Update gentoo to support rgt,rge,rle version ranges

Update the pipeline to use the new AdvisoryDataV2

Signed-off-by: ziad hany <ziadhany2016@gmail.com>

Author: ziadhany

vulnerabilities/pipelines/v2_importers/gentoo_importer.py

@@ -20,7 +20,7 @@
 from univers.versions import GentooVersion
 from univers.versions import InvalidVersion
 
-from vulnerabilities.importer import AdvisoryData
+from vulnerabilities.importer import AdvisoryDataV2
 from vulnerabilities.importer import AffectedPackageV2
 from vulnerabilities.importer import ReferenceV2
 from vulnerabilities.importer import VulnerabilitySeverity
@@ -53,7 +53,7 @@ def advisories_count(self):
         advisory_dir = Path(self.vcs_response.dest_dir)
         return sum(1 for _ in advisory_dir.rglob("*.xml"))
 
-    def collect_advisories(self) -> Iterable[AdvisoryData]:
+    def collect_advisories(self) -> Iterable[AdvisoryDataV2]:
         base_path = Path(self.vcs_response.dest_dir)
         for file_path in base_path.glob("**/*.xml"):
             yield from self.process_file(file_path)
@@ -105,11 +105,11 @@ def process_file(self, file):
                 if severity_value:
                     severities.append(VulnerabilitySeverity(system=GENERIC, value=severity_value))
 
-        yield AdvisoryData(
+        yield AdvisoryDataV2(
             advisory_id=glsa,
             aliases=cves,
             summary=summary,
-            references_v2=vuln_references,
+            references=vuln_references,
             severities=severities,
             affected_packages=affected_packages,
             url=f"https://security.gentoo.org/glsa/{id}",
@@ -176,9 +176,9 @@ def get_affected_and_fixed_purls(affected_elem, logger):
                 "ge": ">=",
                 "le": "<=",
                 "eq": "=",
-                # "rle": "<=",
-                # "rge": ">=",
-                # "rgt": ">",
+                "rle": "<=",
+                "rge": ">=",
+                "rgt": ">",
             }
             comparator = comparator_dict.get(range_value)
             if not comparator:
@@ -195,6 +195,13 @@ def get_affected_and_fixed_purls(affected_elem, logger):
                     (comparator, info.text)
                 )
 
+            if range_value in ["rgt", "rge", "rle"]:
+                next_minor_version = GentooVersion(info.text).bump()
+                invert_comp = "<" if range_value in ["rgt", "rge"] else ">"
+                purl_ranges_map[(pkg_name, pkg_ns, slot_value)]["fixed_ranges"].add(
+                    (invert_comp, next_minor_version)
+                )
+
         for (pkg_name, pkg_ns, slot_value), data in purl_ranges_map.items():
             qualifiers = {"slot": slot_value} if slot_value else {}
             purl = PackageURL(type="ebuild", name=pkg_name, namespace=pkg_ns, qualifiers=qualifiers)

vulnerabilities/tests/test_data/gentoo_v2/glsa-201709-09-expected.json

@@ -16,12 +16,12 @@
           "subpath": ""
         },
         "affected_version_range": "vers:ebuild/0.1.1|<1.9.7",
-        "fixed_version_range": "vers:ebuild/>=1.9.7",
+        "fixed_version_range": "vers:ebuild/>1.8.18|<1.9|>=1.9.7",
         "introduced_by_commit_patches": [],
         "fixed_by_commit_patches": []
       }
     ],
-    "references_v2": [
+    "references": [
       {
         "reference_id": "GLSA-201709-09",
         "reference_type": "",

vulnerabilities/tests/test_data/gentoo_v2/glsa-202511-02-expected.json

@@ -59,7 +59,7 @@
         "fixed_by_commit_patches": []
       }
     ],
-    "references_v2": [
+    "references": [
       {
         "reference_id": "GLSA-202511-02",
         "reference_type": "",

vulnerabilities/tests/test_data/gentoo_v2/glsa-202512-01-expected.json

@@ -19,7 +19,7 @@
         "fixed_by_commit_patches": []
       }
     ],
-    "references_v2": [
+    "references": [
       {
         "reference_id": "GLSA-202512-01",
         "reference_type": "",