From 16082222e2c3654daaf6bfb47545a03207d15717 Mon Sep 17 00:00:00 2001 From: Mrityunjay Raj Date: Fri, 2 Jan 2026 21:56:49 +0530 Subject: [PATCH 1/2] Fix get_advisory_url to handle string file paths The function now accepts both Path objects and strings for the `file` and `base_path` parameters, converting strings to Path objects before calling relative_to(). This fixes the AttributeError that occurred when importers passed string paths instead of Path objects. Fixes: #2016 Signed-off-by: Mrityunjay Raj --- vulnerabilities/utils.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/vulnerabilities/utils.py b/vulnerabilities/utils.py index 999244498..7a03fc2ee 100644 --- a/vulnerabilities/utils.py +++ b/vulnerabilities/utils.py @@ -19,6 +19,7 @@ from collections import defaultdict from functools import total_ordering from http import HTTPStatus +from pathlib import Path from typing import List from typing import Optional from typing import Tuple @@ -543,6 +544,10 @@ def get_advisory_url(file, base_path, url): """ Return the advisory URL constructed by combining the base URL with the relative file path. """ + if isinstance(file, str): + file = Path(file) + if isinstance(base_path, str): + base_path = Path(base_path) relative_path = str(file.relative_to(base_path)).strip("/") advisory_url = urljoin(url, relative_path) return advisory_url From 826757d2343ba9c5ab5b32145d0f059832f2a599 Mon Sep 17 00:00:00 2001 From: Mrityunjay Raj Date: Tue, 13 Jan 2026 23:01:02 +0530 Subject: [PATCH 2/2] Add test for get_advisory_url function - Test string inputs (the bug fix scenario) - Test Path object inputs (original working case) - Test mixed Path/string inputs Addresses reviewer feedback Signed-off-by: Mrityunjay Raj --- vulnerabilities/tests/test_utils.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/vulnerabilities/tests/test_utils.py b/vulnerabilities/tests/test_utils.py index c9ba98e79..3e391a0d4 100644 --- a/vulnerabilities/tests/test_utils.py +++ b/vulnerabilities/tests/test_utils.py @@ -151,3 +151,29 @@ def test_resolve_version_range_without_ignorable_versions(): def test_get_severity_range(): assert get_severity_range({""}) is None assert get_severity_range({}) is None + + +def test_get_advisory_url(): + from pathlib import Path + + from vulnerabilities.utils import get_advisory_url + + # Test case 1: Both parameters as strings (the bug fix scenario) + file_str = "/tmp/advisories/istio/ISTIO-2021-001.yaml" + base_str = "/tmp/advisories" + url = "https://github.com/istio/istio.io/tree/master/advisories/" + + result = get_advisory_url(file_str, base_str, url) + expected = "https://github.com/istio/istio.io/tree/master/advisories/istio/ISTIO-2021-001.yaml" + assert result == expected + + # Test case 2: Both parameters as Path objects + file_path = Path("/tmp/advisories/istio/ISTIO-2021-001.yaml") + base_path = Path("/tmp/advisories") + + result = get_advisory_url(file_path, base_path, url) + assert result == expected + + # Test case 3: Mixed - file as Path, base_path as string + result = get_advisory_url(file_path, base_str, url) + assert result == expected