Skip to content

Fix #613: avoid selecting unrelated repositories as source repo #841

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Monal-Reddy wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Fix #613: avoid selecting unrelated repositories as source repo #841

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8323501
Fix #613: avoid selecting unrelated repositories as source repo
Monal-Reddy Mar 13, 2026
7773528
Clean up whitespace in get_source_repo
Monal-Reddy Mar 13, 2026
60bc340
addin unit tests
Monal-Reddy Mar 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 12 additions & 1 deletion purl2vcs/src/purl2vcs/find_source_repo.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,14 +201,25 @@ def get_source_repo(package: Package) -> PackageURL:
source_purls = list(convert_repo_urls_to_purls(repo_urls))
if not source_purls:
return
# Filter out clearly unrelated repositories
pkg_name = package.name.lower()
filtered_source_purls = []

for purl in source_purls:
repo_name = (purl.name or "").lower()
if repo_name in pkg_name or pkg_name in repo_name:
filtered_source_purls.append(purl)

if filtered_source_purls:
source_purls = filtered_source_purls

source_purls = list(set(source_purls))
source_purl_with_tag = find_package_version_tag_and_commit(
version=package.version, source_purls=source_purls
)
if source_purl_with_tag:
return source_purl_with_tag


def get_repo_urls(package: Package) -> Generator[str, None, None]:
"""
Return the URL of the source repository of a package
Expand Down
22 changes: 22 additions & 0 deletions purl2vcs/tests/test_find_source_repo.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -311,3 +311,25 @@ def test_from_purl_to_git(self):
)
expected = "pkg:bitbucket/connect2id/oauth-2.0-sdk-with-openid-connect-extensions@9.36?commit=e86fb3431972d302fcb615aca0baed4d8ab89791"
self.assertEqual(expected, response.data["git_repo"])

def test_filter_unrelated_repo_candidates(self):
"""
Ensure unrelated repository candidates are filtered when
detecting the source repository.
"""

pkg_name = "inherits"

source_purls = [
PackageURL(type="github", namespace="substack", name="node-browserify"),
PackageURL(type="github", namespace="isaacs", name="inherits"),
]

filtered = []
for purl in source_purls:
repo_name = (purl.name or "").lower()
if repo_name in pkg_name or pkg_name in repo_name:
filtered.append(purl)

self.assertTrue(any(p.name == "inherits" for p in filtered))
self.assertFalse(any(p.name == "node-browserify" for p in filtered))