filter fixed and affected package based on input purl.type

keshav-space · keshav-space · commit 044414a57643 · 2023-03-29T20:27:01.000+05:30
Signed-off-by: Keshav Priyadarshi &lt;git@keshav.space&gt;
diff --git a/vulntotal/datasources/vulnerablecode.py b/vulntotal/datasources/vulnerablecode.py
@@ -53,7 +53,7 @@ def datasource_advisory(self, purl) -> Iterable[VendorData]:
             for advisory in metadata_advisories[0]["affected_by_vulnerabilities"]:
                 fetched_advisory = self.fetch_get_json(advisory["url"])
                 self._raw_dump.append(fetched_advisory)
-                yield parse_advisory(fetched_advisory)
+                yield parse_advisory(fetched_advisory, purl)
 
     @classmethod
     def supported_ecosystem(cls):
@@ -74,14 +74,18 @@ def supported_ecosystem(cls):
         }
 
 
-def parse_advisory(fetched_advisory) -> VendorData:
+def parse_advisory(fetched_advisory, purl) -> VendorData:
     aliases = [aliase["alias"] for aliase in fetched_advisory["aliases"]]
     affected_versions = []
     fixed_versions = []
     for instance in fetched_advisory["affected_packages"]:
-        affected_versions.append(PackageURL.from_string(instance["purl"]).version)
+        affected_purl = PackageURL.from_string(instance["purl"])
+        if affected_purl.type == purl.type:
+            affected_versions.append(affected_purl.version)
     for instance in fetched_advisory["fixed_packages"]:
-        fixed_versions.append(PackageURL.from_string(instance["purl"]).version)
+        fixed_purl = PackageURL.from_string(instance["purl"])
+        if fixed_purl.type == purl.type:
+            fixed_versions.append(fixed_purl.version)
     return VendorData(
         aliases=aliases, affected_versions=affected_versions, fixed_versions=fixed_versions
     )
diff --git a/vulntotal/tests/test_vulnerablecode.py b/vulntotal/tests/test_vulnerablecode.py
@@ -11,6 +11,7 @@
 from pathlib import Path
 
 from commoncode import testcase
+from packageurl import PackageURL
 
 from vulnerabilities.tests import util_tests
 from vulntotal.datasources import vulnerablecode
@@ -23,6 +24,7 @@ def test_parse_advisory(self):
         advisory_file = self.get_test_loc("advisory.json")
         with open(advisory_file) as f:
             advisory = json.load(f)
-        results = [vulnerablecode.parse_advisory(adv).to_dict() for adv in advisory]
+        input_purl = PackageURL.from_string("pkg:maven/org.apache.tomcat/tomcat@10.1.0-M5")
+        results = [vulnerablecode.parse_advisory(adv, input_purl).to_dict() for adv in advisory]
         expected_file = self.get_test_loc("parse_advisory-expected.json", must_exist=False)
         util_tests.check_results_against_json(results, expected_file)
