From 9944ea8f99ff6a430de642eb9bb6362eb3bb728b Mon Sep 17 00:00:00 2001
From: tdruez <tdruez@nexb.com>
Date: Wed, 21 Aug 2024 14:46:36 +0400
Subject: [PATCH] Limit the QS to types supported by VulnerableCode #94

Signed-off-by: tdruez <tdruez@nexb.com>
---
 component_catalog/vulnerabilities.py | 29 +++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/component_catalog/vulnerabilities.py b/component_catalog/vulnerabilities.py
index 0a2b6bf8..64e278cc 100644
--- a/component_catalog/vulnerabilities.py
+++ b/component_catalog/vulnerabilities.py
@@ -19,6 +19,33 @@
 from dje.utils import chunked_queryset
 from dje.utils import humanize_time
 
+# Replace by fetching the endpoint once available.
+# https://github.com/aboutcode-org/vulnerablecode/issues/1561#issuecomment-2298764730
+VULNERABLECODE_TYPES = [
+    "alpine",
+    "alpm",
+    "apache",
+    "cargo",
+    "composer",
+    "conan",
+    "deb",
+    "gem",
+    "generic",
+    "github",
+    "golang",
+    "hex",
+    "mattermost",
+    "maven",
+    "mozilla",
+    "nginx",
+    "npm",
+    "nuget",
+    "openssl",
+    "pypi",
+    "rpm",
+    "ruby",
+]
+
 
 def fetch_for_queryset(queryset, dataspace, batch_size=50, timeout=None, logger=None):
     object_count = queryset.count()
@@ -72,7 +99,7 @@ def fetch_from_vulnerablecode(dataspace, batch_size, timeout, logger=None):
         Package.objects.scope(dataspace)
         .has_package_url()
         .only("dataspace", *PACKAGE_URL_FIELDS)
-        .exclude(type="sourceforge")
+        .filter(type__in=VULNERABLECODE_TYPES)
         .order_by("-last_modified_date")
     )
     package_count = package_qs.count()