Add coordinates

ArBridgeman · ArBridgeman · commit 4cb93f3a2bdd · 2025-11-05T14:55:57.000+01:00
diff --git a/exasol/toolbox/tools/security.py b/exasol/toolbox/tools/security.py
@@ -186,7 +186,7 @@ def from_pip_audit(report: str) -> Iterable[Issue]:
                 cve=sorted(cves)[0],
                 cwe="None" if not cwes else ", ".join(cwes),
                 description=vulnerability["description"],
-                coordinates=f"{vulnerability['name']}:{vulnerability['version']}",
+                coordinates=vulnerability["coordinates"],
                 references=tuple(links),
             )
 
diff --git a/exasol/toolbox/util/dependencies/audit.py b/exasol/toolbox/util/dependencies/audit.py
@@ -63,6 +63,7 @@ def security_issue_entry(self) -> dict[str, str | list[str]]:
             "version": str(self.version),
             "refs": [self.id] + self.aliases,
             "description": self.description,
+            "coordinates": self.coordinates,
         }
 
 
diff --git a/exasol/toolbox/util/dependencies/shared_models.py b/exasol/toolbox/util/dependencies/shared_models.py
@@ -30,12 +30,23 @@ def normalize_package_name(package_name: str) -> NormalizedPackageStr:
     return NormalizedPackageStr(package_name.lower().replace("_", "-"))
 
 
+def create_coordinates(package_name: str, version: str | Version) -> str:
+    """
+    Create a naming convention for combining a package name and its version
+    """
+    return f"{package_name}:{version}"
+
+
 class Package(BaseModel):
     model_config = ConfigDict(frozen=True, arbitrary_types_allowed=True)
 
     name: str
     version: VERSION_TYPE
 
+    @property
+    def coordinates(self):
+        return create_coordinates(package_name=self.name, version=self.version)
+
     @property
     def normalized_name(self) -> NormalizedPackageStr:
         return normalize_package_name(self.name)
diff --git a/exasol/toolbox/util/dependencies/track_changes.py b/exasol/toolbox/util/dependencies/track_changes.py
@@ -1,7 +1,5 @@
 from __future__ import annotations
 
-from typing import Optional
-
 from packaging.version import Version
 from pydantic import (
     BaseModel,
@@ -11,6 +9,7 @@
 from exasol.toolbox.util.dependencies.shared_models import (
     NormalizedPackageStr,
     Package,
+    create_coordinates,
 )
 
 
@@ -24,7 +23,8 @@ class AddedDependency(DependencyChange):
     version: Version
 
     def __str__(self) -> str:
-        return f"* Added dependency `{self.name}:{self.version}`"
+        coordinates = create_coordinates(self.name, self.version)
+        return f"* Added dependency `{coordinates}`"
 
     @classmethod
     def from_package(cls, package: Package) -> AddedDependency:
@@ -35,7 +35,8 @@ class RemovedDependency(DependencyChange):
     version: Version
 
     def __str__(self) -> str:
-        return f"* Removed dependency `{self.name}:{self.version}`"
+        coordinates = create_coordinates(self.name, self.version)
+        return f"* Removed dependency `{coordinates}`"
 
     @classmethod
     def from_package(cls, package: Package) -> RemovedDependency:
@@ -47,10 +48,8 @@ class UpdatedDependency(DependencyChange):
     current_version: Version
 
     def __str__(self) -> str:
-        return (
-            f"* Updated dependency `{self.name}:{self.previous_version}` "
-            f"to `{self.current_version}`"
-        )
+        coordinates = create_coordinates(self.name, self.previous_version)
+        return f"* Updated dependency `{coordinates}` " f"to `{self.current_version}`"
 
     @classmethod
     def from_package(
diff --git a/test/conftest.py b/test/conftest.py
@@ -66,6 +66,7 @@ def security_issue_entry(self) -> dict[str, str | list[str]]:
             "version": self.version,
             "refs": [self.vulnerability_id, self.cve_id],
             "description": self.description,
+            "coordinates": f"{self.package_name}:{self.version}",
         }
 
     @property
diff --git a/test/unit/util/dependencies/shared_models_test.py b/test/unit/util/dependencies/shared_models_test.py
@@ -49,6 +49,11 @@ def test_normalized_name(name, expected):
         dep = Package(name=name, version="0.1.0")
         assert dep.normalized_name == expected
 
+    @staticmethod
+    def test_coordinates():
+        dep = Package(name="numpy", version="0.1.0")
+        assert dep.coordinates == "numpy:0.1.0"
+
 
 def test_poetry_files_from_latest_tag():
     latest_tag = Git.get_latest_tag()

Original file line number	Diff line number	Diff line change
`@@ -186,7 +186,7 @@ def from_pip_audit(report: str) -> Iterable[Issue]:`
`186`	`186`	`cve=sorted(cves)[0],`
`187`	`187`	`cwe="None" if not cwes else ", ".join(cwes),`
`188`	`188`	`description=vulnerability["description"],`
`189`		`- coordinates=f"{vulnerability['name']}:{vulnerability['version']}",`
	`189`	`+ coordinates=vulnerability["coordinates"],`
`190`	`190`	`references=tuple(links),`
`191`	`191`	`)`
`192`	`192`
Original file line number	Diff line number	Diff line change
`@@ -63,6 +63,7 @@ def security_issue_entry(self) -> dict[str, str \| list[str]]:`
`63`	`63`	`"version": str(self.version),`
`64`	`64`	`"refs": [self.id] + self.aliases,`
`65`	`65`	`"description": self.description,`
	`66`	`+ "coordinates": self.coordinates,`
`66`	`67`	`}`
`67`	`68`
`68`	`69`
Original file line number	Diff line number	Diff line change
`@@ -66,6 +66,7 @@ def security_issue_entry(self) -> dict[str, str \| list[str]]:`
`66`	`66`	`"version": self.version,`
`67`	`67`	`"refs": [self.vulnerability_id, self.cve_id],`
`68`	`68`	`"description": self.description,`
	`69`	`+ "coordinates": f"{self.package_name}:{self.version}",`
`69`	`70`	`}`
`70`	`71`
`71`	`72`	`@property`