Avoid duplicate affected_packages

ziadhany · ziadhany · commit 4c5830dac0bc · 2026-01-13T15:18:43.000+02:00
Signed-off-by: ziad hany &lt;ziadhany2016@gmail.com&gt;
diff --git a/vulnerabilities/pipelines/v2_importers/gentoo_importer.py b/vulnerabilities/pipelines/v2_importers/gentoo_importer.py
@@ -64,7 +64,6 @@ def process_file(self, file):
         xml_root = ET.parse(file).getroot()
         id = xml_root.attrib.get("id")
         glsa = "GLSA-" + id
-
         vuln_references = [
             ReferenceV2(
                 reference_id=glsa,
@@ -82,7 +81,21 @@ def process_file(self, file):
                 summary = child.text
 
             if child.tag == "affected":
-                affected_packages = list(affected_and_safe_purls(child))
+                affected_packages = []
+                seen_packages = set()
+
+                for purl, constraint in get_affected_and_safe_purls(child):
+                    signature = (purl.to_string(), str(constraint))
+
+                    if signature not in seen_packages:
+                        seen_packages.add(signature)
+
+                        affected_package = AffectedPackageV2(
+                            package=purl,
+                            affected_version_range=EbuildVersionRange(constraints=[constraint]),
+                            fixed_version_range=None,
+                        )
+                        affected_packages.append(affected_package)
 
             if child.tag == "impact":
                 severity_value = child.attrib.get("type")
@@ -121,10 +134,7 @@ def cves_from_reference(reference):
         return cves
 
 
-def _yield_packages(pkg_name, pkg_ns, constraints, invert):
-    """
-    Generate AffectedPackageV2 objects for a list of constraints.
-    """
+def extract_purls_and_constraints(pkg_name, pkg_ns, constraints, invert):
     for comparator, version, slot_value in constraints:
         qualifiers = {"slot": slot_value} if slot_value else {}
         purl = PackageURL(type="ebuild", name=pkg_name, namespace=pkg_ns, qualifiers=qualifiers)
@@ -135,16 +145,12 @@ def _yield_packages(pkg_name, pkg_ns, constraints, invert):
             if invert:
                 constraint = constraint.invert()
 
-            yield AffectedPackageV2(
-                package=purl,
-                affected_version_range=EbuildVersionRange(constraints=[constraint]),
-                fixed_version_range=None,
-            )
+            yield purl, constraint
         except InvalidVersion as e:
             logger.error(f"InvalidVersion constraints version: {version} error:{e}")
 
 
-def affected_and_safe_purls(affected_elem):
+def get_affected_and_safe_purls(affected_elem):
     for pkg in affected_elem:
         name = pkg.attrib.get("name")
         if not name:
@@ -153,8 +159,10 @@ def affected_and_safe_purls(affected_elem):
 
         safe_constraints, affected_constraints = get_safe_and_affected_constraints(pkg)
 
-        yield from _yield_packages(pkg_name, pkg_ns, affected_constraints, invert=False)
-        yield from _yield_packages(pkg_name, pkg_ns, safe_constraints, invert=True)
+        yield from extract_purls_and_constraints(
+            pkg_name, pkg_ns, affected_constraints, invert=False
+        )
+        yield from extract_purls_and_constraints(pkg_name, pkg_ns, safe_constraints, invert=True)
 
 
 def get_safe_and_affected_constraints(pkg):
diff --git a/vulnerabilities/tests/test_data/gentoo_v2/glsa-201709-09-expected.json b/vulnerabilities/tests/test_data/gentoo_v2/glsa-201709-09-expected.json
@@ -20,20 +20,6 @@
         "introduced_by_commit_patches": [],
         "fixed_by_commit_patches": []
       },
-      {
-        "package": {
-          "type": "ebuild",
-          "namespace": "dev-vcs",
-          "name": "subversion",
-          "version": "",
-          "qualifiers": "",
-          "subpath": ""
-        },
-        "affected_version_range": "vers:ebuild/<1.9.7",
-        "fixed_version_range": null,
-        "introduced_by_commit_patches": [],
-        "fixed_by_commit_patches": []
-      },
       {
         "package": {
           "type": "ebuild",
diff --git a/vulnerabilities/tests/test_data/gentoo_v2/glsa-202511-02-expected.json b/vulnerabilities/tests/test_data/gentoo_v2/glsa-202511-02-expected.json
@@ -44,34 +44,6 @@
         "introduced_by_commit_patches": [],
         "fixed_by_commit_patches": []
       },
-      {
-        "package": {
-          "type": "ebuild",
-          "namespace": "net-libs",
-          "name": "webkit-gtk",
-          "version": "",
-          "qualifiers": "slot=4.1",
-          "subpath": ""
-        },
-        "affected_version_range": "vers:ebuild/<2.48.5",
-        "fixed_version_range": null,
-        "introduced_by_commit_patches": [],
-        "fixed_by_commit_patches": []
-      },
-      {
-        "package": {
-          "type": "ebuild",
-          "namespace": "net-libs",
-          "name": "webkit-gtk",
-          "version": "",
-          "qualifiers": "slot=6",
-          "subpath": ""
-        },
-        "affected_version_range": "vers:ebuild/<2.48.5",
-        "fixed_version_range": null,
-        "introduced_by_commit_patches": [],
-        "fixed_by_commit_patches": []
-      },
       {
         "package": {
           "type": "ebuild",
diff --git a/vulnerabilities/tests/test_data/gentoo_v2/glsa-202512-01-expected.json b/vulnerabilities/tests/test_data/gentoo_v2/glsa-202512-01-expected.json
@@ -4,20 +4,6 @@
     "aliases": [],
     "summary": "A vulnerability has been discovered in GnuPG, which can lead to arbitrary code execution.",
     "affected_packages": [
-      {
-        "package": {
-          "type": "ebuild",
-          "namespace": "app-crypt",
-          "name": "gnupg",
-          "version": "",
-          "qualifiers": "",
-          "subpath": ""
-        },
-        "affected_version_range": "vers:ebuild/<2.5.14",
-        "fixed_version_range": null,
-        "introduced_by_commit_patches": [],
-        "fixed_by_commit_patches": []
-      },
       {
         "package": {
           "type": "ebuild",
