Coverage for src \ sec_report_kit \ parsers \ pip_audit.py: 100%

29 statements  

« prev     ^ index     » next       coverage.py v7.14.0, created at 2026-05-13 08:06 +0530

1from __future__ import annotations 

2 

3from sec_report_kit.models import Finding 

4from sec_report_kit.services.normalize import normalize_severity 

5 

6 

7def _best_url(vuln: dict) -> str: 

8 if vuln.get("url"): 

9 return str(vuln["url"]) 

10 if vuln.get("advisory"): 

11 return str(vuln["advisory"]) 

12 if vuln.get("links") and isinstance(vuln["links"], list): 

13 return str(vuln["links"][0]) if vuln["links"] else "" 

14 return "" 

15 

16 

17def _fixed_version(vuln: dict) -> str: 

18 fixes = vuln.get("fix_versions") 

19 if isinstance(fixes, list) and fixes: 

20 return ", ".join(str(value) for value in fixes) 

21 fixed = vuln.get("fixed_version") 

22 return str(fixed) if fixed else "-" 

23 

24 

25def parse_pip_audit_json(data: dict) -> list[Finding]: 

26 findings: list[Finding] = [] 

27 

28 dependencies = data.get("dependencies", []) if isinstance(data, dict) else [] 

29 for dep in dependencies: 

30 package = dep.get("name", "-") 

31 installed = dep.get("version", "-") 

32 for vuln in dep.get("vulns", []) or []: 

33 findings.append( 

34 Finding( 

35 source_type="python-pkg", 

36 target="Python", 

37 severity=normalize_severity(vuln.get("severity")), 

38 vulnerability_id=str(vuln.get("id") or "-"), 

39 package=str(package), 

40 installed_version=str(installed), 

41 fixed_version=_fixed_version(vuln), 

42 title=str(vuln.get("description") or vuln.get("summary") or "-"), 

43 primary_url=_best_url(vuln), 

44 ) 

45 ) 

46 

47 # Some tools may output a flat list under "vulnerabilities"; support that too. 

48 if not findings and isinstance(data, dict) and isinstance(data.get("vulnerabilities"), list): 

49 for vuln in data["vulnerabilities"]: 

50 findings.append( 

51 Finding( 

52 source_type="python-pkg", 

53 target="Python", 

54 severity=normalize_severity(vuln.get("severity")), 

55 vulnerability_id=str(vuln.get("id") or "-"), 

56 package=str(vuln.get("package") or "-"), 

57 installed_version=str(vuln.get("installed_version") or "-"), 

58 fixed_version=_fixed_version(vuln), 

59 title=str(vuln.get("description") or vuln.get("summary") or "-"), 

60 primary_url=_best_url(vuln), 

61 ) 

62 ) 

63 

64 return findings