feat(osv): Enable querying vulnerabilities for the SwiftURL ecosystem

Since the package identifiers in OSV's vulnerability data for the SwiftURL ecosystem have become consistent [1], it is now clear how to construct the requests. Simply add the missing mapping and a test to enable retrieving vulnerabilities for Swift packages. Fixes #7841. [1] google/osv.dev#1923 (comment) Signed-off-by: Frank Viernau <frank_viernau@epam.com>
oss-review-toolkit · May 24, 2024 · c7edb85 · c7edb85
1 parent 740b7d6
commit c7edb85
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 1 deletion.
diff --git a/clients/osv/src/main/kotlin/Model.kt b/clients/osv/src/main/kotlin/Model.kt
@@ -119,6 +119,7 @@ object Ecosystem {
     const val PUB = "Pub"
     const val PYPI = "PyPI"
     const val RUBY_GEMS = "RubyGems"
+    const val SWIFT_URL = "SwiftURL"
 }
 
 @Serializable(EventSerializer::class)

diff --git a/plugins/advisors/osv/src/funTest/kotlin/OsvFunTest.kt b/plugins/advisors/osv/src/funTest/kotlin/OsvFunTest.kt
@@ -48,7 +48,8 @@ class OsvFunTest : StringSpec({
             "NPM::rebber:1.0.0",
             "NuGet::Bunkum:4.0.0",
             "Pub::http:0.13.1",
-            "PyPI::django:3.2"
+            "PyPI::django:3.2",
+            "Swift::github.com/apple/swift-nio:2.41.0"
         ).mapTo(mutableSetOf()) {
             identifierToPackage(it)
         }

diff --git a/plugins/advisors/osv/src/main/kotlin/Osv.kt b/plugins/advisors/osv/src/main/kotlin/Osv.kt
@@ -159,6 +159,7 @@ private fun createRequest(pkg: Package): VulnerabilitiesForPackageRequest? {
         "Maven" -> Ecosystem.MAVEN
         "Pub" -> Ecosystem.PUB
         "PyPI" -> Ecosystem.PYPI
+        "Swift" -> Ecosystem.SWIFT_URL
         else -> null
     }