # Pass cve_id as aliases
-                    affected_packages=[pkg],  # Package list
-                    # cve_score = [cve_score],
-                    # aff_ver = [aff_ver],
-                    # rev_ver = [rev_ver]
+            # Validate required fields
+            if not cve_id or not pkg_name or not aff_ver or not rev_ver:
+                logging.warning(f"Skipping advisory due to missing data: {cve}")
+                continue
+
+            try:
+                # Create a PackageURL object
+                pkg = PackageURL(name=pkg_name, type="generic")
+
+                # Parse affected_version_range into a valid VersionRange
+                if "all versions before" in aff_ver.lower():
+                    fixed_version = rev_ver.strip()
+                    affected_version_range = f"vers:generic/<{fixed_version}"
+                else:
+                    affected_version_range = None
+
+                affected_packages = [
+                    AffectedPackage(
+                        package=pkg,
+                        affected_version_range=VersionRange.from_string(affected_version_range)
+                        if affected_version_range
+                        else None,
+                        fixed_version=rev_ver,
+                    )
+                ]
+                advisories.append(
+                    AdvisoryData(
+                        aliases=[cve_id],
+                        affected_packages=affected_packages,
+                        url=url,  # Ensure a valid URL is provided
+                    )
                 )
-            )
+            except Exception as e:
+                logging.error(f"Error processing advisory {cve_id}: {e}")
+                continue
         return advisories

From 8b20e29926c39ee665e16517aaa6a5f2410f27cb Mon Sep 17 00:00:00 2001
From: Samk <sampurnapyne1710@gmail.com>
Date: Mon, 25 Nov 2024 18:43:51 +0530
Subject: [PATCH 4/6] Added PackageURL import and usage, modified AdvisoryData
 creation with affected packages, and added error handling and logging for
 advisory processing and imported advisories

---
 vulnerabilities/pipelines/og.py | 104 --------------------------------
 1 file changed, 104 deletions(-)
 delete mode 100644 vulnerabilities/pipelines/og.py

diff --git a/vulnerabilities/pipelines/og.py b/vulnerabilities/pipelines/og.py
deleted file mode 100644
index ab211f17c..000000000
--- a/vulnerabilities/pipelines/og.py
+++ /dev/null
@@ -1,104 +0,0 @@
-import gzip
-import json
-import logging
-from datetime import date
-from traceback import format_exc as traceback_format_exc
-from typing import Iterable
-
-import attr
-import requests
-from dateutil import parser as dateparser
-from packageurl import PackageURL
-
-from vulnerabilities import severity_systems
-from vulnerabilities.importer import AdvisoryData
-from vulnerabilities.importer import AffectedPackage
-from vulnerabilities.importer import Reference
-from vulnerabilities.importer import VulnerabilitySeverity
-from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipeline
-from vulnerabilities.utils import get_cwe_id
-from vulnerabilities.utils import get_item
-
-
-class VMWAREPHOTONImporterPipeline(VulnerableCodeBaseImporterPipeline):
-    """Collect advisories from VMWARE_PHOTON."""
-
-    pipeline_id = "vmwarephoton_importer"
-    repo_url = "https://github.com/vmware/photon/wiki/Security-Advisories"
-    spdx_license_expression = "CC BY-SA 4.0"
-    license_url = "https://creativecommons.org/licenses/by-sa/4.0/"
-
-    importer_name = "PHOTON Importer"
-
-    def advisories_count(self):
-        url = "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon1.0.json"
-
-        advisory_count = 0
-        try:
-            response = requests.get(url)
-            response.raise_for_status()
-            data = response.json()
-        except requests.HTTPError as http_err:
-            self.log(
-                f"HTTP error occurred: {http_err} \n {traceback_format_exc()}",
-                level=logging.ERROR,
-            )
-            return advisory_count
-
-        advisory_count = len(data)
-        return advisory_count
-
-    def collect_advisories(self) -> Iterable[AdvisoryData]:
-        # Fetch advisory data from the URL
-        url = "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon1.0.json"
-        try:
-            response = requests.get(url)
-            response.raise_for_status()
-            advisories_data = response.json()  # Fetch the data from the API
-        except requests.HTTPError as http_err:
-            self.log(
-                f"HTTP error occurred: {http_err} \n {traceback_format_exc()}",
-                level=logging.ERROR,
-            )
-            return []
-
-        # Pass the fetched data to the to_advisory method
-        advisories = self.to_advisory(advisories_data)
-        return advisories
-
-    def to_advisory(self, data) -> Iterable[AdvisoryData]:
-        advisories = []
-        for cve in data:
-            cve_id = cve.get("cve_id")
-            pkg_name = cve.get("pkg")
-            aff_ver = cve.get("aff_ver")
-            rev_ver = cve.get("res_ver")
-            url = cve.get("url", "https://github.com/vmware/photon/wiki/Security-Advisories")  # Default URL
-
-            # Validate required fields
-            if not cve_id or not pkg_name or not aff_ver or not rev_ver:
-                logging.warning(f"Skipping advisory due to missing data: {cve}")
-                continue
-
-            try:
-                # Create a PackageURL object
-                pkg = PackageURL(name=pkg_name, type="generic")
-
-                affected_packages = [
-                    AffectedPackage(
-                        package=pkg,
-                        affected_version_range=aff_ver,
-                        fixed_version=rev_ver,
-                    )
-                ]
-                advisories.append(
-                    AdvisoryData(
-                        aliases=[cve_id],
-                        affected_packages=affected_packages,
-                        url=url,  # Ensure a valid URL is provided
-                    )
-                )
-            except Exception as e:
-                logging.error(f"Error processing advisory {cve_id}: {e}")
-                continue
-        return advisories

