aboutcode-org · kunalsz · Mar 1, 2025 · Mar 2, 2025
diff --git a/vulnerabilities/importers/apache_tomcat.py b/vulnerabilities/importers/apache_tomcat.py
@@ -16,10 +16,8 @@
 from bs4 import BeautifulSoup
 from packageurl import PackageURL
 from univers.version_constraint import VersionConstraint
-from univers.version_range import ApacheVersionRange
 from univers.version_range import MavenVersionRange
 from univers.versions import MavenVersion
-from univers.versions import SemverVersion
 
 from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importer import AffectedPackage
@@ -313,11 +311,6 @@ def generate_advisory_data_objects(url, tomcat_advisory_data_object):
             else:
                 pass
 
-            affected_version_range_apache = to_version_ranges_apache(
-                affected_versions,
-                fixed_versions,
-            )
-
             affected_version_range_maven = to_version_ranges_maven(
                 affected_versions,
                 fixed_versions,
@@ -336,16 +329,6 @@ def generate_advisory_data_objects(url, tomcat_advisory_data_object):
 
             affected_packages = []
 
-            affected_packages.append(
-                AffectedPackage(
-                    package=PackageURL(
-                        type="apache",
-                        name="tomcat",
-                    ),
-                    affected_version_range=affected_version_range_apache,
-                )
-            )
-
             affected_packages.append(
                 AffectedPackage(
                     package=PackageURL(
@@ -366,79 +349,6 @@ def generate_advisory_data_objects(url, tomcat_advisory_data_object):
             )
 
 
-def to_version_ranges_apache(versions_data, fixed_versions):
-    constraints = []
-
-    VersionConstraintTuple = namedtuple("VersionConstraintTuple", ["comparator", "version"])
-    affected_constraint_tuple_list = []
-    fixed_constraint_tuple_list = []
-
-    for version_item in versions_data:
-        version_item = version_item.strip()
-        if "to" in version_item:
-            version_item_split = version_item.split(" ")
-            affected_constraint_tuple_list.append(
-                VersionConstraintTuple(">=", version_item_split[0])
-            )
-            affected_constraint_tuple_list.append(
-                VersionConstraintTuple("<=", version_item_split[-1])
-            )
-
-        elif "-" in version_item:
-            version_item_split = version_item.split("-")
-            affected_constraint_tuple_list.append(
-                VersionConstraintTuple(">=", version_item_split[0])
-            )
-            affected_constraint_tuple_list.append(
-                VersionConstraintTuple("<=", version_item_split[-1])
-            )
-
-        elif version_item.startswith("<"):
-            version_item_split = version_item.split("<")
-            affected_constraint_tuple_list.append(
-                VersionConstraintTuple("<", version_item_split[-1])
-            )
-
-        else:
-            version_item_split = version_item.split(" ")
-            affected_constraint_tuple_list.append(
-                VersionConstraintTuple("=", version_item_split[0])
-            )
-
-    for fixed_item in fixed_versions:
-
-        if "-" in fixed_item and not any([i.isalpha() for i in fixed_item]):
-            fixed_item_split = fixed_item.split(" ")
-            fixed_constraint_tuple_list.append(VersionConstraintTuple(">=", fixed_item_split[0]))
-            fixed_constraint_tuple_list.append(VersionConstraintTuple("<=", fixed_item_split[-1]))
-
-        else:
-            fixed_item_split = fixed_item.split(" ")
-            fixed_constraint_tuple_list.append(VersionConstraintTuple("=", fixed_item_split[0]))
-
-    for record in affected_constraint_tuple_list:
-        try:
-            constraints.append(
-                VersionConstraint(
-                    comparator=record.comparator,
-                    version=SemverVersion(record.version),
-                )
-            )
-        except Exception as e:
-            LOGGER.error(f"{record.version!r} is not a valid SemverVersion {e!r}")
-            continue
-
-    for record in fixed_constraint_tuple_list:
-        constraints.append(
-            VersionConstraint(
-                comparator=record.comparator,
-                version=SemverVersion(record.version),
-            ).invert()
-        )
-
-    return ApacheVersionRange(constraints=constraints)
-
-
 def to_version_ranges_maven(versions_data, fixed_versions):
     constraints = []
 

diff --git a/vulnerabilities/tests/test_apache_tomcat.py b/vulnerabilities/tests/test_apache_tomcat.py
@@ -20,7 +20,6 @@
 from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importers.apache_tomcat import ApacheTomcatImporter
 from vulnerabilities.importers.apache_tomcat import extract_tomcat_advisory_data_from_page
-from vulnerabilities.importers.apache_tomcat import to_version_ranges_apache
 from vulnerabilities.importers.apache_tomcat import to_version_ranges_maven
 from vulnerabilities.improvers.default import DefaultImprover
 from vulnerabilities.improvers.valid_versions import ApacheTomcatImprover
@@ -395,30 +394,3 @@ def test_to_version_ranges():
     assert (
         MavenVersionRange.from_string(expected_versions_data_maven) == converted_versions_data_maven
     )
-
-    expected_versions_data_apache = "vers:apache/>=1.0.0|<=2.0.0|!=3.0.0|>=3.2.2|<=3.2.3|>=3.3a|<=3.3.1|!=3.3.1a|>=9.0.0.M1|<=9.0.0.M9|>=10.1.0-M1|<=10.1.0-M16"
-
-    expected_ApacheVersionRange_versions_data = ApacheVersionRange(
-        constraints=(
-            VersionConstraint(comparator=">=", version=SemverVersion(string="1.0.0")),
-            VersionConstraint(comparator="<=", version=SemverVersion(string="2.0.0")),
-            VersionConstraint(comparator="!=", version=SemverVersion(string="3.0.0")),
-            VersionConstraint(comparator=">=", version=SemverVersion(string="3.2.2")),
-            VersionConstraint(comparator="<=", version=SemverVersion(string="3.2.3")),
-            VersionConstraint(comparator=">=", version=SemverVersion(string="3.3a")),
-            VersionConstraint(comparator="<=", version=SemverVersion(string="3.3.1")),
-            VersionConstraint(comparator="!=", version=SemverVersion(string="3.3.1a")),
-            VersionConstraint(comparator=">=", version=SemverVersion(string="9.0.0.M1")),
-            VersionConstraint(comparator="<=", version=SemverVersion(string="9.0.0.M9")),
-            VersionConstraint(comparator=">=", version=SemverVersion(string="10.1.0-M1")),
-            VersionConstraint(comparator="<=", version=SemverVersion(string="10.1.0-M16")),
-        )
-    )
-
-    converted_versions_data_apache = to_version_ranges_apache(versions_data, fixed_versions)
-
-    assert expected_ApacheVersionRange_versions_data == converted_versions_data_apache
-    assert (
-        ApacheVersionRange.from_string(expected_versions_data_apache)
-        == converted_versions_data_apache
-    )