aboutcode-org · keshav-space · Mar 29, 2023 · Feb 28, 2023 · Feb 28, 2023 · Feb 28, 2023
diff --git a/vulntotal/datasources/github.py b/vulntotal/datasources/github.py
@@ -58,9 +58,9 @@ def supported_ecosystem(cls):
             "pypi": "PIP",
             "gem": "RUBYGEMS",
             "golang": "GO",
-            "rust": "RUST",
+            "cargo": "RUST",
             "npm": "NPM",
-            "erlang": "ERLANG",
+            "hex": "ERLANG",
         }
 
 

diff --git a/vulntotal/datasources/osv.py b/vulntotal/datasources/osv.py
@@ -51,12 +51,12 @@ def supported_ecosystem(cls):
             "golang": "Go",
             "nuget": "NuGet",
             "pypi": "PyPI",
-            "rubygems": "RubyGems",
-            "crates.io": "crates.io",
+            "gem": "RubyGems",
+            "cargo": "crates.io",
             "composer": "Packagist",
             "linux": "Linux",
             "oss-fuzz": "OSS-Fuzz",
-            "debian": "Debian",
+            "deb": "Debian",
             "hex": "Hex",
             "android": "Android",
         }

diff --git a/vulntotal/datasources/snyk.py b/vulntotal/datasources/snyk.py
@@ -60,7 +60,7 @@ def supported_ecosystem(cls):
             "npm": "npm",
             "nuget": "nuget",
             "pypi": "pip",
-            "rubygems": "rubygems",
+            "gem": "rubygems",
             # any purl.type not in supported_ecosystem shall implicitly be treated as unmanaged type
             "unmanaged": "unmanaged",
         }

diff --git a/vulntotal/datasources/vulnerablecode.py b/vulntotal/datasources/vulnerablecode.py
@@ -53,7 +53,7 @@ def datasource_advisory(self, purl) -> Iterable[VendorData]:
             for advisory in metadata_advisories[0]["affected_by_vulnerabilities"]:
                 fetched_advisory = self.fetch_get_json(advisory["url"])
                 self._raw_dump.append(fetched_advisory)
-                yield parse_advisory(fetched_advisory)
+                yield parse_advisory(fetched_advisory, purl)
 
     @classmethod
     def supported_ecosystem(cls):
@@ -74,14 +74,18 @@ def supported_ecosystem(cls):
         }
 
 
-def parse_advisory(fetched_advisory) -> VendorData:
+def parse_advisory(fetched_advisory, purl) -> VendorData:
     aliases = [aliase["alias"] for aliase in fetched_advisory["aliases"]]
     affected_versions = []
     fixed_versions = []
     for instance in fetched_advisory["affected_packages"]:
-        affected_versions.append(PackageURL.from_string(instance["purl"]).version)
+        affected_purl = PackageURL.from_string(instance["purl"])
+        if affected_purl.type == purl.type:
+            affected_versions.append(affected_purl.version)
     for instance in fetched_advisory["fixed_packages"]:
-        fixed_versions.append(PackageURL.from_string(instance["purl"]).version)
+        fixed_purl = PackageURL.from_string(instance["purl"])
+        if fixed_purl.type == purl.type:
+            fixed_versions.append(fixed_purl.version)
     return VendorData(
         aliases=aliases, affected_versions=affected_versions, fixed_versions=fixed_versions
     )

diff --git a/vulntotal/tests/test_github.py b/vulntotal/tests/test_github.py
@@ -28,8 +28,8 @@ def test_generate_graphql_payload(self):
             "pkg:npm/semver-regex@3.1.3",
             "pkg:golang/github.com/cloudflare/cfrpki@0.1.0",
             "pkg:composer/symfony/symfony@2.7.1",
-            "pkg:rust/slice-deque@0.1.0",
-            "pkg:erlang/alchemist.vim@1.3.0",
+            "pkg:cargo/slice-deque@0.1.0",
+            "pkg:hex/alchemist.vim@1.3.0",
             "pkg:gem/ftpd@0.0.1",
         ]
         results = [

diff --git a/vulntotal/tests/test_osv.py b/vulntotal/tests/test_osv.py
@@ -25,11 +25,11 @@ def test_generate_payload(self):
         purls = [
             "pkg:pypi/jinja2@2.4.1",
             "pkg:android/System@10",
-            "pkg:debian:8/davical@1.1.3-1",
+            "pkg:deb:8/davical@1.1.3-1",
             "pkg:maven/org.apache.tomcat/tomcat@10.1.0-M8",
             "pkg:linux/Kernel@v5.4.195",
             "pkg:packagist/dolibarr/dolibarr@12.0.5",
-            "pkg:crates.io/sha2@0.9.7",
+            "pkg:cargo/sha2@0.9.7",
             "pkg:npm/semver-regex@3.1.3",
             "pkg:golang/github.com/cloudflare/cfrpki@1.1.0",
         ]

diff --git a/vulntotal/tests/test_snyk.py b/vulntotal/tests/test_snyk.py
@@ -30,7 +30,7 @@ def test_generate_package_advisory_url(self):
             "pkg:nuget/moment.js@2.18.0",
             "pkg:cocoapods/ffmpeg@0.2",
             "pkg:hex/coherence@0.2.1",
-            "pkg:rubygems/log4j-jars@0.2",
+            "pkg:gem/log4j-jars@0.2",
             "pkg:unmanaged/firefox@8.9.1",
         ]
         results = [

diff --git a/vulntotal/tests/test_vulnerablecode.py b/vulntotal/tests/test_vulnerablecode.py
@@ -11,6 +11,7 @@
 from pathlib import Path
 
 from commoncode import testcase
+from packageurl import PackageURL
 
 from vulnerabilities.tests import util_tests
 from vulntotal.datasources import vulnerablecode
@@ -23,6 +24,7 @@ def test_parse_advisory(self):
         advisory_file = self.get_test_loc("advisory.json")
         with open(advisory_file) as f:
             advisory = json.load(f)
-        results = [vulnerablecode.parse_advisory(adv).to_dict() for adv in advisory]
+        input_purl = PackageURL.from_string("pkg:maven/org.apache.tomcat/tomcat@10.1.0-M5")
+        results = [vulnerablecode.parse_advisory(adv, input_purl).to_dict() for adv in advisory]
         expected_file = self.get_test_loc("parse_advisory-expected.json", must_exist=False)
         util_tests.check_results_against_json(results, expected_file)