Some vulnerabilities contain multiple commit_url entries that reference the same commit hash in different repositories.
For example:
https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2015-17.yaml
https://public.vulnerablecode.io/advisories/pypa/requests/PYSEC-2015-17
The advisory contains the following commit URLs:
Both URLs point to the same Git commit (3bd8afbff29e50b38f889b2f688785a669b9aafc). The kennethreitz/requests repository is forked repository, while psf/requests is the current original repository.
To avoid duplicate patch commits, we should ignore commit URLs from forked repositories when the same commit is available in the original repository
Some vulnerabilities contain multiple
commit_urlentries that reference the same commit hash in different repositories.For example:
https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2015-17.yaml
https://public.vulnerablecode.io/advisories/pypa/requests/PYSEC-2015-17
The advisory contains the following commit URLs:
Both URLs point to the same Git commit (
3bd8afbff29e50b38f889b2f688785a669b9aafc). Thekennethreitz/requestsrepository is forked repository, whilepsf/requestsis the current original repository.To avoid duplicate patch commits, we should ignore commit URLs from forked repositories when the same commit is available in the original repository