Update gentoo importer to include rle, rgt, and rge versions.

Signed-off-by: ziad hany <ziadhany2016@gmail.com>

Author: ziadhany

vulnerabilities/pipelines/v2_importers/gentoo_importer.py

@@ -170,16 +170,20 @@ def get_safe_and_affected_constraints(pkg):
     affected_versions = set()
     for info in pkg:
         # All possible values of info.attrib['range'] =
-        # {'gt', 'lt', 'rle', 'rge', 'rgt', 'le', 'ge', 'eq'}, out of
-        # which ('rle', 'rge', 'rgt') are ignored, because they compare
-        # 'release' not the 'version'.
+        # {'gt', 'lt', 'rle', 'rge', 'rgt', 'le', 'ge', 'eq'}
         range_value = info.attrib.get("range")
         slot_value = info.attrib.get("slot")
-        comparator_dict = {"gt": ">", "lt": "<", "ge": ">=", "le": "<=", "eq": "="}
+        comparator_dict = {
+            "gt": ">",
+            "lt": "<",
+            "ge": ">=",
+            "le": "<=",
+            "eq": "=",
+            "rle": "<=",
+            "rge": ">=",
+            "rgt": ">",
+        }
         comparator = comparator_dict.get(range_value)
-        if not comparator:
-            continue
-
         if info.tag == "unaffected":
             safe_versions.add((comparator, info.text, slot_value))
 

vulnerabilities/tests/test_data/gentoo_v2/glsa-201709-09-expected.json

@@ -33,6 +33,20 @@
         "fixed_version_range": null,
         "introduced_by_commit_patches": [],
         "fixed_by_commit_patches": []
+      },
+      {
+        "package": {
+          "type": "ebuild",
+          "namespace": "dev-vcs",
+          "name": "subversion",
+          "version": "",
+          "qualifiers": "",
+          "subpath": ""
+        },
+        "affected_version_range": "vers:ebuild/<=1.8.18",
+        "fixed_version_range": null,
+        "introduced_by_commit_patches": [],
+        "fixed_by_commit_patches": []
       }
     ],
     "references_v2": [