From f9672de7920cc4fdef49137a4e21a7247b5fc2f4 Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 1 Jul 2025 17:40:28 +0530 Subject: [PATCH 1/3] Allow all package types in Github V2 importer Signed-off-by: Tushar Goel --- .../pipelines/v2_importers/github_importer.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/vulnerabilities/pipelines/v2_importers/github_importer.py b/vulnerabilities/pipelines/v2_importers/github_importer.py index 9ac360016..46fb95ea3 100644 --- a/vulnerabilities/pipelines/v2_importers/github_importer.py +++ b/vulnerabilities/pipelines/v2_importers/github_importer.py @@ -114,13 +114,13 @@ def steps(cls): return (cls.collect_and_store_advisories,) package_type_by_github_ecosystem = { - # "MAVEN": "maven", - # "NUGET": "nuget", - # "COMPOSER": "composer", - # "PIP": "pypi", - # "RUBYGEMS": "gem", + "MAVEN": "maven", + "NUGET": "nuget", + "COMPOSER": "composer", + "PIP": "pypi", + "RUBYGEMS": "gem", "NPM": "npm", - # "RUST": "cargo", + "RUST": "cargo", # "GO": "golang", } From d1046a6ce1e04c77fa147c78d2ae965e851803e5 Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 1 Jul 2025 17:49:29 +0530 Subject: [PATCH 2/3] Allow all package types in Github V2 importer Signed-off-by: Tushar Goel --- vulnerabilities/tests/pipelines/test_github_importer_v2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/tests/pipelines/test_github_importer_v2.py b/vulnerabilities/tests/pipelines/test_github_importer_v2.py index ec3ab5a04..7b24851c1 100644 --- a/vulnerabilities/tests/pipelines/test_github_importer_v2.py +++ b/vulnerabilities/tests/pipelines/test_github_importer_v2.py @@ -35,7 +35,7 @@ def test_advisories_count(mock_fetch): count = pipeline.advisories_count() # Assert that the count is correct - assert count == 10 + assert count == 70 def test_collect_advisories(mock_fetch): From 0aaff612ef7842e428c1b8cc2699778f99afbc37 Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 1 Jul 2025 20:32:30 +0530 Subject: [PATCH 3/3] Allow all package types in Github V2 importer Signed-off-by: Tushar Goel --- .../tests/pipelines/test_github_importer_v2.py | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/vulnerabilities/tests/pipelines/test_github_importer_v2.py b/vulnerabilities/tests/pipelines/test_github_importer_v2.py index 7b24851c1..4459f58cd 100644 --- a/vulnerabilities/tests/pipelines/test_github_importer_v2.py +++ b/vulnerabilities/tests/pipelines/test_github_importer_v2.py @@ -77,7 +77,7 @@ def test_collect_advisories(mock_fetch): advisories = list(pipeline.collect_advisories()) # Check if advisories were correctly parsed - assert len(advisories) == 1 + assert len(advisories) == 7 advisory = advisories[0] # Validate advisory fields @@ -87,12 +87,6 @@ def test_collect_advisories(mock_fetch): assert len(advisory.references_v2) == 1 assert advisory.references_v2[0].reference_id == "GHSA-1234-ABCD" assert advisory.severities[0].value == "HIGH" - - # Validate affected package and version range - affected_package = advisory.affected_packages[0] - assert isinstance(affected_package.package, PackageURL) - assert affected_package.package.name == "example-package" - # Check CWE extraction assert advisory.weaknesses == [123] @@ -144,7 +138,7 @@ def test_process_response(mock_fetch): result = list(GitHubAPIImporterPipeline().collect_advisories()) # Check the results - assert len(result) == 1 + assert len(result) == 7 advisory = result[0] # Validate the advisory data