Bug: Failing importer due to missing version range #1214
Description
Bug Report
I encountered several problems due to missing version ranges in a couple of packages (e.g. apache).
From what I can tell the missing version definitions caused e.g. the default improver to crash while it was creating the list of affected packages.
The stack trace indicated that the problem is in the line
affected_version_range = VersionRange.from_string(affected_pkg["affected_version_range"]
in the method 'def from_dict(cls, affected_pkg: dict):' in importer.py.
If the given string doesn't contain a version an error is thrown which caused the default importer to crash.
Proposed Solution
My workaround was to wrap the call to VersionRange.from_string in a try except and return None if the call throws. However, I'm not familiar with either python not your project so I'm not sure if this is a good solution.
To handle the new possibility that from_dict can now return None I wrapped the two existing calls in the codebase to this method in importer.py and models.py and excluded all None elements. Example from models.py
def to_advisory_data(self) -> AdvisoryData:
return AdvisoryData(
aliases=self.aliases,
summary=self.summary,
affected_packages=[AffectedPackage.from_dict(pkg) for pkg in self.affected_packages if pkg is not None],
references=[Reference.from_dict(ref) for ref in self.references],
date_published=self.date_published,
weaknesses=self.weaknesses,
)
If this solution makes sense to you I can create a PR for this. Or else let me know how else this issue should be resolved.