From 6511601745ae883f0152056ba13237ef30c7ff0b Mon Sep 17 00:00:00 2001
From: acmarr <adam.marr@suse.com>
Date: Fri, 9 Feb 2024 11:41:52 -0800
Subject: [PATCH] NVSHAS-6483 fix issue with php data where module names are
 not lowercase.

---
 updater/fetchers/apps/ghsa.go | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/updater/fetchers/apps/ghsa.go b/updater/fetchers/apps/ghsa.go
index da6f124..30cf1b1 100644
--- a/updater/fetchers/apps/ghsa.go
+++ b/updater/fetchers/apps/ghsa.go
@@ -63,16 +63,16 @@ type ghsaData struct {
 
 func ghsaUpdate() error {
 	log.Info("fetching ghsa vulnerabilities")
-	loadGHSAData(npmDataFile, "npm", "")
-	loadGHSAData(mavenDataFile, "maven", "")
-	loadGHSAData(pipDataFile, "pip", "python:")
-	loadGHSAData(nugetDataFile, ".NET", ".NET:")
-	loadGHSAData(golangDataFile, "golang", "go:")
-	loadGHSAData(phpDataFile, "php", "php:")
+	loadGHSAData(npmDataFile, "npm", "", false)
+	loadGHSAData(mavenDataFile, "maven", "", false)
+	loadGHSAData(pipDataFile, "pip", "python:", false)
+	loadGHSAData(nugetDataFile, ".NET", ".NET:", false)
+	loadGHSAData(golangDataFile, "golang", "go:", false)
+	loadGHSAData(phpDataFile, "php", "php:", true)
 	return nil
 }
 
-func loadGHSAData(ghsaFile, app, prefix string) error {
+func loadGHSAData(ghsaFile, app, prefix string, lowercase bool) error {
 	dataFile := fmt.Sprintf("%s%s", common.CVESourceRoot, ghsaFile)
 	f, err := os.Open(dataFile)
 	if err != nil {
@@ -121,6 +121,9 @@ func loadGHSAData(ghsaFile, app, prefix string) error {
 		}
 
 		moduleName := fmt.Sprintf("%s%s", prefix, r.Package.Name)
+		if lowercase {
+			moduleName = strings.ToLower(moduleName)
+		}
 		affectedVer := getVersion(r.AffectedVersion)
 		fixedVer := getVersion(r.PatchedVersion.Identifier)
 		key := fmt.Sprintf("%s-%s", vulName, moduleName)