Skip to content

Commit

Permalink
Yield advisory only with aliases
Browse files Browse the repository at this point in the history 
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
  • Loading branch information
@TG1999
TG1999 committed Nov 18, 2022
1 parent 654bff0 commit ef6ac54
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 8 deletions.
8 changes: 0 additions & 8 deletions vulnerabilities/importers/npm.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,14 +106,6 @@ def to_advisory_data(self, file: Path) -> List[AdvisoryData]:
aliases=[alias],
)

if not advsisory_aliases:
yield AdvisoryData(
summary=build_description(summary=summary, description=description),
references=references,
date_published=date_published,
affected_packages=affected_packages,
)

def get_affected_package(self, data, package_name):
vulnerable_range = data.get("vulnerable_versions") or ""

Expand Down
21 changes: 21 additions & 0 deletions vulnerabilities/tests/test_npm.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,15 @@

import os

from packageurl import PackageURL
from univers.version_constraint import VersionConstraint
from univers.version_range import NpmVersionRange
from univers.versions import SemverVersion

from vulnerabilities.importer import AffectedPackage
from vulnerabilities.importers.npm import NpmImporter
from vulnerabilities.tests import util_tests
from vulnerabilities.utils import load_json

BASE_DIR = os.path.dirname(os.path.abspath(__file__))
TEST_DATA = os.path.join(BASE_DIR, "test_data/")
Expand All @@ -22,3 +29,17 @@ def test_npm_importer():
result = [adv.to_dict() for adv in NpmImporter().to_advisory_data(file=file)]
expected_file = os.path.join(TEST_DATA, f"parse-advisory-npm-expected.json")
util_tests.check_results_against_json(result, expected_file)


def test_get_affected_package():
file = os.path.join(TEST_DATA, "npm_sample.json")
data = load_json(file)
assert AffectedPackage(
package=PackageURL(
type="npm", namespace=None, name="npm", version=None, qualifiers={}, subpath=None
),
affected_version_range=NpmVersionRange(
constraints=(VersionConstraint(comparator="<", version=SemverVersion(string="1.3.3")),)
),
fixed_version=SemverVersion(string="1.3.3"),
) == NpmImporter().get_affected_package(data, "npm")

0 comments on commit ef6ac54

Please sign in to comment.