From 9044227c96a26b8cc96de0d515c28e0a2395b088 Mon Sep 17 00:00:00 2001 From: Sebastian Schuberth Date: Fri, 8 Mar 2024 15:28:07 +0100 Subject: [PATCH] fix(advisors): Use potentially customized PURLs in advisor queries Do not regenerate the PURL from the package ID, but use the PURL that is already stored as part of the package as that might be a custom PURL, e.g. coming from a curation. For VulnerableCode, this fixes a regression introduced the the refactoring in 70916bf. Fixes #8385. Signed-off-by: Sebastian Schuberth --- plugins/advisors/nexus-iq/src/main/kotlin/NexusIq.kt | 3 +-- plugins/advisors/oss-index/src/main/kotlin/OssIndex.kt | 3 +-- .../advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt | 3 +-- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/plugins/advisors/nexus-iq/src/main/kotlin/NexusIq.kt b/plugins/advisors/nexus-iq/src/main/kotlin/NexusIq.kt index c1dd41b15526f..05ecff5cc3639 100644 --- a/plugins/advisors/nexus-iq/src/main/kotlin/NexusIq.kt +++ b/plugins/advisors/nexus-iq/src/main/kotlin/NexusIq.kt @@ -42,7 +42,6 @@ import org.ossreviewtoolkit.model.Package import org.ossreviewtoolkit.model.config.PluginConfiguration import org.ossreviewtoolkit.model.utils.PurlType import org.ossreviewtoolkit.model.utils.getPurlType -import org.ossreviewtoolkit.model.utils.toPurl import org.ossreviewtoolkit.model.vulnerabilities.Vulnerability import org.ossreviewtoolkit.model.vulnerabilities.VulnerabilityReference import org.ossreviewtoolkit.utils.common.Options @@ -149,7 +148,7 @@ class NexusIq(name: String, private val config: NexusIqConfiguration) : AdvicePr val endTime = Instant.now() return packages.mapNotNullTo(mutableListOf()) { pkg -> - componentDetails[pkg.id.toPurl()]?.let { pkgDetails -> + componentDetails[pkg.purl]?.let { pkgDetails -> pkg to AdvisorResult( details, AdvisorSummary(startTime, endTime, issues), diff --git a/plugins/advisors/oss-index/src/main/kotlin/OssIndex.kt b/plugins/advisors/oss-index/src/main/kotlin/OssIndex.kt index d0d04ded9552c..32ae886381fa8 100644 --- a/plugins/advisors/oss-index/src/main/kotlin/OssIndex.kt +++ b/plugins/advisors/oss-index/src/main/kotlin/OssIndex.kt @@ -36,7 +36,6 @@ import org.ossreviewtoolkit.model.AdvisorSummary import org.ossreviewtoolkit.model.Issue import org.ossreviewtoolkit.model.Package import org.ossreviewtoolkit.model.config.PluginConfiguration -import org.ossreviewtoolkit.model.utils.toPurl import org.ossreviewtoolkit.model.vulnerabilities.Vulnerability import org.ossreviewtoolkit.model.vulnerabilities.VulnerabilityReference import org.ossreviewtoolkit.utils.common.Options @@ -126,7 +125,7 @@ class OssIndex(name: String, config: OssIndexConfiguration) : AdviceProvider(nam val endTime = Instant.now() return packages.mapNotNullTo(mutableListOf()) { pkg -> - componentReports[pkg.id.toPurl()]?.let { report -> + componentReports[pkg.purl]?.let { report -> pkg to AdvisorResult( details, AdvisorSummary(startTime, endTime, issues), diff --git a/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt b/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt index 223c691b93897..008b1319bd953 100644 --- a/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt +++ b/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt @@ -38,7 +38,6 @@ import org.ossreviewtoolkit.model.Package import org.ossreviewtoolkit.model.Severity import org.ossreviewtoolkit.model.config.PluginConfiguration import org.ossreviewtoolkit.model.createAndLogIssue -import org.ossreviewtoolkit.model.utils.toPurl import org.ossreviewtoolkit.model.vulnerabilities.Vulnerability import org.ossreviewtoolkit.model.vulnerabilities.VulnerabilityReference import org.ossreviewtoolkit.utils.common.Options @@ -130,7 +129,7 @@ class VulnerableCode(name: String, config: VulnerableCodeConfiguration) : Advice val endTime = Instant.now() return packages.mapNotNullTo(mutableListOf()) { pkg -> - allVulnerabilities[pkg.id.toPurl()]?.let { packageVulnerabilities -> + allVulnerabilities[pkg.purl]?.let { packageVulnerabilities -> val vulnerabilities = packageVulnerabilities.map { it.toModel(issues) } val summary = AdvisorSummary(startTime, endTime, issues) pkg to AdvisorResult(details, summary, vulnerabilities = vulnerabilities)