removed single exact version mapping from range

DependencyTrack · Mar 5, 2024 · e2a0ccc · e2a0ccc
1 parent 56bfc7d
commit e2a0ccc
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 47 deletions.
diff --git a/.../java/org/dependencytrack/event/kafka/streams/processor/MirrorVulnerabilityProcessor.java b/.../java/org/dependencytrack/event/kafka/streams/processor/MirrorVulnerabilityProcessor.java
@@ -204,16 +204,11 @@ else if (vers.constraints().size() == 1) {
                     LOGGER.warn("Wildcard range %s was reported for %s".formatted(vers, vulnId));
                     vsList.add(mapAffectedVersionToVulnerableSoftware(qm, vulnId, "*", purlStr, cpeStr));
                     continue;
-                } else if (versConstraint.comparator() == Comparator.EQUAL
-                        && !versConstraint.version().toString().equals("0")) {
-                    // Mapping single exact versions (greater than 0) to vulnerable software.
-                    vsList.add(mapAffectedVersionToVulnerableSoftware(qm, vulnId, String.valueOf(versConstraint.version()), purlStr, cpeStr));
-                    continue;
                 }
             }
             var vulnerableSoftware = convertVersToVulnerableSoftware(qm, vers, vulnId, purlStr, cpeStr);
             if (vulnerableSoftware != null) {
-                vsList.add(convertVersToVulnerableSoftware(qm, vers, vulnId, purlStr, cpeStr));
+                vsList.add(vulnerableSoftware);
             }
         }
         return vsList;

diff --git a/...a/org/dependencytrack/event/kafka/streams/processor/MirrorVulnerabilityProcessorTest.java b/...a/org/dependencytrack/event/kafka/streams/processor/MirrorVulnerabilityProcessorTest.java
@@ -821,33 +821,6 @@ public void testProcessVulnWithVersConstraints() throws Exception {
                     assertThat(vs.getPurlSubpath()).isNull();
                     assertThat(vs.getPurl()).isNull();
                 },
-                vs -> {
-                    assertThat(vs.getCpe22()).isEqualTo("cpe:/a:thinkcmf:thinkcmf");
-                    assertThat(vs.getCpe23()).isEqualTo("cpe:2.3:a:thinkcmf:thinkcmf:*:*:*:*:*:*:*:*");
-                    assertThat(vs.getPart()).isEqualTo("a");
-                    assertThat(vs.getVendor()).isEqualTo("thinkcmf");
-                    assertThat(vs.getProduct()).isEqualTo("thinkcmf");
-                    assertThat(vs.getVersion()).isEqualTo("1.2.1");
-                    assertThat(vs.getUpdate()).isEqualTo("*");
-                    assertThat(vs.getEdition()).isEqualTo("*");
-                    assertThat(vs.getLanguage()).isEqualTo("*");
-                    assertThat(vs.getSwEdition()).isEqualTo("*");
-                    assertThat(vs.getTargetSw()).isEqualTo("*");
-                    assertThat(vs.getTargetHw()).isEqualTo("*");
-                    assertThat(vs.getOther()).isEqualTo("*");
-                    assertThat(vs.getVersionStartIncluding()).isNull();
-                    assertThat(vs.getVersionStartExcluding()).isNull();
-                    assertThat(vs.getVersionEndIncluding()).isNull();
-                    assertThat(vs.getVersionEndExcluding()).isNull();
-                    assertThat(vs.isVulnerable()).isTrue();
-                    assertThat(vs.getPurlType()).isNull();
-                    assertThat(vs.getPurlNamespace()).isNull();
-                    assertThat(vs.getPurlName()).isNull();
-                    assertThat(vs.getPurlVersion()).isNull();
-                    assertThat(vs.getPurlQualifiers()).isNull();
-                    assertThat(vs.getPurlSubpath()).isNull();
-                    assertThat(vs.getPurl()).isNull();
-                },
                 vs -> {
                     assertThat(vs.getCpe22()).isEqualTo("cpe:/a:thinkcmf:thinkcmf");
                     assertThat(vs.getCpe23()).isEqualTo("cpe:2.3:a:thinkcmf:thinkcmf:*:*:*:*:*:*:*:*");
@@ -1005,13 +978,6 @@ public void testProcessVulnWithVersConstraintsMoreThanTwo() throws Exception {
                     assertThat(vs.getVersionEndIncluding()).isNull();
                     assertThat(vs.getVersionEndExcluding()).isEqualTo("6");
                 },
-                vs -> {
-                    assertThat(vs.getVersion()).isEqualTo("6.0.1");
-                    assertThat(vs.getVersionStartIncluding()).isNull();
-                    assertThat(vs.getVersionStartExcluding()).isNull();
-                    assertThat(vs.getVersionEndIncluding()).isNull();
-                    assertThat(vs.getVersionEndExcluding()).isNull();
-                },
                 vs -> {
                     assertThat(vs.getVersion()).isEqualTo("*");
                     assertThat(vs.getVersionStartIncluding()).isEqualTo("1.0.0-beta1");
@@ -1040,13 +1006,6 @@ public void testProcessVulnWithVersConstraintsMoreThanTwo() throws Exception {
                     assertThat(vs.getVersionEndIncluding()).isEqualTo("8.0.1");
                     assertThat(vs.getVersionEndExcluding()).isNull();
                 },
-                vs -> {
-                    assertThat(vs.getVersion()).isEqualTo("1.2.3");
-                    assertThat(vs.getVersionStartIncluding()).isNull();
-                    assertThat(vs.getVersionStartExcluding()).isNull();
-                    assertThat(vs.getVersionEndIncluding()).isNull();
-                    assertThat(vs.getVersionEndExcluding()).isNull();
-                },
                 vs -> {
                     assertThat(vs.getVersion()).isEqualTo("*");
                     assertThat(vs.getVersionStartIncluding()).isEqualTo("2.0.0");