Merge branch 'main' into update_queries

.github/workflows/codeql-analysis.yml

@@ -42,7 +42,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+      uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
       with:
         egress-policy: audit
 

.github/workflows/coverity.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+      uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
       with:
         egress-policy: audit
 

.github/workflows/cve_scan.yml

@@ -15,7 +15,7 @@ jobs:
     timeout-minutes: 10
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

.github/workflows/dependency-review.yml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

.github/workflows/export_data.yml

@@ -26,7 +26,7 @@ jobs:
 
     steps: 
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

.github/workflows/formatting.yml

@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

.github/workflows/linting.yml

@@ -20,7 +20,7 @@ jobs:
         tool: ['isort', 'black', 'pyupgrade', 'flake8', 'bandit', 'gitlint', 'mypy']
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

.github/workflows/sbom.yml

@@ -21,7 +21,7 @@ jobs:
         python: ['3.8', '3.9', '3.10', '3.11']
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

.github/workflows/scorecard.yml

@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

.github/workflows/spelling.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+      uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
       with:
         egress-policy: audit
 

.github/workflows/testing.yml

@@ -26,7 +26,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 
@@ -56,7 +56,7 @@ jobs:
     timeout-minutes: 60
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 
@@ -126,7 +126,7 @@ jobs:
       LONG_TESTS: 1
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 
@@ -223,7 +223,7 @@ jobs:
       EXTERNAL_SYSTEM: 1
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 
@@ -317,7 +317,7 @@ jobs:
       PYTHONIOENCODING: 'utf8'
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 
@@ -387,7 +387,7 @@ jobs:
       PYTHONIOENCODING: 'utf8'
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

.github/workflows/update-cache.yml

@@ -22,7 +22,7 @@ jobs:
     timeout-minutes: 60
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

.github/workflows/update-js-dependencies.yml

@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

.github/workflows/update-pre-commit.yml

@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

.github/workflows/update-spdx-header.yml

@@ -23,7 +23,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

cve_bin_tool/cvedb.py

@@ -531,6 +531,36 @@ def populate_severity(self, severity_data, cursor, data_source):
         for cve in severity_data:
             cursor.execute(del_cve_range, [cve["ID"], data_source])
 
+    def populate_cve_metrics(self, severity_data, cursor):
+        insert_cve_metrics = self.INSERT_QUERIES["insert_cve_metrics"]
+
+        for cve in severity_data:
+            # Check no None values
+            if not bool(cve.get("score")):
+                LOGGER.debug(f"Update score for {cve['ID']}")
+                cve["score"] = "unknown"
+            if not bool(cve.get("CVSS_version")):
+                LOGGER.debug(f"Update CVSS version for {cve['ID']}")
+                cve["CVSS_version"] = "unknown"
+            if not bool(cve.get("CVSS_vector")):
+                LOGGER.debug(f"Update CVSS Vector for {cve['ID']}")
+                cve["CVSS_vector"] = "unknown"
+
+        for cve in severity_data:
+            try:
+                metric = self.metric_finder(cursor, cve)
+                cursor.execute(
+                    insert_cve_metrics,
+                    [
+                        cve["ID"],
+                        metric,
+                        cve["score"],
+                        cve["CVSS_vector"],
+                    ],
+                )
+            except Exception as e:
+                LOGGER.info(f"Unable to insert data for {e}\n{cve}")
+
     def populate_affected(self, affected_data, cursor, data_source):
         insert_cve_range = self.INSERT_QUERIES["insert_cve_range"]
         try:
@@ -554,26 +584,6 @@ def populate_affected(self, affected_data, cursor, data_source):
         except Exception as e:
             LOGGER.info(f"Unable to insert data for {data_source} - {e}")
 
-    def metric_finder(self, cursor, cve):
-        # SQL query to retrieve the metrics_name based on the metrics_id
-        query = """
-        SELECT metrics_id FROM metrics
-        WHERE metrics_id=?
-        """
-        metric = None
-        if cve["CVSS_version"] == "unknown":
-            metric = "unknown"
-        else:
-            cursor.execute(query, [cve.get("CVSS_version")])
-            # Fetch all the results of the query and use 'map' to extract only the 'metrics_name' from the result
-            metric = list(map(lambda x: x[0], cursor.fetchall()))
-            # Since the query is expected to return a single result, extract the first item from the list and store it in 'metric'
-            metric = metric[0]
-            self.LOGGER.debug(
-                f'For the given cve {cve["ID"]} the cvss version found {cve["CVSS_version"]} metrics ID added into database {metric}'
-            )
-        return metric
-
     def populate_cve_metrics(self, severity_data, cursor):
         insert_cve_metrics = self.INSERT_QUERIES["insert_cve_metrics"]
 
@@ -625,6 +635,27 @@ def populate_epss(self):
         self.epss_data = run_coroutine(epss.update_epss(cursor))
         self.db_close()
 
+    def metric_finder(self, cursor, cve):
+        # SQL query to retrieve the metrics_name based on the metrics_id
+        # currently cve["CVSS_version"] return 2,3 based on there version and they are mapped accordingly to there metrics name in metrics table.
+        query = """
+        SELECT metrics_id FROM metrics
+        WHERE metrics_id=?
+        """
+        metric = None
+        if cve["CVSS_version"] == "unknown":
+            metric = "unknown"
+        else:
+            cursor.execute(query, [cve.get("CVSS_version")])
+            # Fetch all the results of the query and use 'map' to extract only the 'metrics_name' from the result
+            metric = list(map(lambda x: x[0], cursor.fetchall()))
+            # Since the query is expected to return a single result, extract the first item from the list and store it in 'metric'
+            metric = metric[0]
+            self.LOGGER.debug(
+                f'For the given cve {cve["ID"]} the cvss version found {cve["CVSS_version"]} metrics ID added into database {metric}'
+            )
+        return metric
+
     def clear_cached_data(self) -> None:
         self.create_cache_backup()
         if self.cachedir.exists():

doc/requirements.txt

@@ -1,4 +1,4 @@
-Sphinx==7.0.1
+Sphinx==7.1.0
 sphinx_markdown_tables
 myst_parser==2.0.0
 sbom2doc