Update Alpine to avoid fetching the same URL links multiple times

ziadhany · ziadhany · commit 86a1c65e8bc5 · 2026-02-10T16:06:29.000+02:00
Signed-off-by: ziad hany &lt;ziadhany2016@gmail.com&gt;
diff --git a/vulnerabilities/pipelines/v2_importers/alpine_linux_importer.py b/vulnerabilities/pipelines/v2_importers/alpine_linux_importer.py
@@ -49,12 +49,17 @@ def collect_advisories(self) -> Iterable[AdvisoryData]:
         advisory_directory_links = fetch_advisory_directory_links(
             page_response_content, self.url, self.log
         )
-        advisory_links = []
+        advisory_links = set()
+        visited_directories = set()
         for advisory_directory_link in advisory_directory_links:
+            if advisory_directory_link in visited_directories:
+                continue
+
             advisory_directory_page = fetch_response(advisory_directory_link).content
-            advisory_links.extend(
+            advisory_links.update(
                 fetch_advisory_links(advisory_directory_page, advisory_directory_link, self.log)
             )
+
         for link in advisory_links:
             record = fetch_response(link).json()
             if not record["packages"]:
@@ -241,11 +246,10 @@ def load_advisories(
             try:
                 fixed_version_range = AlpineLinuxVersionRange.from_versions([version])
             except InvalidVersion as e:
-                if logger:
-                    logger(
-                        f"{version!r} is not a valid AlpineVersion {e!r}",
-                        level=logging.DEBUG,
-                    )
+                logger(
+                    f"{version!r} is not a valid AlpineVersion {e!r}",
+                    level=logging.DEBUG,
+                )
 
             if not isinstance(archs, List):
                 if logger:
@@ -258,33 +262,36 @@ def load_advisories(
             if archs and fixed_version_range:
                 for arch in archs:
                     qualifiers["arch"] = arch
+                    purl = PackageURL(
+                        type="apk",
+                        namespace="alpine",
+                        name=pkg_infos["name"],
+                        qualifiers=qualifiers,
+                    )
                     affected_packages.append(
                         AffectedPackageV2(
-                            package=PackageURL(
-                                type="apk",
-                                namespace="alpine",
-                                name=pkg_infos["name"],
-                                qualifiers=qualifiers,
-                            ),
+                            package=purl,
                             fixed_version_range=fixed_version_range,
                         )
                     )
 
             if not archs and fixed_version_range:
                 # there is no arch, this is not an arch-specific package
+                purl = PackageURL(
+                    type="apk",
+                    namespace="alpine",
+                    name=pkg_infos["name"],
+                    qualifiers=qualifiers,
+                )
                 affected_packages.append(
                     AffectedPackageV2(
-                        package=PackageURL(
-                            type="apk",
-                            namespace="alpine",
-                            name=pkg_infos["name"],
-                            qualifiers=qualifiers,
-                        ),
+                        package=purl,
                         fixed_version_range=fixed_version_range,
                     )
                 )
 
-            for advisory_id in aliases:
+            for cve in aliases:
+                advisory_id = f"{pkg_infos['name']}/{qualifiers['distroversion']}/{cve}"
                 yield AdvisoryData(
                     advisory_id=advisory_id,
                     aliases=[],
diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_alpine_linux_importer_pipeline.py b/vulnerabilities/tests/pipelines/v2_importers/test_alpine_linux_importer_pipeline.py
@@ -34,7 +34,7 @@ def test_process_record():
     logger = TestLogger()
     expected_advisories = [
         AdvisoryData(
-            advisory_id="XSA-248",
+            advisory_id="xen/v3.11/XSA-248",
             aliases=[],
             summary="",
             affected_packages=[
@@ -203,7 +203,7 @@ def test_process_record():
             original_advisory_text=None,
         ),
         AdvisoryData(
-            advisory_id="XSA-252",
+            advisory_id="xen/v3.11/XSA-252",
             aliases=[],
             summary="",
             affected_packages=[],
@@ -223,7 +223,7 @@ def test_process_record():
             original_advisory_text=None,
         ),
         AdvisoryData(
-            advisory_id="CVE-2018-7540",
+            advisory_id="xen/v3.11/CVE-2018-7540",
             aliases=[],
             summary="",
             affected_packages=[
@@ -397,7 +397,7 @@ def test_process_record():
             original_advisory_text=None,
         ),
         AdvisoryData(
-            advisory_id="XSA-252",
+            advisory_id="xen/v3.11/XSA-252",
             aliases=[],
             summary="",
             affected_packages=[
@@ -571,7 +571,7 @@ def test_process_record():
             original_advisory_text=None,
         ),
         AdvisoryData(
-            advisory_id="CVE-2017-9669",
+            advisory_id="apk-tools/v3.11/CVE-2017-9669",
             aliases=[],
             summary="",
             affected_packages=[
@@ -740,7 +740,7 @@ def test_process_record():
             original_advisory_text=None,
         ),
         AdvisoryData(
-            advisory_id="CVE-2017-9671",
+            advisory_id="apk-tools/v3.11/CVE-2017-9671",
             aliases=[],
             summary="",
             affected_packages=[
@@ -909,6 +909,7 @@ def test_process_record():
             original_advisory_text=None,
         ),
     ]
+
     with open(TEST_DATA / "v3.11/main.json") as f:
         found_advisories = list(
             process_record(
