Skip to content

Commit 1c9a82c

Browse files
keshav-spacekeshav-space
authored
Merge pull request #1139 from keshav-space/improve_vt
fix ecosystem mappings and filter out fixed and affected package based on purl.type in VCIO
2 parents 33b3d92 + 044414a commit 1c9a82c

File tree

8 files changed

+22
-16
lines changed

8 files changed

+22
-16
lines changed

vulntotal/datasources/github.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -58,9 +58,9 @@ def supported_ecosystem(cls):
5858
"pypi": "PIP",
5959
"gem": "RUBYGEMS",
6060
"golang": "GO",
61-
"rust": "RUST",
61+
"cargo": "RUST",
6262
"npm": "NPM",
63-
"erlang": "ERLANG",
63+
"hex": "ERLANG",
6464
}
6565

6666

vulntotal/datasources/osv.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -51,12 +51,12 @@ def supported_ecosystem(cls):
5151
"golang": "Go",
5252
"nuget": "NuGet",
5353
"pypi": "PyPI",
54-
"rubygems": "RubyGems",
55-
"crates.io": "crates.io",
54+
"gem": "RubyGems",
55+
"cargo": "crates.io",
5656
"composer": "Packagist",
5757
"linux": "Linux",
5858
"oss-fuzz": "OSS-Fuzz",
59-
"debian": "Debian",
59+
"deb": "Debian",
6060
"hex": "Hex",
6161
"android": "Android",
6262
}

vulntotal/datasources/snyk.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ def supported_ecosystem(cls):
6060
"npm": "npm",
6161
"nuget": "nuget",
6262
"pypi": "pip",
63-
"rubygems": "rubygems",
63+
"gem": "rubygems",
6464
# any purl.type not in supported_ecosystem shall implicitly be treated as unmanaged type
6565
"unmanaged": "unmanaged",
6666
}

vulntotal/datasources/vulnerablecode.py

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ def datasource_advisory(self, purl) -> Iterable[VendorData]:
5353
for advisory in metadata_advisories[0]["affected_by_vulnerabilities"]:
5454
fetched_advisory = self.fetch_get_json(advisory["url"])
5555
self._raw_dump.append(fetched_advisory)
56-
yield parse_advisory(fetched_advisory)
56+
yield parse_advisory(fetched_advisory, purl)
5757

5858
@classmethod
5959
def supported_ecosystem(cls):
@@ -74,14 +74,18 @@ def supported_ecosystem(cls):
7474
}
7575

7676

77-
def parse_advisory(fetched_advisory) -> VendorData:
77+
def parse_advisory(fetched_advisory, purl) -> VendorData:
7878
aliases = [aliase["alias"] for aliase in fetched_advisory["aliases"]]
7979
affected_versions = []
8080
fixed_versions = []
8181
for instance in fetched_advisory["affected_packages"]:
82-
affected_versions.append(PackageURL.from_string(instance["purl"]).version)
82+
affected_purl = PackageURL.from_string(instance["purl"])
83+
if affected_purl.type == purl.type:
84+
affected_versions.append(affected_purl.version)
8385
for instance in fetched_advisory["fixed_packages"]:
84-
fixed_versions.append(PackageURL.from_string(instance["purl"]).version)
86+
fixed_purl = PackageURL.from_string(instance["purl"])
87+
if fixed_purl.type == purl.type:
88+
fixed_versions.append(fixed_purl.version)
8589
return VendorData(
8690
aliases=aliases, affected_versions=affected_versions, fixed_versions=fixed_versions
8791
)

vulntotal/tests/test_github.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,8 +28,8 @@ def test_generate_graphql_payload(self):
2828
"pkg:npm/[email protected]",
2929
"pkg:golang/github.com/cloudflare/[email protected]",
3030
"pkg:composer/symfony/[email protected]",
31-
"pkg:rust/[email protected]",
32-
"pkg:erlang/[email protected]",
31+
"pkg:cargo/[email protected]",
32+
"pkg:hex/[email protected]",
3333
"pkg:gem/[email protected]",
3434
]
3535
results = [

vulntotal/tests/test_osv.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,11 +25,11 @@ def test_generate_payload(self):
2525
purls = [
2626
"pkg:pypi/[email protected]",
2727
"pkg:android/System@10",
28-
"pkg:debian:8/[email protected]",
28+
"pkg:deb:8/[email protected]",
2929
"pkg:maven/org.apache.tomcat/[email protected]",
3030
"pkg:linux/[email protected]",
3131
"pkg:packagist/dolibarr/[email protected]",
32-
"pkg:crates.io/[email protected]",
32+
"pkg:cargo/[email protected]",
3333
"pkg:npm/[email protected]",
3434
"pkg:golang/github.com/cloudflare/[email protected]",
3535
]

vulntotal/tests/test_snyk.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ def test_generate_package_advisory_url(self):
3030
"pkg:nuget/[email protected]",
3131
"pkg:cocoapods/[email protected]",
3232
"pkg:hex/[email protected]",
33-
"pkg:rubygems/[email protected]",
33+
"pkg:gem/[email protected]",
3434
"pkg:unmanaged/[email protected]",
3535
]
3636
results = [

vulntotal/tests/test_vulnerablecode.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
from pathlib import Path
1212

1313
from commoncode import testcase
14+
from packageurl import PackageURL
1415

1516
from vulnerabilities.tests import util_tests
1617
from vulntotal.datasources import vulnerablecode
@@ -23,6 +24,7 @@ def test_parse_advisory(self):
2324
advisory_file = self.get_test_loc("advisory.json")
2425
with open(advisory_file) as f:
2526
advisory = json.load(f)
26-
results = [vulnerablecode.parse_advisory(adv).to_dict() for adv in advisory]
27+
input_purl = PackageURL.from_string("pkg:maven/org.apache.tomcat/[email protected]")
28+
results = [vulnerablecode.parse_advisory(adv, input_purl).to_dict() for adv in advisory]
2729
expected_file = self.get_test_loc("parse_advisory-expected.json", must_exist=False)
2830
util_tests.check_results_against_json(results, expected_file)

0 commit comments

Comments
 (0)