Update the Ruby importer so the advisory ID is unique

ziadhany · ziadhany · commit ca39c4487ee5 · 2025-12-30T17:31:30.000+02:00
Signed-off-by: ziad hany &lt;ziadhany2016@gmail.com&gt;
diff --git a/vulnerabilities/pipelines/v2_importers/ruby_importer.py b/vulnerabilities/pipelines/v2_importers/ruby_importer.py
@@ -87,7 +87,7 @@ def collect_advisories(self) -> Iterable[AdvisoryData]:
                 continue
 
             raw_data = load_yaml(file_path)
-            advisory_id = file_path.stem
+            advisory_id = str(file_path.relative_to(base_path).with_suffix(""))
             advisory_url = get_advisory_url(
                 file=file_path,
                 base_path=base_path,
@@ -123,7 +123,7 @@ def parse_ruby_advisory(advisory_id, record, schema_type, advisory_url):
             aliases=get_aliases(record),
             summary=get_summary(record),
             affected_packages=get_affected_packages(record, purl),
-            references=get_references(record),
+            references_v2=get_references(record),
             severities=get_severities(record),
             date_published=get_publish_time(record),
             url=advisory_url,
@@ -158,35 +158,34 @@ def get_affected_packages(record, purl):
     for unaffected_version in record.get("unaffected_versions", []):
         try:
             affected_version_range = GemVersionRange.from_native(unaffected_version).invert()
-            if not validate_comparators(affected_version_range.constraints):
-                logger.error(
-                    f"Invalid VersionRange Constraints for unaffected_version: {unaffected_version}"
-                )
-                continue
+            validate_comparators(affected_version_range.constraints)
             affected_packages.append(
                 AffectedPackageV2(
                     package=purl,
                     affected_version_range=affected_version_range,
                     fixed_version_range=None,
                 )
             )
-        except Exception as e:
-            logger.error(f"Invalid VersionRange Constraints for unaffected_version: {e}")
+        except ValueError as e:
+            logger.error(
+                f"Invalid VersionRange Constraints for unaffected_version: {unaffected_version} - error: {e}"
+            )
 
     for patched_version in record.get("patched_versions", []):
         try:
             fixed_version_range = GemVersionRange.from_native(patched_version)
-            if not validate_comparators(fixed_version_range.constraints):
-                continue
+            validate_comparators(fixed_version_range.constraints)
             affected_packages.append(
                 AffectedPackageV2(
                     package=purl,
                     affected_version_range=None,
                     fixed_version_range=fixed_version_range,
                 )
             )
-        except Exception as e:
-            logger.error(f"Invalid VersionRange Constraints for patched_versions: {e}")
+        except ValueError as e:
+            logger.error(
+                f"Invalid VersionRange Constraints for patched_version: {patched_version} - error: {e}"
+            )
 
