feat: cvss data

intel · Jul 10, 2023 · e0c201a · e0c201a
1 parent 56f08df
commit e0c201a
Showing 1 changed file with 31 additions and 1 deletion.
diff --git a/cve_bin_tool/cvedb.py b/cve_bin_tool/cvedb.py
@@ -475,6 +475,7 @@ def populate_db(self) -> None:
 
             if severity_data is not None and len(severity_data) > 0:
                 self.populate_severity(severity_data, cursor, data_source=source_name)
+                self.populate_cve_metrics(severity_data, cursor)
             if affected_data is not None:
                 self.populate_affected(
                     affected_data,
@@ -487,7 +488,6 @@ def populate_db(self) -> None:
 
     def populate_severity(self, severity_data, cursor, data_source):
         insert_severity = self.INSERT_QUERIES["insert_severity"]
-        del_cve_range = "DELETE from cve_range where CVE_number=?"
 
         for cve in severity_data:
             # Check no None values
@@ -525,6 +525,36 @@ def populate_severity(self, severity_data, cursor, data_source):
             except Exception as e:
                 LOGGER.info(f"Unable to insert data for {data_source} - {e}\n{cve}")
 
+    def populate_cve_metrics(self, severity_data, cursor):
+        insert_cve_metrics = self.INSERT_QUERIES["insert_cve_metrics"]
+        del_cve_range = "DELETE from cve_range where CVE_number=?"
+
+        for cve in severity_data:
+            # Check no None values
+            if not bool(cve.get("score")):
+                LOGGER.debug(f"Update score for {cve['ID']}")
+                cve["score"] = "unknown"
+            if not bool(cve.get("CVSS_version")):
+                LOGGER.debug(f"Update CVSS version for {cve['ID']}")
+                cve["CVSS_version"] = "unknown"
+            if not bool(cve.get("CVSS_vector")):
+                LOGGER.debug(f"Update CVSS Vector for {cve['ID']}")
+                cve["CVSS_vector"] = "unknown"
+
+        for cve in severity_data:
+            try:
+                cursor.execute(
+                    insert_cve_metrics,
+                    [
+                        cve["ID"],
+                        cve["CVSS_version"],
+                        cve["score"],
+                        cve["CVSS_vector"],
+                    ],
+                )
+            except Exception as e:
+                LOGGER.info(f"Unable to insert data for {e}\n{cve}")
+
         # Delete any old range entries for this CVE_number
         cursor.executemany(del_cve_range, [(cve["ID"],) for cve in severity_data])