Update ArchLinux importer to create v2 affected pkg

Signed-off-by: Keshav Priyadarshi <git@keshav.space>

Author: keshav-space

vulnerabilities/importers/__init__.py

@@ -63,6 +63,7 @@
 
 IMPORTERS_REGISTRY = create_registry(
     [
+        archlinux_importer_v2.ArchLinuxImporterPipeline,
         nvd_importer_v2.NVDImporterPipeline,
         elixir_security_importer_v2.ElixirSecurityImporterPipeline,
         npm_importer_v2.NpmImporterPipeline,
@@ -112,6 +113,5 @@
         ubuntu_usn.UbuntuUSNImporter,
         fireeye.FireyeImporter,
         oss_fuzz.OSSFuzzImporter,
-        archlinux_importer_v2.ArchLinuxImporterPipeline,
     ]
 )

vulnerabilities/pipelines/v2_importers/archlinux_importer.py

@@ -12,10 +12,9 @@
 
 from packageurl import PackageURL
 from univers.version_range import ArchLinuxVersionRange
-from univers.versions import ArchLinuxVersion
 
 from vulnerabilities.importer import AdvisoryData
-from vulnerabilities.importer import AffectedPackage
+from vulnerabilities.importer import AffectedPackageV2
 from vulnerabilities.importer import ReferenceV2
 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2
 from vulnerabilities.utils import fetch_response
@@ -64,15 +63,15 @@ def parse_advisory(self, record) -> AdvisoryData:
             affected_version_range = (
                 ArchLinuxVersionRange.from_versions([affected]) if affected else None
             )
-            fixed_version = ArchLinuxVersion(fixed) if fixed else None
-            affected_package = AffectedPackage(
+            fixed_version_range = ArchLinuxVersionRange.from_versions([fixed]) if fixed else None
+            affected_package = AffectedPackageV2(
                 package=PackageURL(
                     name=name,
                     type="alpm",
                     namespace="archlinux",
                 ),
                 affected_version_range=affected_version_range,
-                fixed_version=fixed_version,
+                fixed_version_range=fixed_version_range,
             )
             affected_packages.append(affected_package)
 
@@ -91,7 +90,7 @@ def parse_advisory(self, record) -> AdvisoryData:
             )
 
         return AdvisoryData(
-            advisory_id=f"alpm/{avg_name}",
+            advisory_id=avg_name,
             aliases=aliases,
             summary=summary,
             references_v2=references,

vulnerabilities/tests/pipelines/v2_importers/test_archlinux_importer.py renamed to vulnerabilities/tests/pipelines/v2_importers/test_archlinux_importer_v2.py

@@ -19,7 +19,7 @@
 
 
 class TestArchLinuxImporterPipeline(TestCase):
-    def test_to_advisories_with_summary(self):
+    def test_to_archlinux_advisories_v2(self):
         archlinux_advisory_path = TEST_DATA / "archlinux-multi.json"
 
         data = json.loads(archlinux_advisory_path.read_text(encoding="utf-8"))

vulnerabilities/tests/test_data/archlinux/archlinux_advisoryv2-expected.json

@@ -15,7 +15,7 @@
           "subpath": ""
         },
         "affected_version_range": "vers:alpm/2.3.0-1",
-        "fixed_version": "2.4.0-1"
+        "fixed_version_range": "vers:alpm/2.4.0-1"
       }
     ],
     "references": [],
@@ -41,7 +41,7 @@
           "subpath": ""
         },
         "affected_version_range": "vers:alpm/2.36.3-1",
-        "fixed_version": "2.36.4-1"
+        "fixed_version_range": "vers:alpm/2.36.4-1"
       }
     ],
     "references": [],
@@ -66,7 +66,7 @@
           "subpath": ""
         },
         "affected_version_range": "vers:alpm/1.0.6-5",
-        "fixed_version": "1.0.6-6"
+        "fixed_version_range": "vers:alpm/1.0.6-6"
       }
     ],
     "references": [],