Update Apache_httpd importer from XML to JSON Advisory#425
Update Apache_httpd importer from XML to JSON Advisory#425sbs2001 merged 18 commits intoaboutcode-org:mainfrom
Conversation
Sync Forked repo
Signed-off-by: AmitGupta7580 <amitgupta758000@gmail.com>
Signed-off-by: AmitGupta7580 <amitgupta758000@gmail.com>
Signed-off-by: AmitGupta7580 <amitgupta758000@gmail.com>
sbs2001
left a comment
sbs2001
left a comment
There was a problem hiding this comment.
Thanks, this looks good to be merged with minor changes I suggested
| def to_advisory(self, data): | ||
| cve = data["CVE_data_meta"]["ID"] | ||
| description = data["description"]["description_data"] | ||
| summary = next((item["value"] for item in description if item["lang"] == "eng"), "") |
There was a problem hiding this comment.
Using next here is a little cryptic. Would there be a more readable and explicit way to do this?
I reckon that description has this shape (and are you sure this is always present?):
"description": {
"description_data": [
{
"lang": "eng",
"value": "For configurations using proxying...."
}
]
}so what about this?
descriptions = data.get("description", {}).get("description_data", [])
description = None
for desc in descriptions:
if desc.get("lang") == "eng":
description = desc.get("value")
break
There was a problem hiding this comment.
description is always present, @AmitGupta7580 checked it.
Signed-off-by: AmitGupta7580 <amitgupta758000@gmail.com>
sbs2001
left a comment
sbs2001
left a comment
There was a problem hiding this comment.
I guess this needs to rebased and refactored according to new model (which would 1-2 line changes IMHO) See the new importer now for reference
… model Signed-off-by: AmitGupta7580 <amitgupta758000@gmail.com>
|
Done 👍 |
…versions of Apache-httpd from Github API Signed-off-by: AmitGupta7580 <amitgupta758000@gmail.com>
sbs2001
left a comment
sbs2001
left a comment
There was a problem hiding this comment.
@AmitGupta7580 thanks, this looks good with minor changes.
|
|
||
| def to_advisory(self, data): | ||
| cve = data["CVE_data_meta"]["ID"] | ||
| descriptions = data.get("description", {}).get("description_data", []) |
There was a problem hiding this comment.
Just curious, does this cascade all the way down. Could you point me to an example where descriptions == [] .
There was a problem hiding this comment.
No, currently there is no example where descriptions == [].
I ran this code but got nothing.
descriptions = data.get("description", {}).get("description_data", [])
if len(descriptions) == 0:
print("empty descriptions : {}".format(cve))
description = None
for desc in descriptions:
if desc.get("lang") == "eng":
description = desc.get("value")
else:
print("other language : {}".format(cve))There was a problem hiding this comment.
This is too defensive then, may mask issues, ideally we want to fail loudly.
Does descriptions = data["description"]["description_data"] work ? If yes then use that, otherwise try
descriptions = data["description"].get("description_data", [])
| descriptions = data.get("description", {}).get("description_data", []) | ||
| description = None | ||
| for desc in descriptions: | ||
| if desc.get("lang") == "eng": |
There was a problem hiding this comment.
When does this condition not get satisifed, ie does desc.get("lang") == None happen ?
There was a problem hiding this comment.
I'm guessing that desc.get("lang") is never None ("lang" key is always present in desc) . If yes then use if desc["lang"] == "eng" : .....
| for info in issue: | ||
| if info.tag == "cve": | ||
| cve = info.attrib["name"] | ||
| versions = [] |
There was a problem hiding this comment.
This name is misleading because really, it stores some version related data (which includes ranges and such).
Maybe rename this to version_data
| ) | ||
|
|
||
| return advisories | ||
| def to_version_ranges(self, versions): |
…ode format Signed-off-by: AmitGupta7580 <amitgupta758000@gmail.com>
|
|
||
| def to_advisory(self, data): | ||
| cve = data["CVE_data_meta"]["ID"] | ||
| descriptions = data.get("description", {}).get("description_data", []) |
There was a problem hiding this comment.
This is too defensive then, may mask issues, ideally we want to fail loudly.
Does descriptions = data["description"]["description_data"] work ? If yes then use that, otherwise try
descriptions = data["description"].get("description_data", [])
| descriptions = data.get("description", {}).get("description_data", []) | ||
| description = None | ||
| for desc in descriptions: | ||
| if desc.get("lang") == "eng": |
There was a problem hiding this comment.
I'm guessing that desc.get("lang") is never None ("lang" key is always present in desc) . If yes then use if desc["lang"] == "eng" : .....
| impacts = data.get("impact", []) | ||
| for impact in impacts: | ||
| value = impact.get("other") | ||
| if value is not None: |
There was a problem hiding this comment.
Use if value: instead, they are the same but concise and easy to read.
Signed-off-by: AmitGupta7580 <amitgupta758000@gmail.com>
| if create_etag(data_src=self, url=self.url, etag_key="ETag"): | ||
| data = fetch_xml(self.url) | ||
| advisories = to_advisories(data) | ||
| if create_etag(data_src=self, url=self.base_url, etag_key="ETag"): |
There was a problem hiding this comment.
This isn't valid now because the provided endpoint doesn't provide etags in the headers. Remove this if statement and the emtpy list return below
There was a problem hiding this comment.
Also the comments related to etags
Signed-off-by: AmitGupta7580 <amitgupta758000@gmail.com>
| from vulnerabilities.data_source import VulnerabilitySeverity | ||
| from vulnerabilities.package_managers import GitHubTagsAPI | ||
| from vulnerabilities.severity_systems import scoring_systems | ||
| from vulnerabilities.helpers import create_etag |
There was a problem hiding this comment.
Nit this isn't used anymore
|
@AmitGupta7580 I'm squashing the commits and merging it, consider squashing from your side next time . |
3 participants
Resolve #423
Tasks :