Xray 129870 python hyphens fix (#609)

Author: basel1322

commands/curation/curationaudit.go

@@ -955,18 +955,31 @@ func getUrlNameAndVersionByTech(tech techutils.Technology, node *xrayUtils.Graph
 }
 
 func getPythonNameVersion(id string, downloadUrlsMap map[string]string) (downloadUrls []string, name, version string) {
-	if downloadUrlsMap != nil {
-		if dl, ok := downloadUrlsMap[id]; ok {
-			downloadUrls = []string{dl}
-		} else {
-			log.Warn(fmt.Sprintf("couldn't find download url for node id %s", id))
-		}
+	idWithoutPrefix := strings.TrimPrefix(id, python.PythonPackageTypeIdentifier)
+	parts := strings.Split(idWithoutPrefix, ":")
+	if len(parts) < 2 {
+		log.Debug(fmt.Sprintf("Package %s has unexpected format", id))
+		return
 	}
-	id = strings.TrimPrefix(id, python.PythonPackageTypeIdentifier)
-	allParts := strings.Split(id, ":")
-	if len(allParts) >= 2 {
-		name = allParts[0]
-		version = allParts[1]
+
+	name, version = parts[0], parts[1]
+
+	if downloadUrlsMap == nil {
+		return
+	}
+	if dl, ok := downloadUrlsMap[id]; ok {
+		downloadUrls = []string{dl}
+		return
+	}
+
+	// Python package names are case-insensitive and treat hyphens/underscores as equivalentl.
+	// The download URLs map uses normalized names, so we normalize the id to find a match.
+	normalizedName := strings.ReplaceAll(strings.ToLower(strings.TrimSpace(parts[0])), "-", "_")
+	normalizedId := python.PythonPackageTypeIdentifier + normalizedName + ":" + strings.TrimSpace(parts[1])
+	if dl, ok := downloadUrlsMap[normalizedId]; ok {
+		downloadUrls = []string{dl}
+	} else {
+		log.Warn(fmt.Sprintf("couldn't find download url for node id %s in report.json", id))
 	}
 	return
 }

commands/curation/curationaudit_test.go

@@ -704,8 +704,10 @@ func getTestCasesForDoCurationAudit() []testCase {
 				"pip":                                   filepath.Join("resources", "pip-resp"),
 				"pexpect":                               filepath.Join("resources", "pexpect-resp"),
 				"ptyprocess":                            filepath.Join("resources", "ptyprocess-resp"),
+				"typing-extensions":                     filepath.Join("resources", "typing-extensions-resp"),
 				"pexpect-4.8.0-py2.py3-none-any.whl":    filepath.Join("resources", "pexpect-4.8.0-py2.py3-none-any.whl"),
 				"ptyprocess-0.7.0-py2.py3-none-any.whl": filepath.Join("resources", "ptyprocess-0.7.0-py2.py3-none-any.whl"),
+				"typing_extensions-4.15.0-py3-none-any.whl": filepath.Join("resources", "typing_extensions-4.15.0-py3-none-any.whl"),
 			},
 			requestToFail: map[string]bool{
 				"/api/pypi/pypi-remote/packages/packages/39/7b/88dbb785881c28a102619d46423cb853b46dbccc70d3ac362d99773a78ce/pexpect-4.8.0-py2.py3-none-any.whl": false,

tests/testdata/projects/package-managers/python/pip/pip-curation/requirements.txt

@@ -1 +1,2 @@
-pexpect==4.8.0
+pexpect==4.8.0
+typing-extensions==4.15.0

tests/testdata/projects/package-managers/python/pip/pip-curation/resources/typing-extensions-resp

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <title>Simple Index</title>
+    <meta name="api-version" value="2" />
+</head>
+
+<body>
+    <a href="../../packages/packages/18/67/36e9267722cc04a6b9f15c7f3441c2363321a3ea07da7ae0c0707beb2a9c/typing_extensions-4.15.0-py3-none-any.whl#sha256=f0fa19c6845758ab08074a0cfa8b7aecb71c999ca73d62883bc25cc018c4e548"
+        rel="internal">typing_extensions-4.15.0-py3-none-any.whl</a>
+</body>
+
+</html>