Add additional check to prevent duplicate references

If CVE services already have a reference with the same url as one that we have locally, do not add it again.
mozilla · Apr 24, 2024 · e9e840f · e9e840f
1 parent c8f642c
commit e9e840f
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/foundation_security_advisories/common_cve.py b/foundation_security_advisories/common_cve.py
@@ -116,11 +116,17 @@ def try_update_published_cve(local_cve: CVEAdvisory, local_date: int, remote_dat
     if "x_legacyV4Record" in remote_cve_json_container:
         remote_cve_json_container.pop("x_legacyV4Record")
     local_cve_json = local_cve.to_json_5_0()
+    local_reference_urls = [
+        local_reference[0]
+        for local_instance in local_cve.instances
+        for local_reference in local_instance.references
+    ]
     # If there are references which we did not add automatically, we probably don't
     # want to remove them, so we move them to our to-be-published object.
     remote_extra_references = list(
         filter(
-            lambda reference: all(
+            lambda reference: not reference["url"] in local_reference_urls
+            and all(
                 not reference["url"].startswith(prefix)
                 for prefix in [
                     "https://bugzilla.mozilla.org",