From 6d5fb80377751a64d8543231b4c2d97a53fad0ff Mon Sep 17 00:00:00 2001
From: Samk <sampurnapyne1710@gmail.com>
Date: Mon, 25 Nov 2024 19:20:47 +0530
Subject: [PATCH 5/6] Added error handling

---
 .../pipelines/vmwarephoton_importer.py        | 120 +++++++++++-------
 1 file changed, 74 insertions(+), 46 deletions(-)

diff --git a/vulnerabilities/pipelines/vmwarephoton_importer.py b/vulnerabilities/pipelines/vmwarephoton_importer.py
index b03acf8c6..747c1fa3d 100644
--- a/vulnerabilities/pipelines/vmwarephoton_importer.py
+++ b/vulnerabilities/pipelines/vmwarephoton_importer.py
@@ -10,6 +10,7 @@
 from dateutil import parser as dateparser
 from packageurl import PackageURL
 from univers.version_range import VersionRange
+from univers.versions import GenericVersion  # Import GenericVersion
 
 from vulnerabilities import severity_systems
 from vulnerabilities.importer import AdvisoryData
@@ -31,40 +32,56 @@ class VMWAREPHOTONImporterPipeline(VulnerableCodeBaseImporterPipeline):
 
     importer_name = "PHOTON Importer"
 
-    def advisories_count(self):
-        url = "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon1.0.json"
+    urls = [
+        "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon1.0.json",
+        "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon2.0.json",
+        "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon3.0.json",
+        "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon4.0.json",
+        "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon5.0.json",
+    ]
 
+    def advisories_count(self):
         advisory_count = 0
-        try:
-            response = requests.get(url)
-            response.raise_for_status()
-            data = response.json()
-        except requests.HTTPError as http_err:
-            self.log(
-                f"HTTP error occurred: {http_err} \n {traceback_format_exc()}",
-                level=logging.ERROR,
-            )
-            return advisory_count
-
-        advisory_count = len(data)
+        for url in self.urls:
+            try:
+                response = requests.get(url)
+                response.raise_for_status()
+                data = response.json()
+                advisory_count += len(data)
+            except requests.HTTPError as http_err:
+                self.log(
+                    f"HTTP error occurred while fetching {url}: {http_err} \n {traceback_format_exc()}",
+                    level=logging.ERROR,
+                )
+            except requests.RequestException as req_err:
+                self.log(
+                    f"Request exception occurred while fetching {url}: {req_err} \n {traceback_format_exc()}",
+                    level=logging.ERROR,
+                )
+            except Exception as e:
+                self.log(f"Unexpected error: {e} \n {traceback_format_exc()}", level=logging.ERROR)
         return advisory_count
 
     def collect_advisories(self) -> Iterable[AdvisoryData]:
-        # Fetch advisory data from the URL
-        url = "https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon1.0.json"
-        try:
-            response = requests.get(url)
-            response.raise_for_status()
-            advisories_data = response.json()  # Fetch the data from the API
-        except requests.HTTPError as http_err:
-            self.log(
-                f"HTTP error occurred: {http_err} \n {traceback_format_exc()}",
-                level=logging.ERROR,
-            )
-            return []
-
-        # Pass the fetched data to the to_advisory method
-        advisories = self.to_advisory(advisories_data)
+        advisories = []
+        for url in self.urls:
+            try:
+                response = requests.get(url)
+                response.raise_for_status()
+                advisories_data = response.json()  # Fetch the data from the API
+                advisories.extend(self.to_advisory(advisories_data))  # Collect advisories for each URL
+            except requests.HTTPError as http_err:
+                self.log(
+                    f"HTTP error occurred while fetching {url}: {http_err} \n {traceback_format_exc()}",
+                    level=logging.ERROR,
+                )
+            except requests.RequestException as req_err:
+                self.log(
+                    f"Request exception occurred while fetching {url}: {req_err} \n {traceback_format_exc()}",
+                    level=logging.ERROR,
+                )
+            except Exception as e:
+                self.log(f"Unexpected error: {e} \n {traceback_format_exc()}", level=logging.ERROR)
         return advisories
 
