File tree 1 file changed +15
-1
lines changed
1 file changed +15
-1
lines changed Original file line number Diff line number Diff line change @@ -305,7 +305,21 @@ def create_externals_sbom() -> None:
305305
306306 # Set the versionInfo and downloadLocation fields for all packages.
307307 for package in sbom_data ["packages" ]:
308- package ["versionInfo" ] = externals_name_to_version [package ["name" ]]
308+ package_version = externals_name_to_version [package ["name" ]]
309+
310+ # Update the version information in all the locations.
311+ package ["versionInfo" ] = package_version
312+ for external_ref in package ["externalRefs" ]:
313+ if external_ref ["referenceType" ] != "cpe23Type" :
314+ continue
315+ # Version is the fifth field of a CPE.
316+ cpe23ref = external_ref ["referenceLocator" ]
317+ external_ref ["referenceLocator" ] = re .sub (
318+ r"\A(cpe(?::[^:]+){4}):[^:]+:" ,
319+ fr"\1:{ package_version } ,
320+ cpe23ref
321+ )
322+
309323 download_location = (
310324 f"https://github.com/python/cpython-source-deps/archive/refs/tags/{ externals_name_to_git_tag [package ['name' ]]}
311325 )
You can’t perform that action at this time.
0 commit comments