Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Populate cvss #3147

Merged
merged 10 commits into from
Jul 26, 2023
Merged

feat: Populate cvss #3147

merged 10 commits into from
Jul 26, 2023

Conversation

Rexbeast2
Copy link
Contributor

fixes: #3146

@codecov-commenter
Copy link

codecov-commenter commented Jul 11, 2023
edited
Loading

Codecov Report

Merging #3147 (e06cb52) into main (e82d7ea) will increase coverage by 0.22%.
The diff coverage is 60.71%.

@@            Coverage Diff             @@
##             main    #3147      +/-   ##
==========================================
+ Coverage   81.19%   81.41%   +0.22%     
==========================================
  Files         716      716              
  Lines       11086    11114      +28     
  Branches     1488     1495       +7     
==========================================
+ Hits         9001     9049      +48     
+ Misses       1694     1679      -15     
+ Partials      391      386       -5
Flag Coverage Δ
longtests 80.88% <60.71%> (+5.33%) ⬆️
win-longtests 79.17% <60.71%> (+0.07%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed Coverage Δ
cve_bin_tool/cvedb.py 61.96% <60.71%> (-0.07%) ⬇️

... and 5 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

anthonyharrison
anthonyharrison requested changes Jul 11, 2023
View reviewed changes
cve_bin_tool/cvedb.py Outdated
insert_cve_metrics,
[
cve["ID"],
cve["CVSS_version"],
Copy link
Contributor

@anthonyharrison anthonyharrison Jul 11, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The second parameter of the cve_metrics table should be referencing the name of the metric in the metrics table and not be the metric name

For a CVSS-3 CVE, we should have CVE_number, 3, score, vector where 3 is the INDEX of the CVSS-3 string in the metrics table (note that the value 3 should be obtained from the metrics table and not hard-coded)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok sure, I will update it.

anthonyharrison
anthonyharrison requested changes Jul 12, 2023
View reviewed changes
cve_bin_tool/cvedb.py Outdated

for cve in severity_data:
try:
if cve["CVSS_version"] == 2:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The value of the metric variable should be obtained from the metric table and should be the index and not the string.

So the code should be metric_value = find_metric(metric)

where find_metric is a function taking the metric string as a parameter. The find_metric function will then find the string in the metric table and return the index or an error value indicating that it hasn't been found.

@terriko
Copy link
Contributor

terriko commented Jul 12, 2023

I did a quick merge conflict resolution through the web interface for cvedb.py. if you plan to do updates you might need to rebase your local branch and resolve the same conflict (or just grab the branch from here)

terriko
terriko requested changes Jul 12, 2023
View reviewed changes
Copy link
Contributor

@terriko terriko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Getting a flake8 error:

cve_bin_tool/cvedb.py:491:9: F841 local variable 'del_cve_range' is assigned to but never used

I believe that could be related to the merge conflict resolution I tried earlier, but I'm not 100% sure. I'll leave it to you to look at more closely and resolve.

@Rexbeast2 Rexbeast2 changed the title feat: Pop cvss feat: Populate cvss Jul 17, 2023
terriko
terriko requested changes Jul 17, 2023
View reviewed changes
Copy link
Contributor

@terriko terriko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like there's a merge conflict you'll need to resolve before the tests can run.

@Rexbeast2
Copy link
Contributor Author

@terriko I am working on it.

@terriko
Copy link
Contributor

terriko commented Jul 20, 2023

Updating to main to fix broken tests. the cache is also correctly updated now which should reduce the timeout risk on windows.

@Rexbeast2 Rexbeast2 mentioned this pull request Jul 22, 2023
Merged
terriko
terriko approved these changes Jul 26, 2023
View reviewed changes
Copy link
Contributor

@terriko terriko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like @anthonyharrison 's comments were resolved and tests are passing, so I'm going to go ahead and merge this now. Thanks!

@terriko terriko merged commit e2d1ef7 into intel:main Jul 26, 2023
21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anthonyharrison anthonyharrison anthonyharrison requested changes

@terriko terriko terriko approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Feat: Adding CVSS data to cve_metrics table
4 participants
@Rexbeast2 @codecov-commenter @terriko @anthonyharrison