-
Notifications
You must be signed in to change notification settings - Fork 457
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Populate cvss #3147
feat: Populate cvss #3147
Conversation
Codecov Report
@@ Coverage Diff @@
## main #3147 +/- ##
==========================================
+ Coverage 81.19% 81.41% +0.22%
==========================================
Files 716 716
Lines 11086 11114 +28
Branches 1488 1495 +7
==========================================
+ Hits 9001 9049 +48
+ Misses 1694 1679 -15
+ Partials 391 386 -5
Flags with carried forward coverage won't be shown. Click here to find out more.
... and 5 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
cve_bin_tool/cvedb.py
Outdated
insert_cve_metrics, | ||
[ | ||
cve["ID"], | ||
cve["CVSS_version"], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The second parameter of the cve_metrics table should be referencing the name of the metric in the metrics table and not be the metric name
For a CVSS-3 CVE, we should have CVE_number, 3, score, vector where 3 is the INDEX of the CVSS-3 string in the metrics table (note that the value 3 should be obtained from the metrics table and not hard-coded)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok sure, I will update it.
cve_bin_tool/cvedb.py
Outdated
|
||
for cve in severity_data: | ||
try: | ||
if cve["CVSS_version"] == 2: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The value of the metric variable should be obtained from the metric table and should be the index and not the string.
So the code should be metric_value = find_metric(metric)
where find_metric is a function taking the metric string as a parameter. The find_metric function will then find the string in the metric table and return the index or an error value indicating that it hasn't been found.
I did a quick merge conflict resolution through the web interface for cvedb.py. if you plan to do updates you might need to rebase your local branch and resolve the same conflict (or just grab the branch from here) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Getting a flake8 error:
cve_bin_tool/cvedb.py:491:9: F841 local variable 'del_cve_range' is assigned to but never used
I believe that could be related to the merge conflict resolution I tried earlier, but I'm not 100% sure. I'll leave it to you to look at more closely and resolve.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like there's a merge conflict you'll need to resolve before the tests can run.
@terriko I am working on it. |
Updating to main to fix broken tests. the cache is also correctly updated now which should reduce the timeout risk on windows. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like @anthonyharrison 's comments were resolved and tests are passing, so I'm going to go ahead and merge this now. Thanks!
fixes: #3146