2727
2828class ArchlinuxImporter (Importer ):
2929 url = "https://security.archlinux.org/json"
30- spdx_license_expression = "unknown"
30+ spdx_license_expression = "MIT"
31+ license_url = "https://github.com/archlinux/arch-security-tracker/blob/master/LICENSE"
3132
3233 def fetch (self ) -> Iterable [Mapping ]:
3334 response = fetch_response (self .url )
@@ -39,24 +40,41 @@ def advisory_data(self) -> Iterable[AdvisoryData]:
3940
4041 def parse_advisory (self , record ) -> List [AdvisoryData ]:
4142 advisories = []
42- aliases = record ["issues" ]
43- for alias in record ["issues" ]:
43+ # aliases = record["issues"]
44+ aliases = record .get ("issues" ) or []
45+ # for alias in record["issues"]:
46+ for alias in aliases :
4447 affected_packages = []
4548 for name in record ["packages" ]:
4649 summary = record .get ("type" ) or ""
4750 if summary == "unknown" :
4851 summary = ""
4952
53+ # affected_packages = AffectedPackage(
54+ # PackageURL(
55+ # name=name,
56+ # type="alpm",
57+ # namespace="archlinux",
58+ # ),
59+ # affected_version_range=ArchLinuxVersionRange.from_versions(
60+ # [record.get("affected") or ""]
61+ # ),
62+ # fixed_version=ArchLinuxVersion(record.get("fixed") or ""),
63+ # )
64+ affected = record .get ("affected" ) or ""
65+ affected_version_range = (
66+ ArchLinuxVersionRange .from_versions ([affected ]) if affected else None
67+ )
68+ fixed = record .get ("fixed" ) or ""
69+ fixed_version = ArchLinuxVersion (fixed ) if fixed else None
5070 affected_packages = AffectedPackage (
51- PackageURL (
71+ package = PackageURL (
5272 name = name ,
5373 type = "alpm" ,
5474 namespace = "archlinux" ,
5575 ),
56- affected_version_range = ArchLinuxVersionRange .from_versions (
57- [record .get ("affected" ) or "" ]
58- ),
59- fixed_version = ArchLinuxVersion (record .get ("fixed" ) or "" ),
76+ affected_version_range = affected_version_range ,
77+ fixed_version = fixed_version ,
6078 )
6179
6280 references = []
0 commit comments