     def to_advisory(self, data) -> Iterable[AdvisoryData]:
@@ -76,31 +93,41 @@ def to_advisory(self, data) -> Iterable[AdvisoryData]:
             rev_ver = cve.get("res_ver")
             url = cve.get("url", "https://github.com/vmware/photon/wiki/Security-Advisories")  # Default URL
 
-            # Validate required fields
+            # Validate required fields and skip invalid entries
             if not cve_id or not pkg_name or not aff_ver or not rev_ver:
-                logging.warning(f"Skipping advisory due to missing data: {cve}")
+                logging.warning(f"Skipping advisory due to missing fields: {cve}")
                 continue
 
             try:
                 # Create a PackageURL object
                 pkg = PackageURL(name=pkg_name, type="generic")
 
-                # Parse affected_version_range into a valid VersionRange
+                # Use GenericVersion to handle non-semver versions
+                try:
+                    fixed_version = GenericVersion(rev_ver)
+                except ValueError as e:
+                    logging.warning(f"Skipping advisory {cve_id} due to invalid version: {rev_ver} - {e}")
+                    continue
+
+                affected_version_range = None
                 if "all versions before" in aff_ver.lower():
-                    fixed_version = rev_ver.strip()
-                    affected_version_range = f"vers:generic/<{fixed_version}"
-                else:
-                    affected_version_range = None
-
-                affected_packages = [
-                    AffectedPackage(
-                        package=pkg,
-                        affected_version_range=VersionRange.from_string(affected_version_range)
-                        if affected_version_range
-                        else None,
-                        fixed_version=rev_ver,
-                    )
-                ]
+                    affected_version_range = f"vers:generic/<{rev_ver}"
+
+                # Handle version range errors
+                try:
+                    affected_packages = [
+                        AffectedPackage(
+                            package=pkg,
+                            affected_version_range=VersionRange.from_string(affected_version_range)
+                            if affected_version_range
+                            else None,
+                            fixed_version=fixed_version,
+                        )
+                    ]
+                except ValueError as ve:
+                    logging.warning(f"Skipping advisory {cve_id} due to invalid version range: {aff_ver} - {ve}")
+                    continue
+
                 advisories.append(
                     AdvisoryData(
                         aliases=[cve_id],
@@ -111,4 +138,5 @@ def to_advisory(self, data) -> Iterable[AdvisoryData]:
             except Exception as e:
                 logging.error(f"Error processing advisory {cve_id}: {e}")
                 continue
+
         return advisories

From dfb71a1cc09c98b1ffa0176a0ce8f0f9739df174 Mon Sep 17 00:00:00 2001
From: Samk <sampurnapyne1710@gmail.com>
Date: Tue, 26 Nov 2024 17:21:34 +0530
Subject: [PATCH 6/6] added example for readability

---
 vulnerabilities/pipelines/vmwarephoton_importer.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/vulnerabilities/pipelines/vmwarephoton_importer.py b/vulnerabilities/pipelines/vmwarephoton_importer.py
index 747c1fa3d..077342f68 100644
--- a/vulnerabilities/pipelines/vmwarephoton_importer.py
+++ b/vulnerabilities/pipelines/vmwarephoton_importer.py
@@ -25,6 +25,17 @@
 class VMWAREPHOTONImporterPipeline(VulnerableCodeBaseImporterPipeline):
     """Collect advisories from VMWARE_PHOTON."""
 
+    '''
+    EXAMPLE:
+    {
+    "cve_id": "CVE-2020-11979",
+    "pkg": "apache-ant",
+    "cve_score": 7.5,
+    "aff_ver": "all versions before 1.10.8-2.ph1 are vulnerable",
+    "res_ver": "1.10.8-2.ph1"
+    }
+    '''
+
     pipeline_id = "vmwarephoton_importer"
     repo_url = "https://github.com/vmware/photon/wiki/Security-Advisories"
     spdx_license_expression = "CC BY-SA 4.0"