     return affected_packages
 
diff --git a/vulnerabilities/tests/test_data/ruby-v2/gems/CVE-2020-5257-expected.json b/vulnerabilities/tests/test_data/ruby-v2/gems/CVE-2020-5257-expected.json
@@ -1,6 +1,6 @@
 [
   {
-    "advisory_id": "CVE-2020-5257",
+    "advisory_id": "gems/CVE-2020-5257",
     "aliases": [
       "CVE-2020-5257",
       "GHSA-2p5p-m353-833w"
@@ -22,7 +22,13 @@
         "fixed_by_commit_patches": []
       }
     ],
-    "references_v2": [],
+    "references_v2": [
+      {
+        "reference_id": "",
+        "reference_type": "",
+        "url": "https://github.com/advisories/GHSA-2p5p-m353-833w"
+      }
+    ],
     "patches": [],
     "severities": [
       {
diff --git a/vulnerabilities/tests/test_data/ruby-v2/gems/CVE-2024-6531-expected.json b/vulnerabilities/tests/test_data/ruby-v2/gems/CVE-2024-6531-expected.json
@@ -1,6 +1,6 @@
 [
   {
-    "advisory_id": "CVE-2024-6531",
+    "advisory_id": "gems/CVE-2024-6531",
     "aliases": [
       "CVE-2024-6531",
       "GHSA-vc8w-jr9v-vj7f"
@@ -36,7 +36,13 @@
         "fixed_by_commit_patches": []
       }
     ],
-    "references_v2": [],
+    "references_v2": [
+      {
+        "reference_id": "",
+        "reference_type": "",
+        "url": "https://github.com/advisories/GHSA-vc8w-jr9v-vj7f"
+      }
+    ],
     "patches": [],
     "severities": [
       {
diff --git a/vulnerabilities/tests/test_data/ruby-v2/rubies/CVE-2011-2686-expected.json b/vulnerabilities/tests/test_data/ruby-v2/rubies/CVE-2011-2686-expected.json
@@ -1,6 +1,6 @@
 [
   {
-    "advisory_id": "CVE-2011-2686",
+    "advisory_id": "rubies/CVE-2011-2686",
     "aliases": [
       "CVE-2011-2686"
     ],
diff --git a/vulnerabilities/tests/test_data/ruby-v2/rubies/CVE-2022-25857-expected.json b/vulnerabilities/tests/test_data/ruby-v2/rubies/CVE-2022-25857-expected.json
@@ -1,6 +1,6 @@
 [
   {
-    "advisory_id": "CVE-2022-25857",
+    "advisory_id": "rubies/CVE-2022-25857",
     "aliases": [
       "CVE-2022-25857"
     ],

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`[`
`2`	`2`	`{`
`3`		`- "advisory_id": "CVE-2020-5257",`
	`3`	`+ "advisory_id": "gems/CVE-2020-5257",`
`4`	`4`	`"aliases": [`
`5`	`5`	`"CVE-2020-5257",`
`6`	`6`	`"GHSA-2p5p-m353-833w"`
`@@ -22,7 +22,13 @@`
`22`	`22`	`"fixed_by_commit_patches": []`
`23`	`23`	`}`
`24`	`24`	`],`
`25`		`- "references_v2": [],`
	`25`	`+ "references_v2": [`
	`26`	`+ {`
	`27`	`+ "reference_id": "",`
	`28`	`+ "reference_type": "",`
	`29`	`+ "url": "https://github.com/advisories/GHSA-2p5p-m353-833w"`
	`30`	`+ }`
	`31`	`+ ],`
`26`	`32`	`"patches": [],`
`27`	`33`	`"severities": [`
`28`	`34`	`{`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`[`
`2`	`2`	`{`
`3`		`- "advisory_id": "CVE-2024-6531",`
	`3`	`+ "advisory_id": "gems/CVE-2024-6531",`
`4`	`4`	`"aliases": [`
`5`	`5`	`"CVE-2024-6531",`
`6`	`6`	`"GHSA-vc8w-jr9v-vj7f"`
`@@ -36,7 +36,13 @@`
`36`	`36`	`"fixed_by_commit_patches": []`
`37`	`37`	`}`
`38`	`38`	`],`
`39`		`- "references_v2": [],`
	`39`	`+ "references_v2": [`
	`40`	`+ {`
	`41`	`+ "reference_id": "",`
	`42`	`+ "reference_type": "",`
	`43`	`+ "url": "https://github.com/advisories/GHSA-vc8w-jr9v-vj7f"`
	`44`	`+ }`
	`45`	`+ ],`
`40`	`46`	`"patches": [],`
`41`	`47`	`"severities": [`
`42`	`48`	`{`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`[`
`2`	`2`	`{`
`3`		`- "advisory_id": "CVE-2011-2686",`
	`3`	`+ "advisory_id": "rubies/CVE-2011-2686",`
`4`	`4`	`"aliases": [`
`5`	`5`	`"CVE-2011-2686"`
`6`	`6`	`],`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`[`
`2`	`2`	`{`
`3`		`- "advisory_id": "CVE-2022-25857",`
	`3`	`+ "advisory_id": "rubies/CVE-2022-25857",`
`4`	`4`	`"aliases": [`
`5`	`5`	`"CVE-2022-25857"`
`6`	`6`	`],`