Sort aliases in github advisory

TG1999 · TG1999 · commit 9b99070c139a · 2022-05-24T14:50:19.000+05:30
Signed-off-by: Tushar Goel &lt;tushar.goel.dav@gmail.com&gt;
diff --git a/vulnerabilities/importers/github.py b/vulnerabilities/importers/github.py
@@ -320,7 +320,7 @@ def process_response(resp: dict, package_type: str) -> Iterable[AdvisoryData]:
                 logger.error(f"Unknown identifier type {identifier_type!r} and value {value!r}")
 
         yield AdvisoryData(
-            aliases=dedupe(aliases),
+            aliases=sorted(dedupe(aliases)),
             summary=summary,
             references=references,
             affected_packages=affected_packages,
diff --git a/vulnerabilities/tests/test_data/github_api/composer-expected.json b/vulnerabilities/tests/test_data/github_api/composer-expected.json
@@ -1,8 +1,8 @@
 [
   {
     "aliases": [
-      "GHSA-6qcc-whgp-pjj2",
-      "CVE-2022-0832"
+      "CVE-2022-0832",
+      "GHSA-6qcc-whgp-pjj2"
     ],
     "summary": "Cross-site Scripting in Pimcore",
     "affected_packages": [
@@ -50,8 +50,8 @@
   },
   {
     "aliases": [
-      "GHSA-q67f-3jq4-mww2",
-      "CVE-2022-0831"
+      "CVE-2022-0831",
+      "GHSA-q67f-3jq4-mww2"
     ],
     "summary": "Cross-site Scripting in Pimcore",
     "affected_packages": [
@@ -99,8 +99,8 @@
   },
   {
     "aliases": [
-      "GHSA-x28w-hvwc-mp75",
-      "CVE-2022-0895"
+      "CVE-2022-0895",
+      "GHSA-x28w-hvwc-mp75"
     ],
     "summary": "Static Code Injection in Microweber",
     "affected_packages": [
@@ -148,8 +148,8 @@
   },
   {
     "aliases": [
-      "GHSA-gj26-g5qf-jrh7",
-      "CVE-2022-0589"
+      "CVE-2022-0589",
+      "GHSA-gj26-g5qf-jrh7"
     ],
     "summary": "Cross-site Scripting in librenms",
     "affected_packages": [
diff --git a/vulnerabilities/tests/test_data/github_api/gem-expected.json b/vulnerabilities/tests/test_data/github_api/gem-expected.json
@@ -1,8 +1,8 @@
 [
   {
     "aliases": [
-      "GHSA-6mq2-37j5-w6r6",
-      "CVE-2009-4492"
+      "CVE-2009-4492",
+      "GHSA-6mq2-37j5-w6r6"
     ],
     "summary": "Moderate severity vulnerability that affects webrick",
     "affected_packages": [
@@ -85,8 +85,8 @@
   },
   {
     "aliases": [
-      "GHSA-w749-p3v6-hccq",
-      "CVE-2022-21831"
+      "CVE-2022-21831",
+      "GHSA-w749-p3v6-hccq"
     ],
     "summary": "Possible code injection vulnerability in Rails / Active Storage",
     "affected_packages": [
@@ -139,8 +139,8 @@
   },
   {
     "aliases": [
-      "GHSA-w749-p3v6-hccq",
-      "CVE-2022-21831"
+      "CVE-2022-21831",
+      "GHSA-w749-p3v6-hccq"
     ],
     "summary": "Possible code injection vulnerability in Rails / Active Storage",
     "affected_packages": [
@@ -193,8 +193,8 @@
   },
   {
     "aliases": [
-      "GHSA-w749-p3v6-hccq",
-      "CVE-2022-21831"
+      "CVE-2022-21831",
+      "GHSA-w749-p3v6-hccq"
     ],
     "summary": "Possible code injection vulnerability in Rails / Active Storage",
     "affected_packages": [
@@ -247,8 +247,8 @@
   },
   {
     "aliases": [
-      "GHSA-w749-p3v6-hccq",
-      "CVE-2022-21831"
+      "CVE-2022-21831",
+      "GHSA-w749-p3v6-hccq"
     ],
     "summary": "Possible code injection vulnerability in Rails / Active Storage",
     "affected_packages": [
diff --git a/vulnerabilities/tests/test_data/github_api/golang-expected.json b/vulnerabilities/tests/test_data/github_api/golang-expected.json
@@ -1,8 +1,8 @@
 [
   {
     "aliases": [
-      "GHSA-vj3f-3286-r4pf",
-      "CVE-2014-9356"
+      "CVE-2014-9356",
+      "GHSA-vj3f-3286-r4pf"
     ],
     "summary": "Path Traversal in Docker",
     "affected_packages": [
@@ -65,8 +65,8 @@
   },
   {
     "aliases": [
-      "GHSA-vj3f-3286-r4pf",
