Skip to content

models: add repo in PackageVersion

Teppei Fukuda requested to merge knqyf263/secfixes-tracker:add_repo into master

The current JSON schema doesn't include repo info under state, then we cannot know which repo is affected.

Before:

  "state": [
    {
      "@context": "https://localhost:5000/static/context.jsonld",
      "fixed": false,
      "id": "https://localhost:5000/vuln/CVE-2021-31879#state/5318",
      "packageVersion": "https://localhost:5000/srcpkg/wget/1.20.3-r1",
      "type": "VulnerabilityState",
      "vuln": "https://localhost:5000/vuln/CVE-2021-31879"
    },
    {
      "@context": "https://localhost:5000/static/context.jsonld",
      "fixed": false,
      "id": "https://localhost:5000/vuln/CVE-2021-31879#state/5350",
      "packageVersion": "https://localhost:5000/srcpkg/wget/1.21.1-r1",
      "type": "VulnerabilityState",
      "vuln": "https://localhost:5000/vuln/CVE-2021-31879"
    }
  ],

After:

  "state": [
    {
      "@context": "https://localhost:5000/static/context.jsonld",
      "fixed": false,
      "id": "https://localhost:5000/vuln/CVE-2021-31879#state/5318",
      "packageVersion": "https://localhost:5000/srcpkg/wget/1.20.3-r1",
      "repo": "3.12-main",
      "type": "VulnerabilityState",
      "vuln": "https://localhost:5000/vuln/CVE-2021-31879"
    },
    {
      "@context": "https://localhost:5000/static/context.jsonld",
      "fixed": false,
      "id": "https://localhost:5000/vuln/CVE-2021-31879#state/5350",
      "packageVersion": "https://localhost:5000/srcpkg/wget/1.21.1-r1",
      "repo": "3.13-main",
      "type": "VulnerabilityState",
      "vuln": "https://localhost:5000/vuln/CVE-2021-31879"
    }
  ],

Merge request reports