From bd501aa0621037cd9004b2702a1e76de442e5965 Mon Sep 17 00:00:00 2001
From: Holly Gong <gongh@google.com>
Date: Fri, 10 Jan 2025 17:35:07 +1100
Subject: [PATCH] feat(api): switch Debian version query to range matching

---
 gcp/api/integration_tests.py | 22 +++++++++++++---------
 osv/ecosystems/debian.py     |  4 ++++
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/gcp/api/integration_tests.py b/gcp/api/integration_tests.py
index 5ae9cf3009f..ac78fbb2428 100644
--- a/gcp/api/integration_tests.py
+++ b/gcp/api/integration_tests.py
@@ -575,13 +575,18 @@ def test_query_purl(self):
 
     self.assert_results_equal({'vulns': another_expected}, response.json())
 
-    expected_deb = [self._get('DLA-3203-1'), self._get('DSA-4921-1')]
+    expected_deb = [
+        self._get('CVE-2018-25047'),
+        self._get('CVE-2023-28447'),
+        self._get('CVE-2024-35226'),
+        self._get('DSA-5830-1'),
+    ]
 
     response = requests.post(
         _api() + _BASE_QUERY,
         data=json.dumps(
             {'package': {
-                'purl': 'pkg:deb/debian/nginx@1.14.2-2+deb10u3',
+                'purl': 'pkg:deb/debian/smarty4@4.1.1-1',
             }}),
         timeout=_TIMEOUT)
 
@@ -592,7 +597,7 @@ def test_query_purl(self):
         _api() + _BASE_QUERY,
         data=json.dumps({
             'package': {
-                'purl': 'pkg:deb/debian/nginx@1.14.2-2+deb10u3?arch=source',
+                'purl': 'pkg:deb/debian/smarty4@4.1.1-1?arch=source',
             }
         }),
         timeout=_TIMEOUT)
@@ -602,11 +607,10 @@ def test_query_purl(self):
     # A non source arch should also return the same item
     response = requests.post(
         _api() + _BASE_QUERY,
-        data=json.dumps({
-            'package': {
-                'purl': 'pkg:deb/debian/nginx@1.14.2-2+deb10u3?arch=x64',
-            }
-        }),
+        data=json.dumps(
+            {'package': {
+                'purl': 'pkg:deb/debian/smarty4@4.1.1-1?arch=x64',
+            }}),
         timeout=_TIMEOUT)
 
     self.assert_results_equal({'vulns': expected_deb}, response.json())
@@ -616,7 +620,7 @@ def test_query_purl(self):
         _api() + _BASE_QUERY,
         data=json.dumps({
             'package': {
-                'purl': ('pkg:deb/debian/nginx@1.14.2-2+deb10u3?'
+                'purl': ('pkg:deb/debian/smarty4@4.1.1-1?'
                          'randomqualifier=1234'),
             }
         }),
diff --git a/osv/ecosystems/debian.py b/osv/ecosystems/debian.py
index 6a9e9523d45..e64eede7372 100644
--- a/osv/ecosystems/debian.py
+++ b/osv/ecosystems/debian.py
@@ -137,3 +137,7 @@ def version_is_valid(v):
 
     return self._get_affected_versions(versions, introduced, fixed,
                                        last_affected, limits)
+
+  @property
+  def supports_comparing(self):
+    return True