-      "CVE-2014-9356"
+      "CVE-2014-9356",
+      "GHSA-vj3f-3286-r4pf"
     ],
     "summary": "Path Traversal in Docker",
     "affected_packages": [
@@ -129,8 +129,8 @@
   },
   {
     "aliases": [
-      "GHSA-2hfj-cxw7-g45p",
-      "CVE-2021-39183"
+      "CVE-2021-39183",
+      "GHSA-2hfj-cxw7-g45p"
     ],
     "summary": "Unsafe inline XSS in pasting DOM element into chat",
     "affected_packages": [
diff --git a/vulnerabilities/tests/test_data/github_api/maven-expected.json b/vulnerabilities/tests/test_data/github_api/maven-expected.json
@@ -1,8 +1,8 @@
 [
   {
     "aliases": [
-      "GHSA-qcxh-w3j9-58qr",
-      "CVE-2019-0199"
+      "CVE-2019-0199",
+      "GHSA-qcxh-w3j9-58qr"
     ],
     "summary": "Denial of Service in Tomcat",
     "affected_packages": [
@@ -35,8 +35,8 @@
   },
   {
     "aliases": [
-      "GHSA-qcxh-w3j9-58qr",
-      "CVE-2019-0199"
+      "CVE-2019-0199",
+      "GHSA-qcxh-w3j9-58qr"
     ],
     "summary": "Denial of Service in Tomcat",
     "affected_packages": [
@@ -69,8 +69,8 @@
   },
   {
     "aliases": [
-      "GHSA-c9hw-wf7x-jp9j",
-      "CVE-2020-1938"
+      "CVE-2020-1938",
+      "GHSA-c9hw-wf7x-jp9j"
     ],
     "summary": "Improper Input Validation in Tomcat",
     "affected_packages": [
@@ -103,8 +103,8 @@
   },
   {
     "aliases": [
-      "GHSA-c9hw-wf7x-jp9j",
-      "CVE-2020-1938"
+      "CVE-2020-1938",
+      "GHSA-c9hw-wf7x-jp9j"
     ],
     "summary": "Improper Input Validation in Tomcat",
     "affected_packages": [
@@ -137,8 +137,8 @@
   },
   {
     "aliases": [
-      "GHSA-c9hw-wf7x-jp9j",
-      "CVE-2020-1938"
+      "CVE-2020-1938",
+      "GHSA-c9hw-wf7x-jp9j"
     ],
     "summary": "Improper Input Validation in Tomcat",
     "affected_packages": [
diff --git a/vulnerabilities/tests/test_data/github_api/nuget-expected.json b/vulnerabilities/tests/test_data/github_api/nuget-expected.json
@@ -1,8 +1,8 @@
 [
   {
     "aliases": [
-      "GHSA-ph3v-2hq5-5qfq",
-      "CVE-2021-46703"
+      "CVE-2021-46703",
+      "GHSA-ph3v-2hq5-5qfq"
     ],
     "summary": "Code injection in RazorEngine",
     "affected_packages": [
@@ -45,8 +45,8 @@
   },
   {
     "aliases": [
-      "GHSA-gcx5-3p5f-f8vp",
-      "CVE-2022-23395"
+      "CVE-2022-23395",
+      "GHSA-gcx5-3p5f-f8vp"
     ],
     "summary": "Prototype Pollution in jquery.cookie",
     "affected_packages": [
@@ -89,8 +89,8 @@
   },
   {
     "aliases": [
-      "GHSA-vv6j-ww6x-54gx",
-      "CVE-2022-0609"
+      "CVE-2022-0609",
+      "GHSA-vv6j-ww6x-54gx"
     ],
     "summary": "Use after free in Animation",
     "affected_packages": [
@@ -133,8 +133,8 @@
   },
   {
     "aliases": [
-      "GHSA-j8f4-2w4p-mhjc",
-      "CVE-2017-0256"
+      "CVE-2017-0256",
+      "GHSA-j8f4-2w4p-mhjc"
     ],
     "summary": "Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc",
     "affected_packages": [
diff --git a/vulnerabilities/tests/test_data/github_api/pypi-expected.json b/vulnerabilities/tests/test_data/github_api/pypi-expected.json
@@ -44,8 +44,8 @@
   },
   {
     "aliases": [
-      "GHSA-8vj2-vxx3-667w",
-      "CVE-2022-22817"
+      "CVE-2022-22817",
+      "GHSA-8vj2-vxx3-667w"
     ],
     "summary": "Arbitrary expression injection in Pillow",
     "affected_packages": [
@@ -108,8 +108,8 @@
   },
   {
     "aliases": [
-      "GHSA-9j59-75qj-795w",
-      "CVE-2022-24303"
+      "CVE-2022-24303",
+      "GHSA-9j59-75qj-795w"
     ],
     "summary": "Path traversal in Pillow",
     "affected_packages": [
@@ -157,8 +157,8 @@
   },
   {
     "aliases": [
-      "GHSA-8r7c-3cm2-3h8f",
-      "CVE-2022-23578"
+      "CVE-2022-23578",
+      "GHSA-8r7c-3cm2-3h8f"
     ],
     "summary": "Memory leak in Tensorflow",
     "affected_packages": [
