99
1010import re
1111import xml .etree .ElementTree as ET
12- from collections import defaultdict
1312from pathlib import Path
1413from typing import Iterable
1514
@@ -82,22 +81,23 @@ def process_file(self, file):
8281
8382 if child .tag == "affected" :
8483 affected_packages = []
85- for purl , ( affected_ranges , fixed_ranges ) in get_affected_and_fixed_purls (
84+ for purl , constraints , is_unaffected in get_affected_and_fixed_purls (
8685 child , logger = self .log
8786 ):
88- affected_version_constraint = build_constraints (
89- affected_ranges , logger = self .log
90- )
91- fixed_version_constraint = build_constraints (fixed_ranges , logger = self .log )
92- affected_version_range = EbuildVersionRange (
93- constraints = affected_version_constraint
94- )
95- fixed_version_range = EbuildVersionRange (constraints = fixed_version_constraint )
96- affected_package = AffectedPackageV2 (
97- package = purl ,
98- affected_version_range = affected_version_range ,
99- fixed_version_range = fixed_version_range ,
100- )
87+ constraints = build_constraints (constraints , logger = self .log )
88+ version_range = EbuildVersionRange (constraints = constraints )
89+
90+ if is_unaffected :
91+ affected_package = AffectedPackageV2 (
92+ package = purl ,
93+ fixed_version_range = version_range ,
94+ )
95+ else :
96+ affected_package = AffectedPackageV2 (
97+ package = purl ,
98+ affected_version_range = version_range ,
99+ )
100+
101101 affected_packages .append (affected_package )
102102
103103 if child .tag == "impact" :
@@ -160,14 +160,10 @@ def get_affected_and_fixed_purls(affected_elem, logger):
160160 continue
161161
162162 pkg_ns , _ , pkg_name = name .rpartition ("/" )
163- # purl_components, (fixed_ranges_set, affected_ranges_set)
164- purl_ranges_map = defaultdict (lambda : {"fixed_ranges" : set (), "affected_ranges" : set ()})
165-
166163 for info in pkg :
167164 # All possible values of info.attrib['range'] =
168165 # {'gt', 'lt', 'rle', 'rge', 'rgt', 'le', 'ge', 'eq'}
169166 # rge means revision greater than equals and rgt means revision greater than
170-
171167 range_value = info .attrib .get ("range" )
172168 slot_value = info .attrib .get ("slot" )
173169 comparator_dict = {
@@ -185,24 +181,15 @@ def get_affected_and_fixed_purls(affected_elem, logger):
185181 logger (f"Unsupported range value { range_value } { info .text } )
186182 continue
187183
188- if info .tag == "unaffected" :
189- purl_ranges_map [(pkg_name , pkg_ns , slot_value )]["fixed_ranges" ].add (
190- (comparator , info .text )
191- )
192-
193- elif info .tag == "vulnerable" :
194- purl_ranges_map [(pkg_name , pkg_ns , slot_value )]["affected_ranges" ].add (
195- (comparator , info .text )
196- )
197-
198- if range_value in ["rgt" , "rge" , "rle" ]:
199- next_minor_version = GentooVersion (info .text ).bump ()
200- invert_comp = "<" if range_value in ["rgt" , "rge" ] else ">"
201- purl_ranges_map [(pkg_name , pkg_ns , slot_value )]["fixed_ranges" ].add (
202- (invert_comp , next_minor_version )
203- )
204-
205- for (pkg_name , pkg_ns , slot_value ), data in purl_ranges_map .items ():
206184 qualifiers = {"slot" : slot_value } if slot_value else {}
207185 purl = PackageURL (type = "ebuild" , name = pkg_name , namespace = pkg_ns , qualifiers = qualifiers )
208- yield purl , (data ["affected_ranges" ], data ["fixed_ranges" ])
186+
187+ constraints = [(comparator , info .text )]
188+ if range_value in ["rgt" , "rge" , "rle" ]:
189+ try :
190+ next_minor_version = str (GentooVersion (info .text ).bump ())
191+ invert_comp = "<" if range_value in ["rgt" , "rge" ] else ">"
192+ constraints .append ((invert_comp , next_minor_version ))
193+ except Exception as e :
194+ logger (f"Invalid Gentoo version for bumping: { info .text } { e } )
195+ yield purl , constraints , (info .tag == "unaffected" )
0 commit comments