Update ArchLinux importer to create v2 affected pkg

keshav-space · keshav-space · commit cd557c896375 · 2025-07-31T14:39:11.000+05:30
Signed-off-by: Keshav Priyadarshi &lt;git@keshav.space&gt;
diff --git a/vulnerabilities/pipelines/v2_importers/archlinux_importer.py b/vulnerabilities/pipelines/v2_importers/archlinux_importer.py
@@ -12,10 +12,9 @@
 
 from packageurl import PackageURL
 from univers.version_range import ArchLinuxVersionRange
-from univers.versions import ArchLinuxVersion
 
 from vulnerabilities.importer import AdvisoryData
-from vulnerabilities.importer import AffectedPackage
+from vulnerabilities.importer import AffectedPackageV2
 from vulnerabilities.importer import ReferenceV2
 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2
 from vulnerabilities.utils import fetch_response
@@ -64,15 +63,15 @@ def parse_advisory(self, record) -> AdvisoryData:
             affected_version_range = (
                 ArchLinuxVersionRange.from_versions([affected]) if affected else None
             )
-            fixed_version = ArchLinuxVersion(fixed) if fixed else None
-            affected_package = AffectedPackage(
+            fixed_version_range = ArchLinuxVersionRange.from_versions([fixed]) if fixed else None
+            affected_package = AffectedPackageV2(
                 package=PackageURL(
                     name=name,
                     type="alpm",
                     namespace="archlinux",
                 ),
                 affected_version_range=affected_version_range,
-                fixed_version=fixed_version,
+                fixed_version_range=fixed_version_range,
             )
             affected_packages.append(affected_package)
 
@@ -91,7 +90,7 @@ def parse_advisory(self, record) -> AdvisoryData:
             )
 
         return AdvisoryData(
-            advisory_id=f"alpm/{avg_name}",
+            advisory_id=avg_name,
             aliases=aliases,
             summary=summary,
             references_v2=references,
diff --git a/vulnerabilities/tests/pipes/test_archlinux_importer_v2.py b/vulnerabilities/tests/pipes/test_archlinux_importer_v2.py
diff --git a/vulnerabilities/tests/test_data/archlinux/archlinux_advisoryv2-expected.json b/vulnerabilities/tests/test_data/archlinux/archlinux_advisoryv2-expected.json
@@ -15,7 +15,7 @@
           "subpath": ""
         },
         "affected_version_range": "vers:alpm/2.3.0-1",
-        "fixed_version": "2.4.0-1"
+        "fixed_version_range": "vers:alpm/2.4.0-1"
       }
     ],
     "references": [],
@@ -41,7 +41,7 @@
           "subpath": ""
         },
         "affected_version_range": "vers:alpm/2.36.3-1",
-        "fixed_version": "2.36.4-1"
+        "fixed_version_range": "vers:alpm/2.36.4-1"
       }
     ],
     "references": [],
@@ -66,7 +66,7 @@
           "subpath": ""
         },
         "affected_version_range": "vers:alpm/1.0.6-5",
-        "fixed_version": "1.0.6-6"
+        "fixed_version_range": "vers:alpm/1.0.6-6"
       }
     ],
     "references": [],
