Fix nginx importer to correctly assign windows qualifiers

ziadhany · ziadhany · commit 512f39a2b00c · 2026-01-19T13:47:56.000+02:00
Signed-off-by: ziad hany &lt;ziadhany2016@gmail.com&gt;
diff --git a/vulnerabilities/pipelines/v2_importers/nginx_importer.py b/vulnerabilities/pipelines/v2_importers/nginx_importer.py
@@ -36,7 +36,6 @@ class NginxImporterPipeline(VulnerableCodeBaseImporterPipelineV2):
     spdx_license_expression = "BSD-2-Clause"
     license_url = "https://nginx.org/LICENSE"
     url = "https://nginx.org/en/security_advisories.html"
-    importer_name = "Nginx Importer"
 
     @classmethod
     def steps(cls):
@@ -83,9 +82,6 @@ def to_advisory_data(nginx_adv: NginxAdvisory) -> AdvisoryData:
     Return AdvisoryData from an NginxAdvisory tuple.
     """
     qualifiers = {}
-
-    purl = PackageURL(type="nginx", name="nginx", qualifiers=qualifiers)
-
     _, _, affected_versions = nginx_adv.vulnerable.partition(":")
     affected_versions = affected_versions.strip()
 
@@ -96,9 +92,7 @@ def to_advisory_data(nginx_adv: NginxAdvisory) -> AdvisoryData:
     _, _, fixed_versions = nginx_adv.not_vulnerable.partition(":")
     fixed_versions = fixed_versions.strip()
 
-    if "nginx/Windows" in fixed_versions:
-        qualifiers["os"] = "windows"
-        fixed_versions = fixed_versions.replace("nginx/Windows", "")
+    purl = PackageURL(type="nginx", name="nginx", qualifiers=qualifiers)
 
     fixed_version_range = None
     try:
diff --git a/vulnerabilities/tests/test_data/nginx_v2/security_advisories-advisory_data-expected.json b/vulnerabilities/tests/test_data/nginx_v2/security_advisories-advisory_data-expected.json
@@ -1188,7 +1188,7 @@
           "namespace": "",
           "name": "nginx",
           "version": "",
-          "qualifiers": "",
+          "qualifiers": "os=windows",
           "subpath": ""
         },
         "affected_version_range": "vers:nginx/>=0.7.52|<=1.3.0",
@@ -1357,7 +1357,7 @@
           "namespace": "",
           "name": "nginx",
           "version": "",
-          "qualifiers": "",
+          "qualifiers": "os=windows",
           "subpath": ""
         },
         "affected_version_range": "vers:nginx/>=0.7.52|<=0.8.40",
@@ -1390,7 +1390,7 @@
           "namespace": "",
           "name": "nginx",
           "version": "",
-          "qualifiers": "",
+          "qualifiers": "os=windows",
           "subpath": ""
         },
         "affected_version_range": "vers:nginx/>=0.7.52|<=0.8.39",
@@ -1423,7 +1423,7 @@
           "namespace": "",
           "name": "nginx",
           "version": "",
-          "qualifiers": "",
+          "qualifiers": "os=windows",
           "subpath": ""
         },
         "affected_version_range": "vers:nginx/>=0.7.52|<=0.8.32",
