From 016529d2fb72e4aeb823d449d0c0e23b3cf12174 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bonhomme?= Date: Thu, 25 Jul 2024 10:44:22 +0200 Subject: [PATCH 1/2] new: Added creation and deletion method for comments and bundles. --- pyvulnerabilitylookup/api.py | 43 +++++++++++++++++++++++++++++++++--- 1 file changed, 40 insertions(+), 3 deletions(-) diff --git a/pyvulnerabilitylookup/api.py b/pyvulnerabilitylookup/api.py index 2c59088..7fe3274 100644 --- a/pyvulnerabilitylookup/api.py +++ b/pyvulnerabilitylookup/api.py @@ -4,7 +4,7 @@ from __future__ import annotations from importlib.metadata import version from pathlib import PurePosixPath -from typing import Any +from typing import Any, Dict from urllib.parse import urljoin, urlparse import requests @@ -12,7 +12,7 @@ import requests class PyVulnerabilityLookup(): - def __init__(self, root_url: str, useragent: str | None=None, + def __init__(self, root_url: str, useragent: str | None=None, token: str | None=None, *, proxies: dict[str, str] | None=None) -> None: '''Query a specific instance. @@ -28,6 +28,9 @@ class PyVulnerabilityLookup(): self.root_url += '/' self.session = requests.session() self.session.headers['user-agent'] = useragent if useragent else f'PyProject / {version("pyvulnerabilitylookup")}' + self.session.headers['X-API-KEY'] = token if token else '' + self.session.headers['Accept'] = 'application/json' + self.session.headers['Content-Type'] = 'application/json' if proxies: self.session.proxies.update(proxies) @@ -96,11 +99,20 @@ class PyVulnerabilityLookup(): # NOTE: endpoints /api/cve/*, /api/dbInfo, /api/last are alises for backward compat. + def create_comment(self, comment: Dict[str, Any]) -> Dict[str, Any]: + '''Create a comment. + + :param comment: The comment + ''' + r = self.session.post(urljoin(self.root_url, str(PurePosixPath('api', 'comment'))), + json=comment) + return r.json() + def get_comments(self, uuid: str | None = None, vuln_id: str | None = None, author: str | None = None) -> dict[str, Any]: '''Get comment(s) - :param uuid: The UUID a specific comment + :param uuid: The UUID of a specific comment :param vuln_id: The vulnerability ID to get comments of :param author: The author of the comment(s) ''' @@ -108,6 +120,23 @@ class PyVulnerabilityLookup(): params={'uuid': uuid, 'vuln_id': vuln_id, 'author': author}) return r.json() + def delete_comment(self, comment_uuid: str) -> int: + '''Delete a comment. + + :param comment_uuid: The comment UUID + ''' + r = self.session.delete(urljoin(self.root_url, str(PurePosixPath('api', 'comment', comment_uuid)))) + return r.status_code + + def create_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]: + '''Create a bundle. + + :param bundle: The bundle + ''' + r = self.session.post(urljoin(self.root_url, str(PurePosixPath('api', 'bundle'))), + json=bundle) + return r.json() + def get_bundles(self, uuid: str | None = None, vuln_id: str | None = None, author: str | None = None) -> dict[str, Any]: '''Get bundle(s) @@ -119,3 +148,11 @@ class PyVulnerabilityLookup(): r = self.session.get(urljoin(self.root_url, str(PurePosixPath('api', 'bundle'))), params={'uuid': uuid, 'vuln_id': vuln_id, 'author': author}) return r.json() + + def delete_bundle(self, bundle_uuid: str) -> int: + '''Delete a bundle. + + :param bundle_uuid: The bundle UUID + ''' + r = self.session.delete(urljoin(self.root_url, str(PurePosixPath('api', 'bundle', bundle_uuid)))) + return r.status_code From c01d1c54607b2d904a9960dd657ca0129d73589c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bonhomme?= Date: Thu, 25 Jul 2024 14:42:37 +0200 Subject: [PATCH 2/2] chg: updated tests/test_web.py in order to retrieve the API_TOKEN provided via environment variable (secrets.API_KEY on GitHub workflow). --- tests/test_web.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/test_web.py b/tests/test_web.py index 73d8098..c41a3eb 100644 --- a/tests/test_web.py +++ b/tests/test_web.py @@ -2,6 +2,7 @@ import unittest import time +import os from pyvulnerabilitylookup import PyVulnerabilityLookup @@ -9,7 +10,8 @@ from pyvulnerabilitylookup import PyVulnerabilityLookup class TestPublic(unittest.TestCase): def setUp(self) -> None: - self.client = PyVulnerabilityLookup(root_url="https://vulnerability.circl.lu") + token = os.getenv("API_KEY", "") + self.client = PyVulnerabilityLookup(root_url="https://vulnerability.circl.lu", token=token) # Test default