autoglsa: handle and test case of no fixed version in summary

Signed-off-by: John Helmert III <ajak@gentoo.org>

2 files changed, 21 insertions, 2 deletions

diff --git a/glsamaker/autoglsa.py b/glsamaker/autoglsa.py
index c85517e..85de8fd 100644
--- a/glsamaker/autoglsa.py
+++ b/glsamaker/autoglsa.py
@@ -165,8 +165,13 @@ def generate_affected(atoms: list[atom_mod.atom]) -> list[Affected]:
         ret.append(
             Affected(
                 str(atom.unversioned_atom),
-                atom.fullver,
-                Affected.range_types[atom.op],
+                # conditionals to handle cases where there's no fixed
+                # version and all versions are vulnerable - convention
+                # for these packages is to make the "vulnerable"
+                # version the latest version in tree; GLSA editors can
+                # adjust the version as necessary
+                atom.fullver if atom.fullver else "9999",
+                Affected.range_types[atom.op] if atom.op else "le",
                 "*",
                 atom.slot,
                 "vulnerable",
diff --git a/glsamaker/tests/test_autoglsa.py b/glsamaker/tests/test_autoglsa.py
index 7468547..acabea7 100644
--- a/glsamaker/tests/test_autoglsa.py
+++ b/glsamaker/tests/test_autoglsa.py
@@ -208,3 +208,17 @@ def test_autogenerate_glsa(app, db):
     e = errors[0]
     assert isinstance(e, NoAtomInSummary)
     assert e.bug_id == bug.id
+
+    bug.id = 713098
+    bug.summary = "dev-java/xmlrpc: Multiple vulnerabilities (CVE-2016-{5002,5003}. CVE-2019-17570)"
+
+    glsa, errors = autogenerate_glsa([bug])
+
+    assert len(errors) == 0
+    assert len(glsa.affected) == 1
+
+    assert glsa.affected[0].pkg == "dev-java/xmlrpc"
+    assert glsa.affected[0].range_type == "vulnerable"
+
+    db.session.merge(glsa)
+    assert glsa.generate_mail_table()