Usage of modified-files option throws AttributeError when creating an advisory record #373
Description
It seems that the current implementation throws an attribute error when using the modified-files option in the input parameters.
As described in the argument parser, this option can be used to manually specify "names (or partial names) comma separated that the commits are supposed to modify".
So, for instance, for CVE-2021-40690 I tested the following command:
python cli/main.py CVE-2021-40690 --repository https://github.com/apache/santuario-xml-security-java --use-nvd --version-interval 2.2.2:2.2.3 --modified-files KeyInfo,KeyReferenceInfo,RetrievalMethod --use-backend=never --filter-extensions=java
It prints the following output:
Initialization [OK]
Processing advisory [ERROR]
Traceback (most recent call last):
File "/opt/project-kb/prospector/cli/main.py", line 103, in <module>
main(sys.argv)
File "/opt/project-kb/prospector/cli/main.py", line 66, in main
results, advisory_record = prospector(
File "/opt/project-kb/prospector/stats/execution.py", line 49, in _wrapper
with ExecutionTimer(collection.sub_collection(name)):
File "/opt/project-kb/prospector/stats/execution.py", line 78, in __exit__
raise exc_val
File "/opt/project-kb/prospector/stats/execution.py", line 50, in _wrapper
result = function(*args, **kwargs)
File "/opt/project-kb/prospector/core/prospector.py", line 74, in prospector
with ConsoleWriter("Processing advisory") as console:
File "/opt/project-kb/prospector/cli/console.py", line 32, in __exit__
raise exc_val
File "/opt/project-kb/prospector/core/prospector.py", line 75, in prospector
advisory_record = build_advisory_record(
File "/opt/project-kb/prospector/datamodel/advisory.py", line 352, in build_advisory_record
advisory_record.files.update(set(modified_files.split(",")))
AttributeError: 'set' object has no attribute 'split'
As clearly described by the error, the issue is in the datamodel/advisory.py file, more specifically this part of the code:
...
if modified_files and len(modified_files) > 0:
advisory_record.files.update(set(modified_files.split(",")))
...
Since modified_files is already a set at that point of the code, the easy fix would be to change it to:
...
if modified_files and len(modified_files) > 0:
advisory_record.files.update(modified_files)
...
Consequently, you may also want to edit the type annotations in build_advisory_record(...) and other parts of the code.
I'm not sure if this has already been noticed, so please let me know if it's an actual issue present also in the upcoming version. Also, let me know if you want me to create a PR.