From 80579a5bc6014fd8ceaad338062eb4c6797edfc8 Mon Sep 17 00:00:00 2001 From: Hritik Vijay Date: Wed, 2 Mar 2022 01:20:25 +0530 Subject: [PATCH] Make sure fixed purl is optional in Inference Signed-off-by: Hritik Vijay --- vulnerabilities/improve_runner.py | 17 +++++++++-------- vulnerabilities/improver.py | 4 ++-- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/vulnerabilities/improve_runner.py b/vulnerabilities/improve_runner.py index de1a87a2f..549f74d92 100644 --- a/vulnerabilities/improve_runner.py +++ b/vulnerabilities/improve_runner.py @@ -86,14 +86,15 @@ def process_inferences(inferences: List[Inference], advisory: Advisory, improver fix=False, ).update_or_create() - fixed_package, _ = _get_or_create_package(inference.fixed_purl) - models.PackageRelatedVulnerability( - vulnerability=vuln, - package=fixed_package, - created_by=improver_name, - confidence=inference.confidence, - fix=True, - ).update_or_create() + if inference.fixed_purl: + fixed_package, _ = _get_or_create_package(inference.fixed_purl) + models.PackageRelatedVulnerability( + vulnerability=vuln, + package=fixed_package, + created_by=improver_name, + confidence=inference.confidence, + fix=True, + ).update_or_create() advisory.date_improved = datetime.now(timezone.utc) advisory.save() diff --git a/vulnerabilities/improver.py b/vulnerabilities/improver.py index 50e6e8614..defd4af51 100644 --- a/vulnerabilities/improver.py +++ b/vulnerabilities/improver.py @@ -31,7 +31,7 @@ class Inference: confidence: int = MAX_CONFIDENCE summary: Optional[str] = None affected_purls: List[PackageURL] = dataclasses.field(default_factory=list) - fixed_purl: PackageURL = dataclasses.field(default_factory=list) + fixed_purl: PackageURL = None references: List[Reference] = dataclasses.field(default_factory=list) def __post_init__(self): @@ -49,7 +49,7 @@ def __post_init__(self): versionless_purls = [] for purl in self.affected_purls + [self.fixed_purl]: - if not purl.version: + if purl and not purl.version: versionless_purls.append(purl) assert (