Add Almalinux advisories

[ambuj-1211]

Fix #1201
@ziadhany @TG1999 @keshav-space This is the basic nit to adds Alma Linux advisories into vulnerablecode database, please review it to make further changes.

[ambuj-1211]

@ziadhany as this importer uses osv.py importer so shall I add AlmaLinux:8 and AlmaLinux:9 in supported ecosystems in osv.py

[ziadhany]

@ambuj-1211 yes, you should add it to this PURL_TYPE_BY_OSV_ECOSYSTEM dict.

[ziadhany]

@ambuj-1211
I looked into your code. Instead of using uppercase, you should use lowercase. then you are going to pass the test.

PURL_TYPE_BY_OSV_ECOSYSTEM = {
     ....
    "almalinux:8": "almalinux:8",
    "almalinux:9": "almalinux:9",
}

but you will face another issue. you need to add support for almalinux in univers.

https://github.com/nexB/univers/blob/205d7c48835dfeb6b694c9196728d2b4fa0a011a/src/univers/version_range.py#L1254:L1258

[TG1999]

@ziadhany can this be merged ?

[ziadhany]

@ziadhany can this be merged ?

I still need to review this code

[ziadhany]

@ambuj-1211

Why not use the existing OSV script directly or modify it to support Almalinux, instead of rewriting the entire code?

[ziadhany]

@ambuj-1211 Update the OSV get_affected_purl function to add support for AlmaLinux, just like we did for Maven.

vulnerablecode/vulnerabilities/importers/osv.py

Line 190 in 2888d29

def get_affected_purl(affected_pkg, raw_id):

[ambuj-1211]

@ziadhany please have a look at it I have made the necessary changes
Please have a look on get_advisory URL part am I doing it correctly?

[ziadhany]

Thanks! @ambuj-1211, the code looks good overall, just a few small nits. Please run the importer and share the logs.

[ambuj-1211]

almalinux_logs.txt
@ziadhany These are the importer logs.

[ambuj-1211]

@TG1999 @ziadhany please have a look at it and please tell me if there are any modifications I need to do or else it is ready to merge.

[ziadhany]

@ambuj-1211 LGTM , We can merge once you resolve the merge conflict.

[ambuj-1211]

@ziadhany I have resolved the merge conflicts

[ambuj-1211]

@TG1999 @keshav-space @ziadhany please chack if it could be merged now?

[ambuj-1211]

@ziadhany @TG1999 gentle reminder please review it, it could be merged now

[ziadhany]

@ziadhany @TG1999 gentle reminder please review it, it could be merged now

I've been quite busy these past few weeks, but I’ll do my best to review it within this week.

[ambuj-1211]

@ziadhany @TG1999 @keshav-space please have a look at it

[ziadhany]

@ambuj-1211 The code looks perfect, but when I ran the importer I got an error related to AlmaLinux:10, so we should add it to the OSV list mapping.

Unsupported package type: {'package': {'ecosystem': 'AlmaLinux:10', 'name': 'firefox'}, 'ranges': [{'type': 'ECOSYSTEM', 'events': [{'introduced': '0'}, {'fixed': '128.13.0-1.el10_0'}]}]} in OSV: 'ALSA-2025:11797'
Unsupported package type: {'package': {'ecosystem': 'AlmaLinux:10', 'name': 'tomcat9'}, 'ranges': [{'type': 'ECOSYSTEM', 'events': [{'introduced': '0'}, {'fixed': '1:9.0.87-5.el10_0'}]}]} in OSV: 'ALSA-2025:7494'

[ambuj-1211]

@ziadhany done the changes

[ziadhany]

@ambuj-1211 it would also be awesome if you have time to migrate this advisory to work with the importer v2
ex: https://github.com/aboutcode-org/vulnerablecode/blob/main/vulnerabilities/pipelines/v2_importers/oss_fuzz.py