Refactor to PURL qualifier

Samk1710 · Samk1710 · commit 0c54f358b778 · 2026-01-27T21:46:17.000+05:30
Signed-off-by: Sampurna Pyne &lt;sampurnapyne1710@gmail.com&gt;
diff --git a/vulnerabilities/pipelines/v2_importers/tuxcare_importer.py b/vulnerabilities/pipelines/v2_importers/tuxcare_importer.py
@@ -1,7 +1,6 @@
 import json
 import logging
-from typing import Iterable
-from typing import Mapping
+from typing import Iterable, Mapping
 
 from dateutil.parser import parse
 from packageurl import PackageURL
@@ -39,6 +38,35 @@ def fetch(self) -> Iterable[Mapping]:
     def advisories_count(self) -> int:
         return len(self.response)
 
+    def _create_purl(self, project_name: str, os_name: str) -> PackageURL:
+        os_mapping = {
+            "ubuntu": ("deb", "ubuntu"),
+            "debian": ("deb", "debian"),
+            "centos": ("rpm", "centos"),
+            "almalinux": ("rpm", "almalinux"),
+            "rhel": ("rpm", "redhat"),
+            "red hat": ("rpm", "redhat"),
+            "oracle": ("rpm", "oracle"),
+            "cloudlinux": ("rpm", "cloudlinux"),
+            "alpine": ("apk", "alpine"),
+        }
+
+        qualifiers = {}
+        if os_name:
+            qualifiers["os"] = os_name
+
+        if not os_name:
+            return PackageURL(type="generic", name=project_name)
+
+        os_lower = os_name.lower()
+        for keyword, (pkg_type, namespace) in os_mapping.items():
+            if keyword in os_lower:
+                return PackageURL(
+                    type=pkg_type, namespace=namespace, name=project_name, qualifiers=qualifiers
+                )
+
+        return PackageURL(type="generic", name=project_name, qualifiers=qualifiers)
+
     def collect_advisories(self) -> Iterable[AdvisoryData]:
         for record in self.response:
             cve_id = record.get("cve", "").strip()
@@ -62,7 +90,7 @@ def collect_advisories(self) -> Iterable[AdvisoryData]:
 
             affected_packages = []
             if project_name:
-                purl = PackageURL(type="generic", name=project_name)
+                purl = self._create_purl(project_name, os_name)
 
                 affected_version_range = None
                 if version:
diff --git a/vulnerabilities/tests/test_data/tuxcare/expected.json b/vulnerabilities/tests/test_data/tuxcare/expected.json
@@ -5,7 +5,7 @@
     "summary": "TuxCare advisory for CVE-2023-52922 in squid on CloudLinux 7 ELS",
     "affected_packages": [
       {
-        "package": {"type": "generic", "namespace": "", "name": "squid", "version": "", "qualifiers": "", "subpath": ""},
+        "package": {"type": "rpm", "namespace": "cloudlinux", "name": "squid", "version": "", "qualifiers": "os=CloudLinux%207%20ELS", "subpath": ""},
         "affected_version_range": "vers:generic/3.5.20",
         "fixed_version_range": null,
         "introduced_by_commit_patches": [],
@@ -25,7 +25,7 @@
     "summary": "TuxCare advisory for CVE-2023-52922 in squid on Oracle Linux 7 ELS",
     "affected_packages": [
       {
-        "package": {"type": "generic", "namespace": "", "name": "squid", "version": "", "qualifiers": "", "subpath": ""},
+        "package": {"type": "rpm", "namespace": "oracle", "name": "squid", "version": "", "qualifiers": "os=Oracle%20Linux%207%20ELS", "subpath": ""},
         "affected_version_range": "vers:generic/3.5.20",
         "fixed_version_range": null,
         "introduced_by_commit_patches": [],
@@ -45,7 +45,7 @@
     "summary": "TuxCare advisory for CVE-2023-48161 in java-11-openjdk on RHEL 7 ELS",
     "affected_packages": [
       {
-        "package": {"type": "generic", "namespace": "", "name": "java-11-openjdk", "version": "", "qualifiers": "", "subpath": ""},
+        "package": {"type": "rpm", "namespace": "redhat", "name": "java-11-openjdk", "version": "", "qualifiers": "os=RHEL%207%20ELS", "subpath": ""},
         "affected_version_range": "vers:generic/11.0.23",
         "fixed_version_range": null,
         "introduced_by_commit_patches": [],
@@ -65,7 +65,7 @@
     "summary": "TuxCare advisory for CVE-2024-21147 in java-11-openjdk on RHEL 7 ELS",
     "affected_packages": [
       {
-        "package": {"type": "generic", "namespace": "", "name": "java-11-openjdk", "version": "", "qualifiers": "", "subpath": ""},
+        "package": {"type": "rpm", "namespace": "redhat", "name": "java-11-openjdk", "version": "", "qualifiers": "os=RHEL%207%20ELS", "subpath": ""},
         "affected_version_range": "vers:generic/11.0.23",
         "fixed_version_range": null,
         "introduced_by_commit_patches": [],
@@ -85,7 +85,7 @@
     "summary": "TuxCare advisory for CVE-2025-21587 in java-11-openjdk on RHEL 7 ELS",
     "affected_packages": [
       {
-        "package": {"type": "generic", "namespace": "", "name": "java-11-openjdk", "version": "", "qualifiers": "", "subpath": ""},
+        "package": {"type": "rpm", "namespace": "redhat", "name": "java-11-openjdk", "version": "", "qualifiers": "os=RHEL%207%20ELS", "subpath": ""},
         "affected_version_range": "vers:generic/11.0.23",
         "fixed_version_range": null,
         "introduced_by_commit_patches": [],
