diff --git a/pyproject.toml b/pyproject.toml index cf17bd4fe..adabcdceb 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -74,11 +74,19 @@ addopts = [ line-length = 100 include = '\.pyi?$' skip_gitignore = true -extend-exclude = "migrations|data|venv" +# 'extend-exclude' excludes files or directories in addition to the defaults +extend-exclude = ''' +( + ^/venv/.* + | ^/vulnerabilities/migrations/.* + | ^/vulnerabilities/tests/test_data/.* +) +''' + [tool.isort] profile = "black" line_length = 100 force_single_line = true skip_gitignore = true -skip_glob = "*/migrations/*" +skip_glob = "vulnerabilities/migrations/*" diff --git a/setup.cfg b/setup.cfg index 58bb94765..86c0f3f54 100644 --- a/setup.cfg +++ b/setup.cfg @@ -83,6 +83,7 @@ install_requires = defusedxml>=0.7.1 Markdown>=3.3.0 dateparser>=1.1.1 + cvss>=2.4 # networking GitPython>=3.1.17 diff --git a/vulnerabilities/api.py b/vulnerabilities/api.py index ddac03016..85d62bafb 100644 --- a/vulnerabilities/api.py +++ b/vulnerabilities/api.py @@ -29,7 +29,7 @@ class VulnerabilitySeveritySerializer(serializers.ModelSerializer): class Meta: model = VulnerabilitySeverity - fields = ["value", "scoring_system"] + fields = ["value", "scoring_system", "scoring_elements"] class VulnerabilityReferenceSerializer(serializers.ModelSerializer): diff --git a/vulnerabilities/importer.py b/vulnerabilities/importer.py index 94fc637ac..e0d8b5ab4 100644 --- a/vulnerabilities/importer.py +++ b/vulnerabilities/importer.py @@ -46,13 +46,16 @@ @dataclasses.dataclass(order=True) class VulnerabilitySeverity: + # FIXME: this should be named scoring_system, like in the model system: ScoringSystem value: str + scoring_elements: str = "" def to_dict(self): return { "system": self.system.identifier, "value": self.value, + "scoring_elements": self.scoring_elements, } @classmethod @@ -61,7 +64,11 @@ def from_dict(cls, severity: dict): Return a VulnerabilitySeverity object from a ``severity`` mapping of VulnerabilitySeverity data. """ - return cls(system=SCORING_SYSTEMS[severity["system"]], value=severity["value"]) + return cls( + system=SCORING_SYSTEMS[severity["system"]], + value=severity["value"], + scoring_elements=severity.get("scoring_elements", ""), + ) @dataclasses.dataclass(order=True) @@ -426,15 +433,13 @@ def get_data_from_xml_doc( # connected/linked to an OvalDefinition vuln_id = definition_data["vuln_id"] description = definition_data["description"] - severities = ( - [ - VulnerabilitySeverity( - system=severity_systems.GENERIC, value=definition_data.get("severity") - ) - ] - if definition_data.get("severity") - else [] - ) + + severities = [] + severity = definition_data.get("severity") + if severity: + severities.append( + VulnerabilitySeverity(system=severity_systems.GENERIC, value=severity) + ) references = [ Reference(url=url, severities=severities) for url in definition_data["reference_urls"] diff --git a/vulnerabilities/importers/nvd.py b/vulnerabilities/importers/nvd.py index be78aa56e..aeaf4afde 100644 --- a/vulnerabilities/importers/nvd.py +++ b/vulnerabilities/importers/nvd.py @@ -167,12 +167,7 @@ def severities(self): vs = VulnerabilitySeverity( system=severity_systems.CVSSV3, value=str(cvss_v3.get("baseScore") or ""), - ) - severities.append(vs) - - vs = VulnerabilitySeverity( - system=severity_systems.CVSSV3_VECTOR, - value=str(cvss_v3.get("vectorString") or ""), + scoring_elements=str(cvss_v3.get("vectorString") or ""), ) severities.append(vs) @@ -182,12 +177,7 @@ def severities(self): vs = VulnerabilitySeverity( system=severity_systems.CVSSV2, value=str(cvss_v2.get("baseScore") or ""), - ) - severities.append(vs) - - vs = VulnerabilitySeverity( - system=severity_systems.CVSSV2_VECTOR, - value=str(cvss_v2.get("vectorString") or ""), + scoring_elements=str(cvss_v2.get("vectorString") or ""), ) severities.append(vs) diff --git a/vulnerabilities/importers/osv.py b/vulnerabilities/importers/osv.py index 84c95a49a..c4ee58685 100644 --- a/vulnerabilities/importers/osv.py +++ b/vulnerabilities/importers/osv.py @@ -115,10 +115,10 @@ def get_severities(raw_data) -> Iterable[VulnerabilitySeverity]: """ for severity in raw_data.get("severity") or []: if severity.get("type") == "CVSS_V3": - yield VulnerabilitySeverity( - system=SCORING_SYSTEMS["cvssv3.1_vector"], - value=severity["score"], - ) + vector = severity["score"] + system = SCORING_SYSTEMS["cvssv3.1"] + score = system.compute(vector) + yield VulnerabilitySeverity(system=system, value=score, scoring_elements=vector) else: logger.error(f"Unsupported severity type: {severity!r} for OSV id: {raw_data['id']!r}") diff --git a/vulnerabilities/importers/postgresql.py b/vulnerabilities/importers/postgresql.py index edc85e464..47e41dad1 100644 --- a/vulnerabilities/importers/postgresql.py +++ b/vulnerabilities/importers/postgresql.py @@ -95,16 +95,12 @@ def to_advisories(data): parsed_link = urlparse.urlparse(vector_link_tag["href"]) cvss3_vector = urlparse.parse_qs(parsed_link.query)["vector"] cvss3_base_score = vector_link_tag.text - severities.extend( - [ - VulnerabilitySeverity( - system=severity_systems.CVSSV3, value=cvss3_base_score - ), - VulnerabilitySeverity( - system=severity_systems.CVSSV3_VECTOR, value=cvss3_vector - ), - ] + severity = VulnerabilitySeverity( + system=severity_systems.CVSSV3, + value=cvss3_base_score, + scoring_elements=cvss3_vector, ) + severities.append(severity) references.append(Reference(url=link, severities=severities)) advisories.append( diff --git a/vulnerabilities/importers/redhat.py b/vulnerabilities/importers/redhat.py index 2e19a7399..967f0dc38 100644 --- a/vulnerabilities/importers/redhat.py +++ b/vulnerabilities/importers/redhat.py @@ -28,10 +28,11 @@ logger = logging.getLogger(__name__) +# FIXME: we should use a centralized retry requests_session = requests_with_5xx_retry(max_retries=5, backoff_factor=1) -def fetch_list_of_cves() -> Iterable[List[Dict]]: +def fetch_cves() -> Iterable[List[Dict]]: page_no = 1 cve_data = None while True: @@ -39,11 +40,11 @@ def fetch_list_of_cves() -> Iterable[List[Dict]]: try: response = requests_session.get(current_url) if response.status_code != requests.codes.ok: - logger.error(f"Failed to fetch results from {current_url}") + logger.error(f"Failed to fetch RedHat CVE results from {current_url}") break cve_data = response.json() except Exception as e: - logger.error(f"Failed to fetch results from {current_url} {e}") + logger.error(f"Failed to fetch RedHat CVE results from {current_url} {e}") break if not cve_data: break @@ -65,8 +66,8 @@ class RedhatImporter(Importer): license_url = "https://access.redhat.com/documentation/en-us/red_hat_security_data_api/1.0/html/red_hat_security_data_api/legal-notice" def advisory_data(self) -> Iterable[AdvisoryData]: - for list_of_redhat_cves in fetch_list_of_cves(): - for redhat_cve in list_of_redhat_cves: + for redhat_cves in fetch_cves(): + for redhat_cve in redhat_cves: yield to_advisory(redhat_cve) @@ -154,20 +155,13 @@ def to_advisory(advisory_data): redhat_scores = [] cvssv3_score = advisory_data.get("cvss3_score") + cvssv3_vector = advisory_data.get("cvss3_scoring_vector", "") if cvssv3_score: redhat_scores.append( VulnerabilitySeverity( system=severity_systems.CVSSV3, value=cvssv3_score, - ) - ) - - cvssv3_vector = advisory_data.get("cvss3_scoring_vector") - if cvssv3_vector: - redhat_scores.append( - VulnerabilitySeverity( - system=severity_systems.CVSSV3_VECTOR, - value=cvssv3_vector, + scoring_elements=cvssv3_vector, ) ) diff --git a/vulnerabilities/importers/suse_scores.py b/vulnerabilities/importers/suse_scores.py index 1fe0e32b5..16428035f 100644 --- a/vulnerabilities/importers/suse_scores.py +++ b/vulnerabilities/importers/suse_scores.py @@ -26,37 +26,26 @@ def updated_advisories(self): @staticmethod def to_advisory(score_data): + systems_by_version = { + "2.0": severity_systems.CVSSV2, + "3": severity_systems.CVSSV3, + "3.1": severity_systems.CVSSV31, + } advisories = [] + for cve_id in score_data: severities = [] for cvss_score in score_data[cve_id]["cvss"]: - score = None - vector = None - if cvss_score["version"] == "2.0": - score = VulnerabilitySeverity( - system=severity_systems.CVSSV2, value=str(cvss_score["score"]) - ) - vector = VulnerabilitySeverity( - system=severity_systems.CVSSV2_VECTOR, value=str(cvss_score["vector"]) - ) - - elif cvss_score["version"] == "3": - score = VulnerabilitySeverity( - system=severity_systems.CVSSV3, value=str(cvss_score["score"]) - ) - vector = VulnerabilitySeverity( - system=severity_systems.CVSSV3_VECTOR, value=str(cvss_score["vector"]) - ) - - elif cvss_score["version"] == "3.1": - score = VulnerabilitySeverity( - system=severity_systems.CVSSV31, value=str(cvss_score["score"]) - ) - vector = VulnerabilitySeverity( - system=severity_systems.CVSSV31_VECTOR, value=str(cvss_score["vector"]) - ) - - severities.extend([score, vector]) + cvss_version = cvss_score["version"] + scoring_system = systems_by_version[cvss_version] + base_score = str(cvss_score["score"]) + vector = str(cvss_score.get("vector", "")) + score = VulnerabilitySeverity( + system=scoring_system, + value=base_score, + scoring_elements=vector, + ) + severities.append(score) advisories.append( AdvisoryData( diff --git a/vulnerabilities/improve_runner.py b/vulnerabilities/improve_runner.py index af5a84908..d3831c26b 100644 --- a/vulnerabilities/improve_runner.py +++ b/vulnerabilities/improve_runner.py @@ -102,10 +102,16 @@ def process_inferences(inferences: List[Inference], advisory: Advisory, improver _vs, updated = VulnerabilitySeverity.objects.update_or_create( scoring_system=severity.system.identifier, reference=reference, - defaults={"value": str(severity.value)}, + defaults={ + "value": str(severity.value), + "scoring_elements": str(severity.scoring_elements), + }, ) if updated: - logger.info(f"Severity updated for reference {ref!r} to {severity.value!r}") + logger.info( + f"Severity updated for reference {ref!r} to value: {severity.value!r} " + f"and scoring_elements: {severity.scoring_elements!r}" + ) for affected_purl in inference.affected_purls or []: vulnerable_package = Package.objects.get_or_create_from_purl(purl=affected_purl) diff --git a/vulnerabilities/management/commands/import.py b/vulnerabilities/management/commands/import.py index 386cbbcae..77ae5b6a6 100644 --- a/vulnerabilities/management/commands/import.py +++ b/vulnerabilities/management/commands/import.py @@ -34,7 +34,7 @@ def handle(self, *args, **options): return if options["all"]: - self.import_data(IMPORTERS_REGISTRY.values()) + self.import_data(importers=IMPORTERS_REGISTRY.values()) return sources = options["sources"] @@ -44,9 +44,8 @@ def handle(self, *args, **options): self.import_data(validate_importers(sources)) def list_sources(self): - importers = list(IMPORTERS_REGISTRY) self.stdout.write("Vulnerability data can be imported from the following importers:") - self.stdout.write("\n".join(importers)) + self.stdout.write("\n".join(IMPORTERS_REGISTRY)) def import_data(self, importers): """ diff --git a/vulnerabilities/migrations/0031_vulnerabilityseverity_scoring_elements.py b/vulnerabilities/migrations/0031_vulnerabilityseverity_scoring_elements.py new file mode 100644 index 000000000..acc8a7706 --- /dev/null +++ b/vulnerabilities/migrations/0031_vulnerabilityseverity_scoring_elements.py @@ -0,0 +1,20 @@ +# Generated by Django 4.0.7 on 2022-09-22 21:25 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('vulnerabilities', '0030_alter_vulnerabilityseverity_scoring_system'), + ] + + operations = [ + migrations.AddField( + model_name='vulnerabilityseverity', + name='scoring_elements', + field=models.CharField(help_text='Supporting scoring elements used to compute the score values. For example a CVSS vector string as used to compute a CVSS score.', max_length=150, null=True), + ), + ] + + diff --git a/vulnerabilities/migrations/0032_vulnerabilityseverity_merge_cvss_score_and_vector.py b/vulnerabilities/migrations/0032_vulnerabilityseverity_merge_cvss_score_and_vector.py new file mode 100644 index 000000000..627160acb --- /dev/null +++ b/vulnerabilities/migrations/0032_vulnerabilityseverity_merge_cvss_score_and_vector.py @@ -0,0 +1,134 @@ +from django.db import migrations + +from vulnerabilities.severity_systems import SCORING_SYSTEMS + +""" +This migration fixes the CVSS severity scores. + +The starting point is that we have two VulnerabilitySeverity records for +each CVSS scores: + +- one record with numeric score value and a "cvssv2/v3" system +- a second record with a CVSS vector and a "cvssv2/v3_vector" system; + +The migration merges the two records where the CVSS vector becomes the scoring +element of the score value, and removes the extra record. + +In the odd cases where we have no a pair of records we use a best effort to fix +the data. +""" + + +def merge_cvss_score_and_vector_severities(apps, _): + """ + Merge CVSS score and vector VulnerabilitySeverity and remove the + cvssv*_vector severities after merging. + """ + cvss_systems = [ + "cvssv2", + "cvssv3", + "cvssv3.1", + ] + + cvss_vector_systems = [ + "cvssv2_vector", + "cvssv3_vector", + "cvssv3.1_vector", + ] + + all_cvss_systems = cvss_systems + cvss_vector_systems + + VulnerabilitySeverity = apps.get_model("vulnerabilities", "VulnerabilitySeverity") + + updated_severities_to_save = {} + redundant_severity_ids_to_delete = set() + + for severity in VulnerabilitySeverity.objects.filter(scoring_system__in=all_cvss_systems): + process_severity(severity, updated_severities_to_save, redundant_severity_ids_to_delete) + + # finally batch update and delete + + # batch delete the collected vecto severity ids + deleted, _ = VulnerabilitySeverity.objects.filter( + id__in=redundant_severity_ids_to_delete + ).delete() + print(f"Deleted {deleted} CVSS VulnerabilitySeverity") + + # update in bulk, 1000 at a time + updated = VulnerabilitySeverity.objects.bulk_update( + objs=updated_severities_to_save.values(), + fields=[ + "scoring_system", + "scoring_elements", + "value", + ], + batch_size=1000, + ) + print(f"Updated {updated} CVSS VulnerabilitySeverity") + + leftover_vectors = VulnerabilitySeverity.objects.filter( + scoring_system__in=cvss_vector_systems + ).count() + if leftover_vectors: + print(f"ERRROR!!!! {leftover_vectors} CVSS vector VulnerabilitySeverity left") + for leftover in VulnerabilitySeverity.objects.filter( + scoring_system__in=cvss_vector_systems + ): + print(leftover) + + +def process_severity(severity, updated_severities_to_save, redundant_severity_ids_to_delete): + """ + Add ``severity`` to the ``updated_severities_to_save`` mapping and update the + ``redundant_severity_ids_to_delete`` set of redundant severities as needed. + If ``severity`` already exists keep one record merging the data + and treat as deletable the other record. + """ + if not severity.value or not severity.value.strip(): + redundant_severity_ids_to_delete.add(severity.pk) + return + + # convert scoring system to non vector + # >>> "cvssv2_vector".partition("_vector") + # ('cvssv2', '_vector', '') + # >>> "cvssv2".partition("_vector") + # ('cvssv2', '', '') + scoring_system, is_vector, _ = severity.scoring_system.partition("_vector") + if is_vector: + # compute score and move vector to scoring_elements + severity.scoring_system = scoring_system + vector = severity.value + severity.scoring_elements = vector + severity.value = SCORING_SYSTEMS[scoring_system].compute(vector) + + # Build a unique hashable key for a severity to keep track of duplicates + # The VulnerabilitySeverity model unique_together is: + # ["reference", "scoring_system", "value"] + key = ( + severity.reference.pk, + severity.scoring_system, + severity.value, + ) + + existing = updated_severities_to_save.get(key) + + if not existing: + # keep instance for bulk update + updated_severities_to_save[key] = severity + + else: + # merge/update existing with vector if + if not existing.scoring_elements and severity.scoring_elements: + existing.scoring_elements = severity.scoring_elements + # keep id for bulk deletion + redundant_severity_ids_to_delete.add(severity.pk) + + +class Migration(migrations.Migration): + dependencies = [ + ("vulnerabilities", "0031_vulnerabilityseverity_scoring_elements"), + ] + + operations = [ + migrations.RunPython(merge_cvss_score_and_vector_severities, migrations.RunPython.noop), + ] diff --git a/vulnerabilities/migrations/0033_alter_vulnerabilityseverity_scoring_system.py b/vulnerabilities/migrations/0033_alter_vulnerabilityseverity_scoring_system.py new file mode 100644 index 000000000..d986856ec --- /dev/null +++ b/vulnerabilities/migrations/0033_alter_vulnerabilityseverity_scoring_system.py @@ -0,0 +1,33 @@ +# Generated by Django 4.0.7 on 2022-11-13 21:12 + +from django.db import migrations +from django.db import models + + +class Migration(migrations.Migration): + + dependencies = [ + ("vulnerabilities", "0032_vulnerabilityseverity_merge_cvss_score_and_vector"), + ] + + operations = [ + migrations.AlterField( + model_name="vulnerabilityseverity", + name="scoring_system", + field=models.CharField( + choices=[ + ("cvssv2", "CVSSv2 Base Score"), + ("cvssv3", "CVSSv3 Base Score"), + ("cvssv3.1", "CVSSv3.1 Base Score"), + ("rhbs", "RedHat Bugzilla severity"), + ("rhas", "RedHat Aggregate severity"), + ("archlinux", "Archlinux Vulnerability Group Severity"), + ("cvssv3.1_qr", "CVSSv3.1 Qualitative Severity Rating"), + ("generic_textual", "Generic textual severity rating"), + ("apache_httpd", "Apache Httpd Severity"), + ], + help_text="Identifier for the scoring system used. Available choices are: cvssv2: CVSSv2 Base Score,\ncvssv3: CVSSv3 Base Score,\ncvssv3.1: CVSSv3.1 Base Score,\nrhbs: RedHat Bugzilla severity,\nrhas: RedHat Aggregate severity,\narchlinux: Archlinux Vulnerability Group Severity,\ncvssv3.1_qr: CVSSv3.1 Qualitative Severity Rating,\ngeneric_textual: Generic textual severity rating,\napache_httpd: Apache Httpd Severity ", + max_length=50, + ), + ), + ] diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py index d07b6c2a8..709561ad1 100644 --- a/vulnerabilities/models.py +++ b/vulnerabilities/models.py @@ -661,6 +661,13 @@ class VulnerabilitySeverity(models.Model): value = models.CharField(max_length=50, help_text="Example: 9.0, Important, High") + scoring_elements = models.CharField( + max_length=150, + null=True, + help_text="Supporting scoring elements used to compute the score values. " + "For example a CVSS vector string as used to compute a CVSS score.", + ) + class Meta: unique_together = ["reference", "scoring_system", "value"] ordering = ["reference", "scoring_system", "value"] diff --git a/vulnerabilities/severity_systems.py b/vulnerabilities/severity_systems.py index dfc6412ab..2bf27de98 100644 --- a/vulnerabilities/severity_systems.py +++ b/vulnerabilities/severity_systems.py @@ -9,6 +9,9 @@ import dataclasses +from cvss import CVSS2 +from cvss import CVSS3 + """ Vulnerability scoring systems define scales, values and approach to score a vulnerability severity. @@ -17,7 +20,6 @@ @dataclasses.dataclass(order=True) class ScoringSystem: - # a short identifier for the scoring system. identifier: str # a name which represents the scoring system such as `RedHat bug severity`. @@ -28,58 +30,60 @@ class ScoringSystem: # notes about that scoring system notes: str = "" - def as_score(self, value): + def compute(self, scoring_elements: str) -> str: """ - Return a normalized numeric score for this scoring system given a raw - value. For instance this can be used to convert a CVSS vector to a base - score. + Return a normalized numeric score as a string for this scoring system + given a ``scoring_elements`` string value. """ - raise NotImplementedError + return NotImplementedError + +@dataclasses.dataclass(order=True) +class Cvssv2ScoringSystem(ScoringSystem): + def compute(self, scoring_elements: str) -> str: + """ + Return a CVSSv2 base score. -CVSSV2 = ScoringSystem( + >>> CVSSV2.compute("AV:L/AC:L/Au:M/C:N/I:P/A:C/E:U/RL:W/RC:ND/CDP:L/TD:H/CR:ND/IR:ND/AR:M") + '5.0' + """ + return str(CVSS2(vector=scoring_elements).base_score) + + +CVSSV2 = Cvssv2ScoringSystem( identifier="cvssv2", name="CVSSv2 Base Score", url="https://www.first.org/cvss/v2/", - notes="cvssv2 base score", + notes="CVSSv2 base score and vector", ) -CVSSV2_VECTOR = ScoringSystem( - identifier="cvssv2_vector", - name="CVSSv2 Vector", - url="https://www.first.org/cvss/v2/", - notes="cvssv2 vector, used to get additional info about " - "nature and severity of vulnerability", -) -CVSSV3 = ScoringSystem( +@dataclasses.dataclass(order=True) +class Cvssv3ScoringSystem(ScoringSystem): + def compute(self, scoring_elements: str) -> str: + """ + Return a CVSSv3 or CVSSv3.1 base score. + + >>> CVSSV3.compute("CVSS:3.0/S:C/C:H/I:H/A:N/AV:P/AC:H/PR:H/UI:R/E:H/RL:O/RC:R/CR:H/IR:X/AR:X/MAC:H/MPR:X/MUI:X/MC:L/MA:X") + '6.5' + >>> CVSSV31.compute("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H") + '8.6' + """ + return str(CVSS3(vector=scoring_elements).base_score) + + +CVSSV3 = Cvssv3ScoringSystem( identifier="cvssv3", name="CVSSv3 Base Score", url="https://www.first.org/cvss/v3-0/", - notes="cvssv3 base score", + notes="CVSSv3 base score and vector", ) -CVSSV3_VECTOR = ScoringSystem( - identifier="cvssv3_vector", - name="CVSSv3 Vector", - url="https://www.first.org/cvss/v3-0/", - notes="cvssv3 vector, used to get additional info about " - "nature and severity of vulnerability", -) - -CVSSV31 = ScoringSystem( +CVSSV31 = Cvssv3ScoringSystem( identifier="cvssv3.1", name="CVSSv3.1 Base Score", url="https://www.first.org/cvss/v3-1/", - notes="cvssv3.1 base score", -) - -CVSSV31_VECTOR = ScoringSystem( - identifier="cvssv3.1_vector", - name="CVSSv3.1 Vector", - url="https://www.first.org/cvss/v3-1/", - notes="cvssv3.1 vector, used to get additional info about " - "nature and severity of vulnerability", + notes="CVSSv3.1 base score and vector", ) REDHAT_BUGZILLA = ScoringSystem( @@ -125,11 +129,8 @@ def as_score(self, value): system.identifier: system for system in ( CVSSV2, - CVSSV2_VECTOR, CVSSV3, - CVSSV3_VECTOR, CVSSV31, - CVSSV31_VECTOR, REDHAT_BUGZILLA, REDHAT_AGGREGATE, ARCHLINUX, diff --git a/vulnerabilities/tests/conftest.py b/vulnerabilities/tests/conftest.py index 89ea8594c..0bd79aabd 100644 --- a/vulnerabilities/tests/conftest.py +++ b/vulnerabilities/tests/conftest.py @@ -31,7 +31,6 @@ def no_rmtree(monkeypatch): "test_api.py", "test_elixir_security.py", "test_gentoo.py", - "test_importer_yielder.py", "test_istio.py", "test_models.py", "test_mozilla.py", diff --git a/vulnerabilities/tests/test_data/archlinux/archlinux-multi-expected.json b/vulnerabilities/tests/test_data/archlinux/archlinux-multi-expected.json index 6ead1f6d7..b5319a893 100644 --- a/vulnerabilities/tests/test_data/archlinux/archlinux-multi-expected.json +++ b/vulnerabilities/tests/test_data/archlinux/archlinux-multi-expected.json @@ -25,7 +25,8 @@ "severities": [ { "system": "archlinux", - "value": "Unknown" + "value": "Unknown", + "scoring_elements": "" } ] } @@ -58,7 +59,8 @@ "severities": [ { "system": "archlinux", - "value": "Unknown" + "value": "Unknown", + "scoring_elements": "" } ] } @@ -91,7 +93,8 @@ "severities": [ { "system": "archlinux", - "value": "Unknown" + "value": "Unknown", + "scoring_elements": "" } ] } @@ -124,7 +127,8 @@ "severities": [ { "system": "archlinux", - "value": "Unknown" + "value": "Unknown", + "scoring_elements": "" } ] } @@ -157,7 +161,8 @@ "severities": [ { "system": "archlinux", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] }, diff --git a/vulnerabilities/tests/test_data/archlinux/parse-advisory-archlinux-expected.json b/vulnerabilities/tests/test_data/archlinux/parse-advisory-archlinux-expected.json index 12d7ad947..0b601d268 100644 --- a/vulnerabilities/tests/test_data/archlinux/parse-advisory-archlinux-expected.json +++ b/vulnerabilities/tests/test_data/archlinux/parse-advisory-archlinux-expected.json @@ -25,7 +25,8 @@ "severities": [ { "system": "archlinux", - "value": "Unknown" + "value": "Unknown", + "scoring_elements": "" } ] } diff --git a/vulnerabilities/tests/test_data/default_improver/nvd-expected.json b/vulnerabilities/tests/test_data/default_improver/nvd-expected.json index 26d889b3f..2253a0959 100644 --- a/vulnerabilities/tests/test_data/default_improver/nvd-expected.json +++ b/vulnerabilities/tests/test_data/default_improver/nvd-expected.json @@ -20,7 +20,8 @@ "severities": [ { "system": "cvssv3.1", - "value": "HIGH" + "value": "HIGH", + "scoring_elements": "" } ] } diff --git a/vulnerabilities/tests/test_data/example/parse_advisory_data-expected.json b/vulnerabilities/tests/test_data/example/parse_advisory_data-expected.json index 804742f2d..8f0a240c0 100644 --- a/vulnerabilities/tests/test_data/example/parse_advisory_data-expected.json +++ b/vulnerabilities/tests/test_data/example/parse_advisory_data-expected.json @@ -24,7 +24,8 @@ "severities": [ { "system": "generic_textual", - "value": "high" + "value": "high", + "scoring_elements": "" } ] } diff --git a/vulnerabilities/tests/test_data/github_api/composer-expected.json b/vulnerabilities/tests/test_data/github_api/composer-expected.json index bb33f3d76..e61839a10 100644 --- a/vulnerabilities/tests/test_data/github_api/composer-expected.json +++ b/vulnerabilities/tests/test_data/github_api/composer-expected.json @@ -41,7 +41,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "MODERATE" + "value": "MODERATE", + "scoring_elements": "" } ] } @@ -90,7 +91,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "MODERATE" + "value": "MODERATE", + "scoring_elements": "" } ] } @@ -139,7 +141,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "HIGH" + "value": "HIGH", + "scoring_elements": "" } ] } @@ -193,7 +196,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "MODERATE" + "value": "MODERATE", + "scoring_elements": "" } ] } diff --git a/vulnerabilities/tests/test_data/github_api/gem-expected.json b/vulnerabilities/tests/test_data/github_api/gem-expected.json index d5aee434b..6aa1cf1fe 100644 --- a/vulnerabilities/tests/test_data/github_api/gem-expected.json +++ b/vulnerabilities/tests/test_data/github_api/gem-expected.json @@ -31,7 +31,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "MODERATE" + "value": "MODERATE", + "scoring_elements": "" } ] }, @@ -130,7 +131,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "HIGH" + "value": "HIGH", + "scoring_elements": "" } ] } @@ -184,7 +186,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "HIGH" + "value": "HIGH", + "scoring_elements": "" } ] } @@ -238,7 +241,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "HIGH" + "value": "HIGH", + "scoring_elements": "" } ] } @@ -292,7 +296,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "HIGH" + "value": "HIGH", + "scoring_elements": "" } ] } diff --git a/vulnerabilities/tests/test_data/github_api/golang-expected.json b/vulnerabilities/tests/test_data/github_api/golang-expected.json index f4bbfd396..f5481a101 100644 --- a/vulnerabilities/tests/test_data/github_api/golang-expected.json +++ b/vulnerabilities/tests/test_data/github_api/golang-expected.json @@ -56,7 +56,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "HIGH" + "value": "HIGH", + "scoring_elements": "" } ] } @@ -120,7 +121,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "HIGH" + "value": "HIGH", + "scoring_elements": "" } ] } @@ -154,7 +156,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "HIGH" + "value": "HIGH", + "scoring_elements": "" } ] }, @@ -169,7 +172,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "HIGH" + "value": "HIGH", + "scoring_elements": "" } ] } diff --git a/vulnerabilities/tests/test_data/github_api/inference-expected.json b/vulnerabilities/tests/test_data/github_api/inference-expected.json index fafbc1499..df59ba809 100644 --- a/vulnerabilities/tests/test_data/github_api/inference-expected.json +++ b/vulnerabilities/tests/test_data/github_api/inference-expected.json @@ -212,7 +212,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "HIGH" + "value": "HIGH", + "scoring_elements": "" } ] } @@ -415,7 +416,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "HIGH" + "value": "HIGH", + "scoring_elements": "" } ] } diff --git a/vulnerabilities/tests/test_data/github_api/maven-expected.json b/vulnerabilities/tests/test_data/github_api/maven-expected.json index ca45ae433..fff466213 100644 --- a/vulnerabilities/tests/test_data/github_api/maven-expected.json +++ b/vulnerabilities/tests/test_data/github_api/maven-expected.json @@ -26,7 +26,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "MODERATE" + "value": "MODERATE", + "scoring_elements": "" } ] } @@ -60,7 +61,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "HIGH" + "value": "HIGH", + "scoring_elements": "" } ] } @@ -94,7 +96,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "LOW" + "value": "LOW", + "scoring_elements": "" } ] } @@ -128,7 +131,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "MODERATE" + "value": "MODERATE", + "scoring_elements": "" } ] } @@ -162,7 +166,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "LOW" + "value": "LOW", + "scoring_elements": "" } ] } diff --git a/vulnerabilities/tests/test_data/github_api/nuget-expected.json b/vulnerabilities/tests/test_data/github_api/nuget-expected.json index fa3df350a..187ad0994 100644 --- a/vulnerabilities/tests/test_data/github_api/nuget-expected.json +++ b/vulnerabilities/tests/test_data/github_api/nuget-expected.json @@ -36,7 +36,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "MODERATE" + "value": "MODERATE", + "scoring_elements": "" } ] } @@ -80,7 +81,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "MODERATE" + "value": "MODERATE", + "scoring_elements": "" } ] } @@ -114,7 +116,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "HIGH" + "value": "HIGH", + "scoring_elements": "" } ] }, @@ -124,7 +127,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "HIGH" + "value": "HIGH", + "scoring_elements": "" } ] } @@ -168,7 +172,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "MODERATE" + "value": "MODERATE", + "scoring_elements": "" } ] } diff --git a/vulnerabilities/tests/test_data/github_api/pypi-expected.json b/vulnerabilities/tests/test_data/github_api/pypi-expected.json index 6469325eb..36053c3e2 100644 --- a/vulnerabilities/tests/test_data/github_api/pypi-expected.json +++ b/vulnerabilities/tests/test_data/github_api/pypi-expected.json @@ -35,7 +35,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "LOW" + "value": "LOW", + "scoring_elements": "" } ] } @@ -99,7 +100,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "CRITICAL" + "value": "CRITICAL", + "scoring_elements": "" } ] } @@ -148,7 +150,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "MODERATE" + "value": "MODERATE", + "scoring_elements": "" } ] } @@ -182,7 +185,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "MODERATE" + "value": "MODERATE", + "scoring_elements": "" } ] }, @@ -207,7 +211,8 @@ "severities": [ { "system": "cvssv3.1_qr", - "value": "MODERATE" + "value": "MODERATE", + "scoring_elements": "" } ] } diff --git a/vulnerabilities/tests/test_data/nginx/improver/improver-inferences-expected.json b/vulnerabilities/tests/test_data/nginx/improver/improver-inferences-expected.json index 4c9c74f30..1651e3758 100644 --- a/vulnerabilities/tests/test_data/nginx/improver/improver-inferences-expected.json +++ b/vulnerabilities/tests/test_data/nginx/improver/improver-inferences-expected.json @@ -1423,7 +1423,8 @@ "severities": [ { "system": "generic_textual", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, @@ -2868,7 +2869,8 @@ "severities": [ { "system": "generic_textual", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, @@ -3433,7 +3435,8 @@ "severities": [ { "system": "generic_textual", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, @@ -3988,7 +3991,8 @@ "severities": [ { "system": "generic_textual", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, diff --git a/vulnerabilities/tests/test_data/nginx/security_advisories-advisory_data-expected.json b/vulnerabilities/tests/test_data/nginx/security_advisories-advisory_data-expected.json index 3734a5529..2633df0b0 100644 --- a/vulnerabilities/tests/test_data/nginx/security_advisories-advisory_data-expected.json +++ b/vulnerabilities/tests/test_data/nginx/security_advisories-advisory_data-expected.json @@ -37,7 +37,8 @@ "severities": [ { "system": "generic_textual", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, @@ -97,7 +98,8 @@ "severities": [ { "system": "generic_textual", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, @@ -147,7 +149,8 @@ "severities": [ { "system": "generic_textual", - "value": "low" + "value": "low", + "scoring_elements": "" } ] }, @@ -197,7 +200,8 @@ "severities": [ { "system": "generic_textual", - "value": "low" + "value": "low", + "scoring_elements": "" } ] }, @@ -247,7 +251,8 @@ "severities": [ { "system": "generic_textual", - "value": "low" + "value": "low", + "scoring_elements": "" } ] }, @@ -297,7 +302,8 @@ "severities": [ { "system": "generic_textual", - "value": "low" + "value": "low", + "scoring_elements": "" } ] }, @@ -347,7 +353,8 @@ "severities": [ { "system": "generic_textual", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, @@ -407,7 +414,8 @@ "severities": [ { "system": "generic_textual", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, @@ -467,7 +475,8 @@ "severities": [ { "system": "generic_textual", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, @@ -537,7 +546,8 @@ "severities": [ { "system": "generic_textual", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, @@ -587,7 +597,8 @@ "severities": [ { "system": "generic_textual", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, @@ -637,7 +648,8 @@ "severities": [ { "system": "generic_textual", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, @@ -687,7 +699,8 @@ "severities": [ { "system": "generic_textual", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, @@ -737,7 +750,8 @@ "severities": [ { "system": "generic_textual", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, @@ -895,7 +909,8 @@ "severities": [ { "system": "generic_textual", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, @@ -967,7 +982,8 @@ "severities": [ { "system": "generic_textual", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, @@ -1096,7 +1112,8 @@ "severities": [ { "system": "generic_textual", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, diff --git a/vulnerabilities/tests/test_data/nginx/security_advisories-importer-expected.json b/vulnerabilities/tests/test_data/nginx/security_advisories-importer-expected.json index f299a7f91..faaab6240 100644 --- a/vulnerabilities/tests/test_data/nginx/security_advisories-importer-expected.json +++ b/vulnerabilities/tests/test_data/nginx/security_advisories-importer-expected.json @@ -315,7 +315,7 @@ "date_published": null }, { - "unique_content_id": "899ece25ddf860b11ce3408d7e1e8eed", + "unique_content_id": "2bac8349cb492bcc4990b161b01dc414", "aliases": [ "CVE-2011-4963" ], @@ -356,7 +356,8 @@ "severities": [ { "value": "medium", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -538,7 +539,7 @@ "date_published": null }, { - "unique_content_id": "bf07c722836da87901a6a99186aa1451", + "unique_content_id": "870c7bf846dc50554e9fa2290598b001", "aliases": [ "CVE-2013-2070" ], @@ -587,7 +588,8 @@ "severities": [ { "value": "medium", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -621,7 +623,7 @@ "date_published": null }, { - "unique_content_id": "233d69f66b16829cd2563a8d4544c4fc", + "unique_content_id": "ce0711c66b7cdd60814c1abfbafdd3b9", "aliases": [ "CVE-2013-4547" ], @@ -658,7 +660,8 @@ "severities": [ { "value": "medium", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -782,7 +785,7 @@ "date_published": null }, { - "unique_content_id": "be04a26546034f1bf6dc81fe3f196d21", + "unique_content_id": "3637800165bcb0cf3917364af7654fee", "aliases": [ "CVE-2014-3556" ], @@ -819,7 +822,8 @@ "severities": [ { "value": "medium", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -843,7 +847,7 @@ "date_published": null }, { - "unique_content_id": "de51a68688d1254c7b923c4d553673d7", + "unique_content_id": "2024528d103453292ea1f23163cb7ad8", "aliases": [ "CVE-2014-3616" ], @@ -880,7 +884,8 @@ "severities": [ { "value": "medium", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -894,7 +899,7 @@ "date_published": null }, { - "unique_content_id": "cc7df0e8e72511288d97344b777f34ba", + "unique_content_id": "4a748f6cbd00bbafac23faa271396b3a", "aliases": [ "CVE-2016-0742" ], @@ -931,7 +936,8 @@ "severities": [ { "value": "medium", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -945,7 +951,7 @@ "date_published": null }, { - "unique_content_id": "3dd9fdd76b336623770856c554207c25", + "unique_content_id": "964babd1d8158846f348e9fa6df4e27f", "aliases": [ "CVE-2016-0746" ], @@ -982,7 +988,8 @@ "severities": [ { "value": "medium", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -996,7 +1003,7 @@ "date_published": null }, { - "unique_content_id": "efde3660cac695e0cf1a2641d85fc960", + "unique_content_id": "e96daddac5c29ad0b9e157638fbeb3b2", "aliases": [ "CVE-2016-0747" ], @@ -1033,7 +1040,8 @@ "severities": [ { "value": "medium", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -1047,7 +1055,7 @@ "date_published": null }, { - "unique_content_id": "55c06fb39c2060ebd4286f059a2de757", + "unique_content_id": "9cb4dc08fbceda238c4f45b00320ce42", "aliases": [ "CVE-2016-4450" ], @@ -1084,7 +1092,8 @@ "severities": [ { "value": "medium", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -1118,7 +1127,7 @@ "date_published": null }, { - "unique_content_id": "b228b252bfacba385255fa39b0ab8a24", + "unique_content_id": "4ebd7508e9aaa3c3c89cac10397f47d4", "aliases": [ "CVE-2017-7529" ], @@ -1155,7 +1164,8 @@ "severities": [ { "value": "medium", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -1179,7 +1189,7 @@ "date_published": null }, { - "unique_content_id": "7dd33f5c92c595292d689401ae2e2e5e", + "unique_content_id": "2fc1350472196c63ba9f7031fd456e76", "aliases": [ "CVE-2018-16843" ], @@ -1216,7 +1226,8 @@ "severities": [ { "value": "low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -1230,7 +1241,7 @@ "date_published": null }, { - "unique_content_id": "3f512172cf08fbf37eed94073722c0d1", + "unique_content_id": "1ae05361ffd7ba4b2a466afc6a3de34c", "aliases": [ "CVE-2018-16844" ], @@ -1267,7 +1278,8 @@ "severities": [ { "value": "low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -1281,7 +1293,7 @@ "date_published": null }, { - "unique_content_id": "65afa9db838c6440788e944c0c841e14", + "unique_content_id": "c78f14d302f37c9241afbc18578c49b3", "aliases": [ "CVE-2018-16845" ], @@ -1318,7 +1330,8 @@ "severities": [ { "value": "medium", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -1342,7 +1355,7 @@ "date_published": null }, { - "unique_content_id": "836975e8910970e6adbef6643c714424", + "unique_content_id": "dbbf831a29a655709b98cb79a5f90fac", "aliases": [ "CVE-2019-9511" ], @@ -1379,7 +1392,8 @@ "severities": [ { "value": "medium", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -1393,7 +1407,7 @@ "date_published": null }, { - "unique_content_id": "0ac8c5b8bbd51df34fcb6e027d5ea044", + "unique_content_id": "834d4d1067390d7f84ebd3cea8f60fb4", "aliases": [ "CVE-2019-9513" ], @@ -1430,7 +1444,8 @@ "severities": [ { "value": "low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -1444,7 +1459,7 @@ "date_published": null }, { - "unique_content_id": "7d85553ab2c402dc0f68469d0789ec2c", + "unique_content_id": "8e94de6ae6386d8e0af0241a0989cdcd", "aliases": [ "CVE-2019-9516" ], @@ -1481,7 +1496,8 @@ "severities": [ { "value": "low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -1495,7 +1511,7 @@ "date_published": null }, { - "unique_content_id": "dd9de89fd19c456d6452c1fe591238f8", + "unique_content_id": "fa52846658ab31e85334ad4af2fa7529", "aliases": [ "CVE-2021-23017" ], @@ -1532,7 +1548,8 @@ "severities": [ { "value": "medium", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" diff --git a/vulnerabilities/tests/test_data/nvd/nvd-expected.json b/vulnerabilities/tests/test_data/nvd/nvd-expected.json index 85d4ec791..7705b4b1b 100644 --- a/vulnerabilities/tests/test_data/nvd/nvd-expected.json +++ b/vulnerabilities/tests/test_data/nvd/nvd-expected.json @@ -22,11 +22,8 @@ "severities": [ { "system": "cvssv2", - "value": "5.0" - }, - { - "system": "cvssv2_vector", - "value": "AV:N/AC:L/Au:N/C:N/I:N/A:P" + "value": "5.0", + "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ] }, @@ -136,11 +133,8 @@ "severities": [ { "system": "cvssv2", - "value": "5.0" - }, - { - "system": "cvssv2_vector", - "value": "AV:N/AC:L/Au:N/C:P/I:N/A:N" + "value": "5.0", + "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ] }, diff --git a/vulnerabilities/tests/test_data/openssl/improver/improver-inferences-expected.json b/vulnerabilities/tests/test_data/openssl/improver/improver-inferences-expected.json index dd97cbd0d..a607a0987 100644 --- a/vulnerabilities/tests/test_data/openssl/improver/improver-inferences-expected.json +++ b/vulnerabilities/tests/test_data/openssl/improver/improver-inferences-expected.json @@ -60,7 +60,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -223,7 +224,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -506,7 +508,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -565,7 +568,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -720,7 +724,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -995,7 +1000,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -1044,7 +1050,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -1162,7 +1169,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -1400,7 +1408,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } diff --git a/vulnerabilities/tests/test_data/openssl/security_advisories-advisory_data-expected.json b/vulnerabilities/tests/test_data/openssl/security_advisories-advisory_data-expected.json index b6abfff33..1d7609d3e 100644 --- a/vulnerabilities/tests/test_data/openssl/security_advisories-advisory_data-expected.json +++ b/vulnerabilities/tests/test_data/openssl/security_advisories-advisory_data-expected.json @@ -70,7 +70,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -148,7 +149,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -192,7 +194,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -236,7 +239,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -297,7 +301,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -341,7 +346,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -385,7 +391,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -446,7 +453,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -490,7 +498,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -551,7 +560,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -612,7 +622,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -651,7 +662,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -695,7 +707,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -756,7 +769,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -834,7 +848,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -878,7 +893,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -956,7 +972,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -1039,7 +1056,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -1100,7 +1118,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -1144,7 +1163,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -1205,7 +1225,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -1283,7 +1304,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -1344,7 +1366,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -1405,7 +1428,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -1466,7 +1490,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -1527,7 +1552,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -1571,7 +1597,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -1615,7 +1642,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -1676,7 +1704,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -1737,7 +1766,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -1798,7 +1828,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -1842,7 +1873,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -1903,7 +1935,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -1947,7 +1980,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -2008,7 +2042,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -2047,7 +2082,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -2091,7 +2127,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -2135,7 +2172,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -2196,7 +2234,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -2240,7 +2279,8 @@ "severities": [ { "system": "generic_textual", - "value": "Critical" + "value": "Critical", + "scoring_elements": "" } ] } @@ -2284,7 +2324,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -2362,7 +2403,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -2406,7 +2448,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -2467,7 +2510,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -2528,7 +2572,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -2579,7 +2624,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -2630,7 +2676,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -2681,7 +2728,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -2732,7 +2780,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -2793,7 +2842,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -2854,7 +2904,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -2915,7 +2966,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -2959,7 +3011,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -3003,7 +3056,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -3054,7 +3108,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -3110,7 +3165,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -3161,7 +3217,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -3212,7 +3269,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -3263,7 +3321,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -3314,7 +3373,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -3365,7 +3425,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -3416,7 +3477,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -3467,7 +3529,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -3518,7 +3581,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -3569,7 +3633,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -3620,7 +3685,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -3695,7 +3761,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -3770,7 +3837,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -3809,7 +3877,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -3860,7 +3929,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -3899,7 +3969,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -3938,7 +4009,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -3989,7 +4061,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -4064,7 +4137,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -4127,7 +4201,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -4178,7 +4253,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -4253,7 +4329,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -4328,7 +4405,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -4403,7 +4481,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -4478,7 +4557,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -4553,7 +4633,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -4616,7 +4697,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -4655,7 +4737,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -4694,7 +4777,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -4733,7 +4817,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -4808,7 +4893,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -4847,7 +4933,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -4922,7 +5009,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -4997,7 +5085,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -5060,7 +5149,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -5135,7 +5225,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -5174,7 +5265,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -5213,7 +5305,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -5288,7 +5381,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -5363,7 +5457,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -5414,7 +5509,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -5477,7 +5573,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -5540,7 +5637,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -5603,7 +5701,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -5666,7 +5765,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -5717,7 +5817,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -5780,7 +5881,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -5843,7 +5945,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } @@ -5882,7 +5985,8 @@ "severities": [ { "system": "generic_textual", - "value": "High" + "value": "High", + "scoring_elements": "" } ] } @@ -5945,7 +6049,8 @@ "severities": [ { "system": "generic_textual", - "value": "Moderate" + "value": "Moderate", + "scoring_elements": "" } ] } @@ -6054,7 +6159,8 @@ "severities": [ { "system": "generic_textual", - "value": "Low" + "value": "Low", + "scoring_elements": "" } ] } diff --git a/vulnerabilities/tests/test_data/openssl/security_advisories-importer-expected.json b/vulnerabilities/tests/test_data/openssl/security_advisories-importer-expected.json index 1fb45fb97..6d5540928 100644 --- a/vulnerabilities/tests/test_data/openssl/security_advisories-importer-expected.json +++ b/vulnerabilities/tests/test_data/openssl/security_advisories-importer-expected.json @@ -3639,7 +3639,7 @@ "date_published": "2014-08-06T00:00:00+00:00" }, { - "unique_content_id": "1f5b764f02186661daeddc59bf4da52e", + "unique_content_id": "11e1f9c06f2e3543c81cf07c224cf341", "aliases": [ "CVE-2014-3513", "VC-OPENSSL-20141015-CVE-2014-3513" @@ -3670,7 +3670,8 @@ "severities": [ { "value": "High", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -3679,7 +3680,7 @@ "date_published": "2014-10-15T00:00:00+00:00" }, { - "unique_content_id": "0dbc354e8b6ffda1dc282284dc7ca66e", + "unique_content_id": "8d6fe58e87dc190b8862a94b4d2d8562", "aliases": [ "CVE-2014-3567", "VC-OPENSSL-20141015-CVE-2014-3567" @@ -3734,7 +3735,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -3743,7 +3745,7 @@ "date_published": "2014-10-15T00:00:00+00:00" }, { - "unique_content_id": "f361c3818d069effcb24f21fcd72db85", + "unique_content_id": "da97f3220903401cf9a9d0e1bcb5d216", "aliases": [ "CVE-2014-3568", "VC-OPENSSL-20141015-CVE-2014-3568" @@ -3798,7 +3800,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -3807,7 +3810,7 @@ "date_published": "2014-10-15T00:00:00+00:00" }, { - "unique_content_id": "b1da1cde21ecd834f84496c1980c6c2a", + "unique_content_id": "bc3dcbb576781e2d3895959a32a98cd6", "aliases": [ "CVE-2014-3569", "VC-OPENSSL-20141021-CVE-2014-3569" @@ -3862,7 +3865,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -3871,7 +3875,7 @@ "date_published": "2014-10-21T00:00:00+00:00" }, { - "unique_content_id": "0a41661f218f8317d4028d11a2423cac", + "unique_content_id": "de6019028ac0c1f61b2791ea0b64dae4", "aliases": [ "CVE-2014-3570", "VC-OPENSSL-20150108-CVE-2014-3570" @@ -3926,7 +3930,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -3935,7 +3940,7 @@ "date_published": "2015-01-08T00:00:00+00:00" }, { - "unique_content_id": "0e127de6fafb7d7e261db49417760ba9", + "unique_content_id": "e1a2c8490ee8ec555408bf1ba329ab5f", "aliases": [ "CVE-2014-3571", "VC-OPENSSL-20150105-CVE-2014-3571" @@ -3990,7 +3995,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -3999,7 +4005,7 @@ "date_published": "2015-01-05T00:00:00+00:00" }, { - "unique_content_id": "fcaff5e260e813572bfc67ff2a304d25", + "unique_content_id": "830d8ea55e127bf408bf1a96867fde9e", "aliases": [ "CVE-2014-3572", "VC-OPENSSL-20150105-CVE-2014-3572" @@ -4054,7 +4060,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -4098,7 +4105,7 @@ "date_published": "2014-08-06T00:00:00+00:00" }, { - "unique_content_id": "c2558909bddeaa670f89ebf69b7f8518", + "unique_content_id": "ba9bf80219726629bf9ca25b9ec2d7ee", "aliases": [ "CVE-2014-8176", "VC-OPENSSL-20150611-CVE-2014-8176" @@ -4153,7 +4160,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -4162,7 +4170,7 @@ "date_published": "2015-06-11T00:00:00+00:00" }, { - "unique_content_id": "065f44427e0d663d8234e64bf1843fdd", + "unique_content_id": "17a2b9e6e7f20925bfa76eed64d97e63", "aliases": [ "CVE-2014-8275", "VC-OPENSSL-20150105-CVE-2014-8275" @@ -4217,7 +4225,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -4226,7 +4235,7 @@ "date_published": "2015-01-05T00:00:00+00:00" }, { - "unique_content_id": "6a6be6bf98981fe79b516cab4ffdbbce", + "unique_content_id": "da0b220dac069d120b1b47e18460563e", "aliases": [ "CVE-2015-0204", "VC-OPENSSL-20150106-CVE-2015-0204" @@ -4281,7 +4290,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -4290,7 +4300,7 @@ "date_published": "2015-01-06T00:00:00+00:00" }, { - "unique_content_id": "b0ae7519b7208e9e1445a93f09837e72", + "unique_content_id": "9110b3c3a234b07357ebc6c80b9e5718", "aliases": [ "CVE-2015-0205", "VC-OPENSSL-20150108-CVE-2015-0205" @@ -4333,7 +4343,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -4342,7 +4353,7 @@ "date_published": "2015-01-08T00:00:00+00:00" }, { - "unique_content_id": "1684c4ac6d329374b3be002ae1d092e2", + "unique_content_id": "f80174a3b289a4ded7c91ff074ab8d3c", "aliases": [ "CVE-2015-0206", "VC-OPENSSL-20150108-CVE-2015-0206" @@ -4385,7 +4396,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -4394,7 +4406,7 @@ "date_published": "2015-01-08T00:00:00+00:00" }, { - "unique_content_id": "2da340f13e79053e9d7cbb28e21f8cdd", + "unique_content_id": "6e873fedb8d2713b07fdac4782eb09ec", "aliases": [ "CVE-2015-0207", "VC-OPENSSL-20150319-CVE-2015-0207" @@ -4425,7 +4437,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -4434,7 +4447,7 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "c82e34960bf52e30bf11b64c33212e77", + "unique_content_id": "517f709ddc0f0586d83e272e9c8b0773", "aliases": [ "CVE-2015-0208", "VC-OPENSSL-20150319-CVE-2015-0208" @@ -4465,7 +4478,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -4474,7 +4488,7 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "9286c4accc636bb2d3be1b468b3cace4", + "unique_content_id": "b76e9c597b1ed20726dd4b1927843303", "aliases": [ "CVE-2015-0209", "VC-OPENSSL-20150319-CVE-2015-0209" @@ -4541,7 +4555,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -4550,7 +4565,7 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "ef26fee8241abc7d63cf6a6c31f37227", + "unique_content_id": "fdcf9c50310fe3e4a297a0477ecb33d8", "aliases": [ "CVE-2015-0285", "VC-OPENSSL-20150310-CVE-2015-0285" @@ -4581,7 +4596,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -4590,7 +4606,7 @@ "date_published": "2015-03-10T00:00:00+00:00" }, { - "unique_content_id": "e0f46c4ed3ca54619ea97de2337d0b06", + "unique_content_id": "b260215cc8903aec80e94a71e6b1ba1a", "aliases": [ "CVE-2015-0286", "VC-OPENSSL-20150319-CVE-2015-0286" @@ -4657,7 +4673,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -4666,7 +4683,7 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "c1f153eae7cc1ab2e5d45ef9037c8483", + "unique_content_id": "7da3628b8b128b6e84e39d89d5f13c19", "aliases": [ "CVE-2015-0287", "VC-OPENSSL-20150319-CVE-2015-0287" @@ -4733,7 +4750,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -4742,7 +4760,7 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "47c67a4346cae9669fe347406c95c431", + "unique_content_id": "ca59a8208ab9a2665834ce8f27cfdc0d", "aliases": [ "CVE-2015-0288", "VC-OPENSSL-20150302-CVE-2015-0288" @@ -4809,7 +4827,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -4818,7 +4837,7 @@ "date_published": "2015-03-02T00:00:00+00:00" }, { - "unique_content_id": "c787e9ff542dedc708146af7d513f4e5", + "unique_content_id": "7ba9c375172e33e587e6916a2c04abc2", "aliases": [ "CVE-2015-0289", "VC-OPENSSL-20150319-CVE-2015-0289" @@ -4885,7 +4904,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -4894,7 +4914,7 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "fb42200139181c92c8131fad25bb89d9", + "unique_content_id": "19d2f8893cb07b2605c1579c89dfe8f5", "aliases": [ "CVE-2015-0290", "VC-OPENSSL-20150319-CVE-2015-0290" @@ -4925,7 +4945,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -4934,7 +4955,7 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "eca7be74f0e34397e9947ccb3c908c84", + "unique_content_id": "5c2919fe7b5c27c156fb01572b75c3f7", "aliases": [ "CVE-2015-0291", "VC-OPENSSL-20150319-CVE-2015-0291" @@ -4965,7 +4986,8 @@ "severities": [ { "value": "High", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -4974,7 +4996,7 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "610d1a3f4fe1f3152f3367e7f7977f2d", + "unique_content_id": "0f721e9aab1c62cb180baeb245335c9d", "aliases": [ "CVE-2015-0292", "VC-OPENSSL-20150319-CVE-2015-0292" @@ -5029,7 +5051,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -5038,7 +5061,7 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "53a9c388a3babc9137c9f8d5c16aa6b3", + "unique_content_id": "e84f4ac47cc48005d56f018d2e65daf5", "aliases": [ "CVE-2015-0293", "VC-OPENSSL-20150319-CVE-2015-0293" @@ -5105,7 +5128,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -5114,7 +5138,7 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "43d97ddde2a3d7d04680811dc912789b", + "unique_content_id": "d303e292194a0e8071acc4fc72084b83", "aliases": [ "CVE-2015-1787", "VC-OPENSSL-20150319-CVE-2015-1787" @@ -5145,7 +5169,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -5154,7 +5179,7 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "d4948addae4359ea3024e099c5a44471", + "unique_content_id": "de7491499e972efb327be2360b1d7cdd", "aliases": [ "CVE-2015-1788", "VC-OPENSSL-20150611-CVE-2015-1788" @@ -5221,7 +5246,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -5230,7 +5256,7 @@ "date_published": "2015-06-11T00:00:00+00:00" }, { - "unique_content_id": "6f019495566babdc220787d764ecfcb3", + "unique_content_id": "9a43962bbf90922aca933cf9313dd17e", "aliases": [ "CVE-2015-1789", "VC-OPENSSL-20150611-CVE-2015-1789" @@ -5297,7 +5323,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -5306,7 +5333,7 @@ "date_published": "2015-06-11T00:00:00+00:00" }, { - "unique_content_id": "de0847d5d8534a67402a297b4482b1bf", + "unique_content_id": "52b243f95587be4795cf1b20e3d32d44", "aliases": [ "CVE-2015-1790", "VC-OPENSSL-20150611-CVE-2015-1790" @@ -5373,7 +5400,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -5382,7 +5410,7 @@ "date_published": "2015-06-11T00:00:00+00:00" }, { - "unique_content_id": "49a4738b52d1c4bd20756d8ada536528", + "unique_content_id": "7cb208b48e8a1b1a13ace73af9d072f5", "aliases": [ "CVE-2015-1791", "VC-OPENSSL-20150602-CVE-2015-1791" @@ -5449,7 +5477,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -5458,7 +5487,7 @@ "date_published": "2015-06-02T00:00:00+00:00" }, { - "unique_content_id": "3590b88a90950e42228acf56eb865571", + "unique_content_id": "2b161e2cb26f5f69adae525b1bb55be2", "aliases": [ "CVE-2015-1792", "VC-OPENSSL-20150611-CVE-2015-1792" @@ -5525,7 +5554,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -5534,7 +5564,7 @@ "date_published": "2015-06-11T00:00:00+00:00" }, { - "unique_content_id": "626196998fcc82390de1c4f11bcb5c10", + "unique_content_id": "ed7f363c3468e822e0b6f7ff17df2f70", "aliases": [ "CVE-2015-1793", "VC-OPENSSL-20150709-CVE-2015-1793" @@ -5577,7 +5607,8 @@ "severities": [ { "value": "High", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -5586,7 +5617,7 @@ "date_published": "2015-07-09T00:00:00+00:00" }, { - "unique_content_id": "23636fd7ee3e368036ebc3c5d9e72b1d", + "unique_content_id": "c5e420a14990226a4a83d287ee46ff06", "aliases": [ "CVE-2015-1794", "VC-OPENSSL-20150811-CVE-2015-1794" @@ -5617,7 +5648,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -5626,7 +5658,7 @@ "date_published": "2015-08-11T00:00:00+00:00" }, { - "unique_content_id": "75cfe7850195ebbca3bd42f987632dcd", + "unique_content_id": "b271421c430e491af8d4ef2a41c18859", "aliases": [ "CVE-2015-3193", "VC-OPENSSL-20151203-CVE-2015-3193" @@ -5657,7 +5689,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -5666,7 +5699,7 @@ "date_published": "2015-12-03T00:00:00+00:00" }, { - "unique_content_id": "cc51dac131bce0bd19788f2225869016", + "unique_content_id": "1e4d05c5d1f49c2c21106fe8bd1741b0", "aliases": [ "CVE-2015-3194", "VC-OPENSSL-20151203-CVE-2015-3194" @@ -5709,7 +5742,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -5718,7 +5752,7 @@ "date_published": "2015-12-03T00:00:00+00:00" }, { - "unique_content_id": "692845da51eb8c47baa72c584f82d55d", + "unique_content_id": "cfa823ad1a1d8f66b8efc7472dfd1803", "aliases": [ "CVE-2015-3195", "VC-OPENSSL-20151203-CVE-2015-3195" @@ -5785,7 +5819,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -5794,7 +5829,7 @@ "date_published": "2015-12-03T00:00:00+00:00" }, { - "unique_content_id": "cb41dd338eae6ef24d74b9880a71ab3c", + "unique_content_id": "87218d1dec8ba5f20c4fa10ed58a5cbd", "aliases": [ "CVE-2015-3196", "VC-OPENSSL-20151203-CVE-2015-3196" @@ -5849,7 +5884,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -5858,7 +5894,7 @@ "date_published": "2015-12-03T00:00:00+00:00" }, { - "unique_content_id": "fc2f742b725439e7be346bfe8d533551", + "unique_content_id": "9f2f59254d29b5dde559974aa39aaab5", "aliases": [ "CVE-2015-3197", "VC-OPENSSL-20160128-CVE-2015-3197" @@ -5901,7 +5937,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -5910,7 +5947,7 @@ "date_published": "2016-01-28T00:00:00+00:00" }, { - "unique_content_id": "0777f77812eeceec0365835b4263657d", + "unique_content_id": "2c5fcff42780eda76107cd4d1d428440", "aliases": [ "CVE-2016-0701", "VC-OPENSSL-20160128-CVE-2016-0701" @@ -5941,7 +5978,8 @@ "severities": [ { "value": "High", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -5950,7 +5988,7 @@ "date_published": "2016-01-28T00:00:00+00:00" }, { - "unique_content_id": "2101ddd07ece5883480bde27f4e0cf01", + "unique_content_id": "bedf5abaa9e09cc7e8c88d307af2471d", "aliases": [ "CVE-2016-0702", "VC-OPENSSL-20160301-CVE-2016-0702" @@ -5993,7 +6031,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -6002,7 +6041,7 @@ "date_published": "2016-03-01T00:00:00+00:00" }, { - "unique_content_id": "8267dd00782c5b19c9f234aa1e9a43f3", + "unique_content_id": "ee14f55b7ca44f25383963f3632f5ce6", "aliases": [ "CVE-2016-0703", "VC-OPENSSL-20160301-CVE-2016-0703" @@ -6069,7 +6108,8 @@ "severities": [ { "value": "High", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -6078,7 +6118,7 @@ "date_published": "2016-03-01T00:00:00+00:00" }, { - "unique_content_id": "28f16df4f3daa41f80ca706bb1da6207", + "unique_content_id": "6e944e4ae9494a92c0524c9385ba57fa", "aliases": [ "CVE-2016-0704", "VC-OPENSSL-20160301-CVE-2016-0704" @@ -6145,7 +6185,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -6154,7 +6195,7 @@ "date_published": "2016-03-01T00:00:00+00:00" }, { - "unique_content_id": "9ebc8678fd2c195b8484447652f18ad9", + "unique_content_id": "13ae8b30193d6ec8c136c984be9e3a10", "aliases": [ "CVE-2016-0705", "VC-OPENSSL-20160301-CVE-2016-0705" @@ -6197,7 +6238,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -6206,7 +6248,7 @@ "date_published": "2016-03-01T00:00:00+00:00" }, { - "unique_content_id": "4122befa930618fe84e02259b2e79562", + "unique_content_id": "7e09aafeb92ce8fe7c521a686d0512c7", "aliases": [ "CVE-2016-0797", "VC-OPENSSL-20160301-CVE-2016-0797" @@ -6249,7 +6291,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -6258,7 +6301,7 @@ "date_published": "2016-03-01T00:00:00+00:00" }, { - "unique_content_id": "64f9fb4fe274a7cc9baa68f4af887e48", + "unique_content_id": "3e39295eed09f594d800182719c7e7a9", "aliases": [ "CVE-2016-0798", "VC-OPENSSL-20160301-CVE-2016-0798" @@ -6301,7 +6344,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -6310,7 +6354,7 @@ "date_published": "2016-03-01T00:00:00+00:00" }, { - "unique_content_id": "023db760fe535a1ea9f85b3938912aee", + "unique_content_id": "7fce5880e666dd07fdb5d065d290c66c", "aliases": [ "CVE-2016-0799", "VC-OPENSSL-20160301-CVE-2016-0799" @@ -6353,7 +6397,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -6362,7 +6407,7 @@ "date_published": "2016-03-01T00:00:00+00:00" }, { - "unique_content_id": "3506496e68899788f662b53b00128361", + "unique_content_id": "cb36123362fb740570fed49d206977ea", "aliases": [ "CVE-2016-0800", "VC-OPENSSL-20160301-CVE-2016-0800" @@ -6405,7 +6450,8 @@ "severities": [ { "value": "High", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -6414,7 +6460,7 @@ "date_published": "2016-03-01T00:00:00+00:00" }, { - "unique_content_id": "b6ddcacc7a2ddbd149943494239f9247", + "unique_content_id": "5e8d51c166acf64b3a4b36c12e9e3887", "aliases": [ "CVE-2016-2105", "VC-OPENSSL-20160503-CVE-2016-2105" @@ -6457,7 +6503,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -6466,7 +6513,7 @@ "date_published": "2016-05-03T00:00:00+00:00" }, { - "unique_content_id": "781c7572161ca98b06d842d4f7b7b225", + "unique_content_id": "af86c5d45b8bc400e35ba954b77e1ab8", "aliases": [ "CVE-2016-2106", "VC-OPENSSL-20160503-CVE-2016-2106" @@ -6509,7 +6556,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -6518,7 +6566,7 @@ "date_published": "2016-05-03T00:00:00+00:00" }, { - "unique_content_id": "9ce420ee730c963d702844541a8114f7", + "unique_content_id": "3bc6a5d23c3f0c13e5cb6ba7511b77fa", "aliases": [ "CVE-2016-2107", "VC-OPENSSL-20160503-CVE-2016-2107" @@ -6566,7 +6614,8 @@ "severities": [ { "value": "High", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -6575,7 +6624,7 @@ "date_published": "2016-05-03T00:00:00+00:00" }, { - "unique_content_id": "bd5d8e4d20b7b4bee63e89fc6f72eed0", + "unique_content_id": "6f28891b48e529b6181ac053a2dd6831", "aliases": [ "CVE-2016-2108", "VC-OPENSSL-20160503-CVE-2016-2108" @@ -6618,7 +6667,8 @@ "severities": [ { "value": "High", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -6627,7 +6677,7 @@ "date_published": "2016-05-03T00:00:00+00:00" }, { - "unique_content_id": "1ced378b9cb095d0a76f3485e8316088", + "unique_content_id": "31da6300c54771768dfbbb493c0ea012", "aliases": [ "CVE-2016-2109", "VC-OPENSSL-20160503-CVE-2016-2109" @@ -6670,7 +6720,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -6679,7 +6730,7 @@ "date_published": "2016-05-03T00:00:00+00:00" }, { - "unique_content_id": "9b9919e189c74dff3679b483dbff020c", + "unique_content_id": "3e9c33c7fa8c5395fdd5bbcbfa22873f", "aliases": [ "CVE-2016-2176", "VC-OPENSSL-20160503-CVE-2016-2176" @@ -6722,7 +6773,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -6731,7 +6783,7 @@ "date_published": "2016-05-03T00:00:00+00:00" }, { - "unique_content_id": "500a5ad0983e23c65276ed2c79752320", + "unique_content_id": "f7aaf96e395a2dba4c36c673c22434f8", "aliases": [ "CVE-2016-2177", "VC-OPENSSL-20160601-CVE-2016-2177" @@ -6774,7 +6826,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -6783,7 +6836,7 @@ "date_published": "2016-06-01T00:00:00+00:00" }, { - "unique_content_id": "8c53a0b019fbf0bcb4bcafc9dfab395b", + "unique_content_id": "22c52099d0acc1a49228c3dd25b79942", "aliases": [ "CVE-2016-2178", "VC-OPENSSL-20160607-CVE-2016-2178" @@ -6826,7 +6879,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -6835,7 +6889,7 @@ "date_published": "2016-06-07T00:00:00+00:00" }, { - "unique_content_id": "24b08c44925cb56c17de3217453060b4", + "unique_content_id": "268776bd9394c0ecb7509b7b3bcb2d7b", "aliases": [ "CVE-2016-2179", "VC-OPENSSL-20160822-CVE-2016-2179" @@ -6888,7 +6942,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -6897,7 +6952,7 @@ "date_published": "2016-08-22T00:00:00+00:00" }, { - "unique_content_id": "5986971c9c473f1d3566a00414e0b9ca", + "unique_content_id": "dbb52bd196ca767a28c425e5ee363dee", "aliases": [ "CVE-2016-2180", "VC-OPENSSL-20160722-CVE-2016-2180" @@ -6940,7 +6995,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -6949,7 +7005,7 @@ "date_published": "2016-07-22T00:00:00+00:00" }, { - "unique_content_id": "13ac05f02e4c5a6ca138752d07b786ba", + "unique_content_id": "3dd39a452b071637a8d0a9c68425d6c3", "aliases": [ "CVE-2016-2181", "VC-OPENSSL-20160819-CVE-2016-2181" @@ -7002,7 +7058,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7011,7 +7068,7 @@ "date_published": "2016-08-19T00:00:00+00:00" }, { - "unique_content_id": "9a6095f3c1e00841abe8214157684780", + "unique_content_id": "19e7d92bb3814220b6d76331a3f61dfa", "aliases": [ "CVE-2016-2182", "VC-OPENSSL-20160816-CVE-2016-2182" @@ -7054,7 +7111,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7063,7 +7121,7 @@ "date_published": "2016-08-16T00:00:00+00:00" }, { - "unique_content_id": "fe925b287358f673a6f05a7b1f1022ab", + "unique_content_id": "021d94c11f04ee1e3c8ebb30430ecea8", "aliases": [ "CVE-2016-2183", "VC-OPENSSL-20160824-CVE-2016-2183" @@ -7094,7 +7152,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7103,7 +7162,7 @@ "date_published": "2016-08-24T00:00:00+00:00" }, { - "unique_content_id": "d4f9fae37ae59e002b9b8645640f2c92", + "unique_content_id": "4a1ed8b07b630922c9abd2cb9dd11e89", "aliases": [ "CVE-2016-6302", "VC-OPENSSL-20160823-CVE-2016-6302" @@ -7156,7 +7215,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7165,7 +7225,7 @@ "date_published": "2016-08-23T00:00:00+00:00" }, { - "unique_content_id": "06439c697462c5961b77d77aa81ae32e", + "unique_content_id": "1c88b59c666122ca095dc7d316ee96ed", "aliases": [ "CVE-2016-6303", "VC-OPENSSL-20160824-CVE-2016-6303" @@ -7218,7 +7278,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7227,7 +7288,7 @@ "date_published": "2016-08-24T00:00:00+00:00" }, { - "unique_content_id": "2aec13966ccec41c3e9b7654a382cdf5", + "unique_content_id": "9b901055857e8309bf9660758966d368", "aliases": [ "CVE-2016-6304", "VC-OPENSSL-20160922-CVE-2016-6304" @@ -7297,7 +7358,8 @@ "severities": [ { "value": "High", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7306,7 +7368,7 @@ "date_published": "2016-09-22T00:00:00+00:00" }, { - "unique_content_id": "9f60c84f86e5950759cfb1e4239dc8da", + "unique_content_id": "2419ffdc30aaa2a3d1201eb4a4619971", "aliases": [ "CVE-2016-6305", "VC-OPENSSL-20160922-CVE-2016-6305" @@ -7342,7 +7404,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7351,7 +7414,7 @@ "date_published": "2016-09-22T00:00:00+00:00" }, { - "unique_content_id": "c9c1774d70e4979b79499ec6ff533f9a", + "unique_content_id": "40a04f9bb1e95d0ac60574cc03f03aac", "aliases": [ "CVE-2016-6306", "VC-OPENSSL-20160921-CVE-2016-6306" @@ -7404,7 +7467,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7413,7 +7477,7 @@ "date_published": "2016-09-21T00:00:00+00:00" }, { - "unique_content_id": "2f3fe699489fab49fe5a6a4760205bf3", + "unique_content_id": "2e25b2d69f1eab45b1b7029e6b422eda", "aliases": [ "CVE-2016-6307", "VC-OPENSSL-20160921-CVE-2016-6307" @@ -7449,7 +7513,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7458,7 +7523,7 @@ "date_published": "2016-09-21T00:00:00+00:00" }, { - "unique_content_id": "4873b487950a0bb12e16171ef49a4d3c", + "unique_content_id": "123af7e3199e4cb96b82e6b7b4147c83", "aliases": [ "CVE-2016-6308", "VC-OPENSSL-20160921-CVE-2016-6308" @@ -7494,7 +7559,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7503,7 +7569,7 @@ "date_published": "2016-09-21T00:00:00+00:00" }, { - "unique_content_id": "7260960e07c3ddfdd75af49a326447b5", + "unique_content_id": "c9b2f175fc6014ed75090aa3ac346d07", "aliases": [ "CVE-2016-6309", "VC-OPENSSL-20160926-CVE-2016-6309" @@ -7539,7 +7605,8 @@ "severities": [ { "value": "Critical", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7548,7 +7615,7 @@ "date_published": "2016-09-26T00:00:00+00:00" }, { - "unique_content_id": "c0e7321626534a262329d3c9d2ce395b", + "unique_content_id": "0ca838fe0ecd5347bfe4810743c68d76", "aliases": [ "CVE-2016-7052", "VC-OPENSSL-20160926-CVE-2016-7052" @@ -7584,7 +7651,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7593,7 +7661,7 @@ "date_published": "2016-09-26T00:00:00+00:00" }, { - "unique_content_id": "2a318491d9833a368fd374f0cd6f3d30", + "unique_content_id": "977753740957f22482446fa804b3bacb", "aliases": [ "CVE-2016-7053", "VC-OPENSSL-20161110-CVE-2016-7053" @@ -7629,7 +7697,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7638,7 +7707,7 @@ "date_published": "2016-11-10T00:00:00+00:00" }, { - "unique_content_id": "030f10739bdaba22d1d6645e64f07517", + "unique_content_id": "a1787d390b904122cf68f1fcd7cbf49d", "aliases": [ "CVE-2016-7054", "VC-OPENSSL-20161110-CVE-2016-7054" @@ -7674,7 +7743,8 @@ "severities": [ { "value": "High", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7683,7 +7753,7 @@ "date_published": "2016-11-10T00:00:00+00:00" }, { - "unique_content_id": "3608a808a8a6b24e46ee057009635f06", + "unique_content_id": "b29e4e1444a95c4ac89b67825960fc30", "aliases": [ "CVE-2016-7055", "VC-OPENSSL-20161110-CVE-2016-7055" @@ -7736,7 +7806,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7745,7 +7816,7 @@ "date_published": "2016-11-10T00:00:00+00:00" }, { - "unique_content_id": "a0447ff218665545b036454e89ab3da8", + "unique_content_id": "6ac9a30b63d9120bac06625f40f7793e", "aliases": [ "CVE-2017-3730", "VC-OPENSSL-20170126-CVE-2017-3730" @@ -7781,7 +7852,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7790,7 +7862,7 @@ "date_published": "2017-01-26T00:00:00+00:00" }, { - "unique_content_id": "ceedb280a4d99109a26884ac4ec190fd", + "unique_content_id": "d87ae57ff551a38e03041e9e46c46132", "aliases": [ "CVE-2017-3731", "VC-OPENSSL-20170126-CVE-2017-3731" @@ -7843,7 +7915,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7852,7 +7925,7 @@ "date_published": "2017-01-26T00:00:00+00:00" }, { - "unique_content_id": "706dd13f07097397f57b882c363f9119", + "unique_content_id": "108b4958e52639140053033741fd5922", "aliases": [ "CVE-2017-3732", "VC-OPENSSL-20170126-CVE-2017-3732" @@ -7905,7 +7978,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7914,7 +7988,7 @@ "date_published": "2017-01-26T00:00:00+00:00" }, { - "unique_content_id": "526e150a2c030026d5cf82c511df7592", + "unique_content_id": "5f038662b9b3c70c751f11672fb4fbcb", "aliases": [ "CVE-2017-3733", "VC-OPENSSL-20170216-CVE-2017-3733" @@ -7950,7 +8024,8 @@ "severities": [ { "value": "High", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -7959,7 +8034,7 @@ "date_published": "2017-02-16T00:00:00+00:00" }, { - "unique_content_id": "88bc79e6adf5370cba696aa64de2abfb", + "unique_content_id": "9737708961f378dfee3d47ed43884c11", "aliases": [ "CVE-2017-3735", "VC-OPENSSL-20170828-CVE-2017-3735" @@ -8012,7 +8087,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -8021,7 +8097,7 @@ "date_published": "2017-08-28T00:00:00+00:00" }, { - "unique_content_id": "3fd442d507f8355357aed257f3be199d", + "unique_content_id": "c3b257e295a5600543dae25d04aa42cd", "aliases": [ "CVE-2017-3736", "VC-OPENSSL-20171102-CVE-2017-3736" @@ -8074,7 +8150,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -8083,7 +8160,7 @@ "date_published": "2017-11-02T00:00:00+00:00" }, { - "unique_content_id": "c325238786ca680793125f8be9b90666", + "unique_content_id": "d394c4e4bd822d903834d7a3c71998ea", "aliases": [ "CVE-2017-3737", "VC-OPENSSL-20171207-CVE-2017-3737" @@ -8119,7 +8196,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -8128,7 +8206,7 @@ "date_published": "2017-12-07T00:00:00+00:00" }, { - "unique_content_id": "6b50c66357f3abbbe4ff41ad12791fd9", + "unique_content_id": "3982fdafdc98d5aa5b0fb95793d837c5", "aliases": [ "CVE-2017-3738", "VC-OPENSSL-20171207-CVE-2017-3738" @@ -8181,7 +8259,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -8190,7 +8269,7 @@ "date_published": "2017-12-07T00:00:00+00:00" }, { - "unique_content_id": "1c0b39742398a6ee6180477140815f3c", + "unique_content_id": "0c0f3d9f673e7dfd17d5af9ab52a527f", "aliases": [ "CVE-2018-0732", "VC-OPENSSL-20180612-CVE-2018-0732" @@ -8243,7 +8322,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -8252,7 +8332,7 @@ "date_published": "2018-06-12T00:00:00+00:00" }, { - "unique_content_id": "511c78e495eb70feae6bf315b747e4f3", + "unique_content_id": "8a42bdb4244b87a07381796eac77b5dd", "aliases": [ "CVE-2018-0733", "VC-OPENSSL-20180327-CVE-2018-0733" @@ -8288,7 +8368,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -8297,7 +8378,7 @@ "date_published": "2018-03-27T00:00:00+00:00" }, { - "unique_content_id": "560c315c120edfe0bbd8c9146854a53f", + "unique_content_id": "e5db72eef7ab0c3c1c4ab2adc4153b7c", "aliases": [ "CVE-2018-0734", "VC-OPENSSL-20181030-CVE-2018-0734" @@ -8367,7 +8448,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -8376,7 +8458,7 @@ "date_published": "2018-10-30T00:00:00+00:00" }, { - "unique_content_id": "258fbaa0014921327e197180e1a9c168", + "unique_content_id": "4f357adf49d7aaff448007329cef90e5", "aliases": [ "CVE-2018-0735", "VC-OPENSSL-20181029-CVE-2018-0735" @@ -8429,7 +8511,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -8438,7 +8521,7 @@ "date_published": "2018-10-29T00:00:00+00:00" }, { - "unique_content_id": "c3f15a1b2a0994c4d94cdd590448502e", + "unique_content_id": "5b894b1f146925555f16167269e3d1ac", "aliases": [ "CVE-2018-0737", "VC-OPENSSL-20180416-CVE-2018-0737" @@ -8491,7 +8574,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -8500,7 +8584,7 @@ "date_published": "2018-04-16T00:00:00+00:00" }, { - "unique_content_id": "5d79faa4a5410c3b5668f2d394e84beb", + "unique_content_id": "a4177376d5ba9b5bc5dc22b340e6a75f", "aliases": [ "CVE-2018-0739", "VC-OPENSSL-20180327-CVE-2018-0739" @@ -8553,7 +8637,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -8562,7 +8647,7 @@ "date_published": "2018-03-27T00:00:00+00:00" }, { - "unique_content_id": "97a3816c4c8f0bd0e607a4d8a79c5ae8", + "unique_content_id": "65578d021077b3ade97c82d30e9cbba1", "aliases": [ "CVE-2018-5407", "VC-OPENSSL-20181102-CVE-2018-5407" @@ -8615,7 +8700,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -8624,7 +8710,7 @@ "date_published": "2018-11-02T00:00:00+00:00" }, { - "unique_content_id": "3a7c4643755506fb7a1f5b64a111e894", + "unique_content_id": "5a72ce027e8c589dad30c281fd761d75", "aliases": [ "CVE-2019-1543", "VC-OPENSSL-20190306-CVE-2019-1543" @@ -8677,7 +8763,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -8686,7 +8773,7 @@ "date_published": "2019-03-06T00:00:00+00:00" }, { - "unique_content_id": "1f0e667392222fc1f127592636e906fa", + "unique_content_id": "fcfcf197a9c4bad6a8dd3ffe15818f12", "aliases": [ "CVE-2019-1547", "VC-OPENSSL-20190910-CVE-2019-1547" @@ -8756,7 +8843,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -8765,7 +8853,7 @@ "date_published": "2019-09-10T00:00:00+00:00" }, { - "unique_content_id": "7fadac522d658facb12f299bb48ba2ec", + "unique_content_id": "ec00d8bb72ac0b7f1de849bce460731c", "aliases": [ "CVE-2019-1549", "VC-OPENSSL-20190910-CVE-2019-1549" @@ -8801,7 +8889,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -8810,7 +8899,7 @@ "date_published": "2019-09-10T00:00:00+00:00" }, { - "unique_content_id": "86be7ce8b4721b777ef32dd64df3edf4", + "unique_content_id": "42a4c402937fed3e5a602fc384f29de3", "aliases": [ "CVE-2019-1551", "VC-OPENSSL-20191206-CVE-2019-1551" @@ -8863,7 +8952,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -8872,7 +8962,7 @@ "date_published": "2019-12-06T00:00:00+00:00" }, { - "unique_content_id": "99942df08565fdb3248518baae83dd13", + "unique_content_id": "619b9f78d7b4b1f7b86692e6667e630c", "aliases": [ "CVE-2019-1552", "VC-OPENSSL-20190730-CVE-2019-1552" @@ -8947,7 +9037,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -8956,7 +9047,7 @@ "date_published": "2019-07-30T00:00:00+00:00" }, { - "unique_content_id": "c51e38c375d1211f3e69abe7b2c62f37", + "unique_content_id": "63919a30984ae536d613016bee191b5a", "aliases": [ "CVE-2019-1559", "VC-OPENSSL-20190226-CVE-2019-1559" @@ -8992,7 +9083,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -9001,7 +9093,7 @@ "date_published": "2019-02-26T00:00:00+00:00" }, { - "unique_content_id": "5d70e446788723818dd00550d04e12ba", + "unique_content_id": "baef276b71e733ed8313ded9ff93ff86", "aliases": [ "CVE-2019-1563", "VC-OPENSSL-20190910-CVE-2019-1563" @@ -9071,7 +9163,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -9080,7 +9173,7 @@ "date_published": "2019-09-10T00:00:00+00:00" }, { - "unique_content_id": "495664aed314f22468782ba341c0e4b7", + "unique_content_id": "f2f8bab6941d4e702c466afaf4d63566", "aliases": [ "CVE-2020-1967", "VC-OPENSSL-20200421-CVE-2020-1967" @@ -9116,7 +9209,8 @@ "severities": [ { "value": "High", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -9125,7 +9219,7 @@ "date_published": "2020-04-21T00:00:00+00:00" }, { - "unique_content_id": "7dcc6225be95f6df4ef356fd050def47", + "unique_content_id": "5d5c7aa4c1296dba54969e2f85a8f85d", "aliases": [ "CVE-2020-1968", "VC-OPENSSL-20200909-CVE-2020-1968" @@ -9156,7 +9250,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -9165,7 +9260,7 @@ "date_published": "2020-09-09T00:00:00+00:00" }, { - "unique_content_id": "879e976d13345716651026dcc09f6718", + "unique_content_id": "4eca1baa3ab7532afce3f199f004c008", "aliases": [ "CVE-2020-1971", "VC-OPENSSL-20201208-CVE-2020-1971" @@ -9218,7 +9313,8 @@ "severities": [ { "value": "High", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -9227,7 +9323,7 @@ "date_published": "2020-12-08T00:00:00+00:00" }, { - "unique_content_id": "d73535dab9e59a40ce8493e4de3e4300", + "unique_content_id": "f0110a9eed5251b83bc81a5735b0561b", "aliases": [ "CVE-2021-23839", "VC-OPENSSL-20210216-CVE-2021-23839" @@ -9263,7 +9359,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -9272,7 +9369,7 @@ "date_published": "2021-02-16T00:00:00+00:00" }, { - "unique_content_id": "a1eb94a9234b06a7bc37d714496233e2", + "unique_content_id": "7195f653a74059978ec045dd4558d4d1", "aliases": [ "CVE-2021-23840", "VC-OPENSSL-20210216-CVE-2021-23840" @@ -9325,7 +9422,8 @@ "severities": [ { "value": "Low", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -9334,7 +9432,7 @@ "date_published": "2021-02-16T00:00:00+00:00" }, { - "unique_content_id": "c7c47549dfdab0afe770c9247331bc7d", + "unique_content_id": "2a04eb07243878ddd179d5779cf4fd32", "aliases": [ "CVE-2021-23841", "VC-OPENSSL-20210216-CVE-2021-23841" @@ -9387,7 +9485,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -9396,7 +9495,7 @@ "date_published": "2021-02-16T00:00:00+00:00" }, { - "unique_content_id": "cd515c6026ee6098fc7b277ffd0c823b", + "unique_content_id": "b13223184b6b68b231a91e49ef3ee757", "aliases": [ "CVE-2021-3449", "VC-OPENSSL-20210325-CVE-2021-3449" @@ -9432,7 +9531,8 @@ "severities": [ { "value": "High", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -9441,7 +9541,7 @@ "date_published": "2021-03-25T00:00:00+00:00" }, { - "unique_content_id": "1c00a83795f7053ffbf8e1bd9a9625bf", + "unique_content_id": "c64723c0cebca9d2e3ed32708d0afd26", "aliases": [ "CVE-2021-3450", "VC-OPENSSL-20210325-CVE-2021-3450" @@ -9477,7 +9577,8 @@ "severities": [ { "value": "High", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -9486,7 +9587,7 @@ "date_published": "2021-03-25T00:00:00+00:00" }, { - "unique_content_id": "94ef1ad0f7c9d43e89a91d23c260991a", + "unique_content_id": "8e2e7b2bccf583aa4f73640981f9f28c", "aliases": [ "CVE-2021-3711", "VC-OPENSSL-20210824-CVE-2021-3711" @@ -9522,7 +9623,8 @@ "severities": [ { "value": "High", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -9531,7 +9633,7 @@ "date_published": "2021-08-24T00:00:00+00:00" }, { - "unique_content_id": "d983b35db2f988ada9600e40e90d1328", + "unique_content_id": "9bba434e660f689b603eba45f564f36b", "aliases": [ "CVE-2021-3712", "VC-OPENSSL-20210824-CVE-2021-3712" @@ -9584,7 +9686,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -9593,7 +9696,7 @@ "date_published": "2021-08-24T00:00:00+00:00" }, { - "unique_content_id": "8a881398b91d7f4f36aaa2b43dc26eee", + "unique_content_id": "2d60663dd3dcc1196b6957d86e64528a", "aliases": [ "CVE-2021-4044", "VC-OPENSSL-20211214-CVE-2021-4044" @@ -9629,7 +9732,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -9638,7 +9742,7 @@ "date_published": "2021-12-14T00:00:00+00:00" }, { - "unique_content_id": "61d5d76af214adb2277201f87a39172c", + "unique_content_id": "7e6fa0286e37a5ab70e652291081bd09", "aliases": [ "CVE-2021-4160", "VC-OPENSSL-20220128-CVE-2021-4160" @@ -9708,7 +9812,8 @@ "severities": [ { "value": "Moderate", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" @@ -9717,7 +9822,7 @@ "date_published": "2022-01-28T00:00:00+00:00" }, { - "unique_content_id": "b7cac498514c187f966805d58748e480", + "unique_content_id": "46263e25471907426341354aed6dc237", "aliases": [ "CVE-2022-0778", "VC-OPENSSL-20220315-CVE-2022-0778" @@ -9787,7 +9892,8 @@ "severities": [ { "value": "High", - "system": "generic_textual" + "system": "generic_textual", + "scoring_elements": "" } ], "reference_id": "" diff --git a/vulnerabilities/tests/test_data/pysec/pysec-expected-1.json b/vulnerabilities/tests/test_data/pysec/pysec-advisories_with_summary-expected.json similarity index 90% rename from vulnerabilities/tests/test_data/pysec/pysec-expected-1.json rename to vulnerabilities/tests/test_data/pysec/pysec-advisories_with_summary-expected.json index 0940b214d..e8f282bd0 100644 --- a/vulnerabilities/tests/test_data/pysec/pysec-expected-1.json +++ b/vulnerabilities/tests/test_data/pysec/pysec-advisories_with_summary-expected.json @@ -26,7 +26,8 @@ "severities": [ { "system": "generic_textual", - "value": "HIGH" + "value": "HIGH", + "scoring_elements": "" } ] }, @@ -36,7 +37,8 @@ "severities": [ { "system": "generic_textual", - "value": "HIGH" + "value": "HIGH", + "scoring_elements": "" } ] }, @@ -46,7 +48,8 @@ "severities": [ { "system": "generic_textual", - "value": "HIGH" + "value": "HIGH", + "scoring_elements": "" } ] } diff --git a/vulnerabilities/tests/test_data/pysec/pysec_test_1.json b/vulnerabilities/tests/test_data/pysec/pysec-advisories_with_summary.json similarity index 100% rename from vulnerabilities/tests/test_data/pysec/pysec_test_1.json rename to vulnerabilities/tests/test_data/pysec/pysec-advisories_with_summary.json diff --git a/vulnerabilities/tests/test_data/pysec/pysec-expected-2.json b/vulnerabilities/tests/test_data/pysec/pysec-advisories_without_summary-expected.json similarity index 90% rename from vulnerabilities/tests/test_data/pysec/pysec-expected-2.json rename to vulnerabilities/tests/test_data/pysec/pysec-advisories_without_summary-expected.json index 278523bba..0473bde99 100644 --- a/vulnerabilities/tests/test_data/pysec/pysec-expected-2.json +++ b/vulnerabilities/tests/test_data/pysec/pysec-advisories_without_summary-expected.json @@ -24,8 +24,9 @@ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40831", "severities": [ { - "system": "cvssv3.1_vector", - "value": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" + "system": "cvssv3.1", + "value": "7.1", + "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ] }, @@ -34,8 +35,9 @@ "url": "https://github.com/aws/aws-iot-device-sdk-cpp-v2", "severities": [ { - "system": "cvssv3.1_vector", - "value": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" + "system": "cvssv3.1", + "value": "7.1", + "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ] } diff --git a/vulnerabilities/tests/test_data/pysec/pysec_test_2.json b/vulnerabilities/tests/test_data/pysec/pysec-advisories_without_summary.json similarity index 100% rename from vulnerabilities/tests/test_data/pysec/pysec_test_2.json rename to vulnerabilities/tests/test_data/pysec/pysec-advisories_without_summary.json diff --git a/vulnerabilities/tests/test_data/redhat/redhat-expected.json b/vulnerabilities/tests/test_data/redhat/redhat-expected.json index 34ffbffcb..27ac1f8c8 100644 --- a/vulnerabilities/tests/test_data/redhat/redhat-expected.json +++ b/vulnerabilities/tests/test_data/redhat/redhat-expected.json @@ -12,7 +12,8 @@ "severities": [ { "system": "rhbs", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, @@ -22,11 +23,8 @@ "severities": [ { "system": "cvssv3", - "value": 6.3 - }, - { - "system": "cvssv3_vector", - "value": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" + "value": 6.3, + "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" } ] } @@ -201,7 +199,8 @@ "severities": [ { "system": "rhbs", - "value": "medium" + "value": "medium", + "scoring_elements": "" } ] }, @@ -211,7 +210,8 @@ "severities": [ { "system": "rhas", - "value": "Important" + "value": "Important", + "scoring_elements": "" } ] }, @@ -221,7 +221,8 @@ "severities": [ { "system": "rhas", - "value": "Important" + "value": "Important", + "scoring_elements": "" } ] }, @@ -231,11 +232,8 @@ "severities": [ { "system": "cvssv3", - "value": 5.3 - }, - { - "system": "cvssv3_vector", - "value": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + "value": 5.3, + "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ] } diff --git a/vulnerabilities/tests/test_data/ubuntu-oval-expected.json b/vulnerabilities/tests/test_data/ubuntu-oval-expected.json index 352de6ddc..f1b7d93b6 100644 --- a/vulnerabilities/tests/test_data/ubuntu-oval-expected.json +++ b/vulnerabilities/tests/test_data/ubuntu-oval-expected.json @@ -25,7 +25,8 @@ "severities": [ { "system": "generic_textual", - "value": "Medium" + "value": "Medium", + "scoring_elements": "" } ] }, @@ -35,7 +36,8 @@ "severities": [ { "system": "generic_textual", - "value": "Medium" + "value": "Medium", + "scoring_elements": "" } ] }, @@ -45,7 +47,8 @@ "severities": [ { "system": "generic_textual", - "value": "Medium" + "value": "Medium", + "scoring_elements": "" } ] } @@ -78,7 +81,8 @@ "severities": [ { "system": "generic_textual", - "value": "Medium" + "value": "Medium", + "scoring_elements": "" } ] }, @@ -88,7 +92,8 @@ "severities": [ { "system": "generic_textual", - "value": "Medium" + "value": "Medium", + "scoring_elements": "" } ] }, @@ -98,7 +103,8 @@ "severities": [ { "system": "generic_textual", - "value": "Medium" + "value": "Medium", + "scoring_elements": "" } ] }, @@ -108,7 +114,8 @@ "severities": [ { "system": "generic_textual", - "value": "Medium" + "value": "Medium", + "scoring_elements": "" } ] }, @@ -118,7 +125,8 @@ "severities": [ { "system": "generic_textual", - "value": "Medium" + "value": "Medium", + "scoring_elements": "" } ] }, @@ -128,7 +136,8 @@ "severities": [ { "system": "generic_textual", - "value": "Medium" + "value": "Medium", + "scoring_elements": "" } ] } diff --git a/vulnerabilities/tests/test_data_migrations.py b/vulnerabilities/tests/test_data_migrations.py index 74f1504a6..62c70b931 100644 --- a/vulnerabilities/tests/test_data_migrations.py +++ b/vulnerabilities/tests/test_data_migrations.py @@ -51,7 +51,6 @@ def setUpBeforeMigration(self, apps): class DuplicateSeverityTestCase(TestMigrations): - migrate_from = "0013_auto_20220503_0941" migrate_to = "0014_remove_duplicate_severities" @@ -60,7 +59,7 @@ def setUpBeforeMigration(self, apps): VulnerabilityReference = apps.get_model("vulnerabilities", "VulnerabilityReference") Severities = apps.get_model("vulnerabilities", "VulnerabilitySeverity") Vulnerability = apps.get_model("vulnerabilities", "Vulnerability") - + reference = VulnerabilityReference.objects.create( reference_id="CVE-TEST", url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-TEST" ) @@ -96,7 +95,6 @@ def test_remove_duplicate_rows(self): class DropVulnerabilityFromSeverityTestCase(TestMigrations): - migrate_from = "0014_remove_duplicate_severities" migrate_to = "0015_alter_vulnerabilityseverity_unique_together_and_more" @@ -116,7 +114,6 @@ def test_dropping_vulnerability_from_severity(self): class UpdateCPEURL(TestMigrations): - migrate_from = "0015_alter_vulnerabilityseverity_unique_together_and_more" migrate_to = "0016_update_cpe_url" @@ -133,5 +130,399 @@ def setUpBeforeMigration(self, apps): def test_cpe_url_update(self): # using get_model to avoid circular import VulnerabilityReference = self.apps.get_model("vulnerabilities", "VulnerabilityReference") - ref = VulnerabilityReference.objects.get(reference_id = self.reference.reference_id) - assert ref.url == "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*" + ref = VulnerabilityReference.objects.get(reference_id=self.reference.reference_id) + assert ( + ref.url + == "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*" + ) + + +class TestCvssVectorMigrationToScoringElementComputeNewScores(TestMigrations): + migrate_from = "0031_vulnerabilityseverity_scoring_elements" + migrate_to = "0032_vulnerabilityseverity_merge_cvss_score_and_vector" + + def setUpBeforeMigration(self, apps): + # using get_model to avoid circular import + VulnerabilitySeverity = apps.get_model("vulnerabilities", "VulnerabilitySeverity") + VulnerabilityReference = apps.get_model("vulnerabilities", "VulnerabilityReference") + reference = VulnerabilityReference.objects.create( + id=1, reference_id="fake-reference_id", url="fake-url" + ) + reference.save() + self.reference = reference + self.severities = [ + VulnerabilitySeverity.objects.create( + scoring_system=severity_systems.CVSSV2.identifier, + value="AV:N/AC:L/Au:N/C:P/I:P/A:P", + reference_id=1, + ), + VulnerabilitySeverity.objects.create( + scoring_system="cvssv2_vector", + value="AV:N/AC:L/Au:N/C:P/I:P/A:P", + reference_id=1, + ), + VulnerabilitySeverity.objects.create( + scoring_system="cvssv3_vector", + value="CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + reference_id=1, + ), + VulnerabilitySeverity.objects.create( + scoring_system="cvssv3.1_vector", + value="CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + reference_id=1, + ), + VulnerabilitySeverity.objects.create( + scoring_system="cvssv2_vector", + value="", + reference_id=1, + ), + VulnerabilitySeverity.objects.create( + scoring_system="generic_textual", + value="Low", + reference_id=1, + ), + VulnerabilitySeverity.objects.create( + scoring_system="rhbs", + value="medium", + reference_id=1, + ), + ] + for severity in self.severities: + severity.save() + + def test_compute_cvss(self): + # using get_model to avoid circular import + VulnerabilitySeverity = self.apps.get_model("vulnerabilities", "VulnerabilitySeverity") + severities = list( + VulnerabilitySeverity.objects.values( + "reference_id", "scoring_system", "value", "scoring_elements" + ).all() + ) + expected = [ + { + "reference_id": 1, + "scoring_system": "cvssv2", + "value": "7.5", + "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + }, + { + "reference_id": 1, + "scoring_system": "cvssv2", + "value": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "scoring_elements": None, + }, + { + "reference_id": 1, + "scoring_system": "cvssv3", + "value": "7.5", + "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + }, + { + "reference_id": 1, + "scoring_system": "cvssv3.1", + "value": "9.8", + "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + }, + { + "reference_id": 1, + "scoring_system": "generic_textual", + "value": "Low", + "scoring_elements": None, + }, + { + "reference_id": 1, + "scoring_system": "rhbs", + "value": "medium", + "scoring_elements": None, + }, + ] + assert severities == expected + + +class TestCvssVectorMigrationToScoringElementMergeRows(TestMigrations): + migrate_from = "0031_vulnerabilityseverity_scoring_elements" + migrate_to = "0032_vulnerabilityseverity_merge_cvss_score_and_vector" + + def setUpBeforeMigration(self, apps): + # using get_model to avoid circular import + VulnerabilitySeverity = apps.get_model("vulnerabilities", "VulnerabilitySeverity") + VulnerabilityReference = apps.get_model("vulnerabilities", "VulnerabilityReference") + self.reference_list = [ + VulnerabilityReference.objects.create( + id=1, + reference_id="fake-reference_id1", + url="fake-url1", + ), + VulnerabilityReference.objects.create( + id=2, + reference_id="fake-reference_id2", + url="fake-url2", + ), + VulnerabilityReference.objects.create( + id=3, + reference_id="fake-reference_id3", + url="fake-url3", + ), + VulnerabilityReference.objects.create( + id=4, + reference_id="fake-reference_id4", + url="fake-url4", + ), + VulnerabilityReference.objects.create( + id=5, + reference_id="fake-reference_id5", + url="fake-url5", + ), + ] + + for reference in self.reference_list: + reference.save() + + self.severities = [ + # test severity_cvss2 + VulnerabilitySeverity.objects.create( + scoring_system=severity_systems.CVSSV2.identifier, + value="7.5", + reference_id=1, + ), + VulnerabilitySeverity.objects.create( + scoring_system="cvssv2_vector", + value="AV:N/AC:L/Au:N/C:P/I:P/A:P", + reference_id=1, + ), + # test severity_cvss3 + VulnerabilitySeverity.objects.create( + scoring_system=severity_systems.CVSSV3.identifier, + value="7.5", + reference_id=2, + ), + VulnerabilitySeverity.objects.create( + scoring_system="cvssv3_vector", + value="CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + reference_id=2, + ), + # test severity_cvss3_1 + VulnerabilitySeverity.objects.create( + scoring_system=severity_systems.CVSSV31.identifier, + value="9.8", + reference_id=3, + ), + VulnerabilitySeverity.objects.create( + scoring_system="cvssv3.1_vector", + value="CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + reference_id=3, + ), + # test all type of severities for the same reference_id 4 + VulnerabilitySeverity.objects.create( + scoring_system=severity_systems.CVSSV2.identifier, + value="7.5", + reference_id=4, + ), + VulnerabilitySeverity.objects.create( + scoring_system="cvssv2_vector", + value="AV:N/AC:L/Au:N/C:P/I:P/A:P", + reference_id=4, + ), + VulnerabilitySeverity.objects.create( + scoring_system=severity_systems.CVSSV3.identifier, + value="7.5", + reference_id=4, + ), + VulnerabilitySeverity.objects.create( + scoring_system="cvssv3_vector", + value="CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + reference_id=4, + ), + VulnerabilitySeverity.objects.create( + scoring_system=severity_systems.CVSSV31.identifier, + value="9.8", + reference_id=4, + ), + VulnerabilitySeverity.objects.create( + scoring_system="cvssv3.1_vector", + value="CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + reference_id=4, + ), + VulnerabilitySeverity.objects.create( + scoring_system="generic_textual", + value="Low", + reference_id=4, + ), + VulnerabilitySeverity.objects.create( + scoring_system="rhbs", + value="medium", + reference_id=4, + ), + # solo cases + VulnerabilitySeverity.objects.create( + scoring_system=severity_systems.CVSSV3.identifier, + value="8", + reference_id=5, + ), + VulnerabilitySeverity.objects.create( + scoring_system="cvssv3.1_vector", + value="CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + # value="9.8", + reference_id=5, + ), + ] + + for severity in self.severities: + severity.save() + + def test_merge_rows(self): + # using get_model to avoid circular import + VulnerabilitySeverity = self.apps.get_model("vulnerabilities", "VulnerabilitySeverity") + + severities = list( + VulnerabilitySeverity.objects.values( + "reference_id", + "scoring_system", + "value", + "scoring_elements", + ).all() + ) + expected = [ + { + "reference_id": 1, + "scoring_system": "cvssv2", + "value": "7.5", + "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + }, + { + "reference_id": 2, + "scoring_system": "cvssv3", + "value": "7.5", + "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + }, + { + "reference_id": 3, + "scoring_system": "cvssv3.1", + "value": "9.8", + "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + }, + { + "reference_id": 4, + "scoring_system": "cvssv2", + "value": "7.5", + "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + }, + { + "reference_id": 4, + "scoring_system": "cvssv3", + "value": "7.5", + "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + }, + { + "reference_id": 4, + "scoring_system": "cvssv3.1", + "value": "9.8", + "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + }, + { + "reference_id": 4, + "scoring_system": "generic_textual", + "value": "Low", + "scoring_elements": None, + }, + { + "reference_id": 4, + "scoring_system": "rhbs", + "value": "medium", + "scoring_elements": None, + }, + { + "reference_id": 5, + "scoring_system": "cvssv3", + "value": "8", + "scoring_elements": None, + }, + { + "reference_id": 5, + "scoring_system": "cvssv3.1", + "value": "9.8", + "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + }, + ] + assert severities == expected + + +class TestCvssVectorMigrationToScoringElementMergeRowsWithDupes(TestMigrations): + migrate_from = "0031_vulnerabilityseverity_scoring_elements" + migrate_to = "0032_vulnerabilityseverity_merge_cvss_score_and_vector" + + def setUpBeforeMigration(self, apps): + # using get_model to avoid circular import + VulnerabilitySeverity = apps.get_model("vulnerabilities", "VulnerabilitySeverity") + VulnerabilityReference = apps.get_model("vulnerabilities", "VulnerabilityReference") + self.v1 = VulnerabilityReference.objects.create( + id=1, + reference_id="fake-reference_id1", + url="fake-url1", + ) + self.v1.save() + + self.severities = [ + # no matching vector: should stay as is + VulnerabilitySeverity.objects.create( + scoring_system=severity_systems.CVSSV2.identifier, + value="8.3", + reference_id=1, + ), + # no matching score: score should be computed + VulnerabilitySeverity.objects.create( + scoring_system="cvssv2_vector", + value="AV:N/AC:H/Au:N/C:P/I:P/A:P", + reference_id=1, + ), + # pair of score/vector: should be merged + VulnerabilitySeverity.objects.create( + scoring_system=severity_systems.CVSSV2.identifier, + value="7.5", + reference_id=1, + ), + VulnerabilitySeverity.objects.create( + scoring_system="cvssv2_vector", + value="AV:N/AC:L/Au:N/C:P/I:P/A:P", + reference_id=1, + ), + ] + + for severity in self.severities: + severity.save() + + def test_merge_rows(self): + # using get_model to avoid circular import + VulnerabilitySeverity = self.apps.get_model("vulnerabilities", "VulnerabilitySeverity") + + severities = list( + VulnerabilitySeverity.objects.values( + "reference_id", + "scoring_system", + "value", + "scoring_elements", + ).all() + ) + + expected = [ + { + "reference_id": 1, + "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "scoring_system": "cvssv2", + "value": "5.1", + }, + { + "reference_id": 1, + "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "scoring_system": "cvssv2", + "value": "7.5", + }, + { + "reference_id": 1, + "scoring_elements": None, + "scoring_system": "cvssv2", + "value": "8.3", + }, + ] + + assert severities == expected diff --git a/vulnerabilities/tests/test_data_source.py b/vulnerabilities/tests/test_data_source.py index c4d9dfb1d..b2f173029 100644 --- a/vulnerabilities/tests/test_data_source.py +++ b/vulnerabilities/tests/test_data_source.py @@ -34,15 +34,15 @@ def load_oval_data(): class MockOvalImporter(OvalImporter): spdx_license_expression = "FOO-BAR" + class MockGitImporter(GitImporter): spdx_license_expression = "FOO-BAR" + def test_create_purl(): purl1 = PackageURL(name="ffmpeg", type="test") - assert purl1 == MockOvalImporter().create_purl( - pkg_name="ffmpeg", pkg_data={"type": "test"} - ) + assert purl1 == MockOvalImporter().create_purl(pkg_name="ffmpeg", pkg_data={"type": "test"}) purl2 = PackageURL( name="notepad", @@ -61,6 +61,7 @@ def test_create_purl(): }, ) + def test__collect_pkgs(): xmls = load_oval_data() @@ -81,9 +82,11 @@ def test__collect_pkgs(): assert found_suse_pkgs == expected_suse_pkgs assert found_ubuntu_pkgs == expected_ubuntu_pkgs + def clone(self): pass + @patch("vulnerabilities.importer.GitImporter.clone") def test_git_importer(mock_clone): mock_clone.return_value = clone diff --git a/vulnerabilities/tests/test_github.py b/vulnerabilities/tests/test_github.py index 1b66c30e9..90134f2a5 100644 --- a/vulnerabilities/tests/test_github.py +++ b/vulnerabilities/tests/test_github.py @@ -26,6 +26,7 @@ from vulnerabilities.importers.github import GitHubAPIImporter from vulnerabilities.importers.github import GitHubBasicImprover from vulnerabilities.importers.github import process_response +from vulnerabilities.tests.util_tests import VULNERABLECODE_REGEN_TEST_FIXTURES as REGEN from vulnerabilities.utils import GitHubTokenError BASE_DIR = os.path.dirname(os.path.abspath(__file__)) @@ -33,7 +34,7 @@ @pytest.mark.parametrize("pkg_type", ["maven", "nuget", "gem", "golang", "composer", "pypi"]) -def test_process_response_github_importer(pkg_type, regen=False): +def test_process_response_github_importer(pkg_type, regen=REGEN): response_file = os.path.join(TEST_DATA, f"{pkg_type}.json") expected_file = os.path.join(TEST_DATA, f"{pkg_type}-expected.json") with open(response_file) as f: @@ -175,7 +176,7 @@ def valid_versions(): @mock.patch("vulnerabilities.importers.github.GitHubBasicImprover.get_package_versions") -def test_github_improver(mock_response, regen=False): +def test_github_improver(mock_response, regen=REGEN): advisory_data = AdvisoryData( aliases=["CVE-2022-21831", "GHSA-w749-p3v6-hccq"], summary="Possible code injection vulnerability in Rails / Active Storage", diff --git a/vulnerabilities/tests/test_nvd.py b/vulnerabilities/tests/test_nvd.py index 6b46a3c03..af7e2f19b 100644 --- a/vulnerabilities/tests/test_nvd.py +++ b/vulnerabilities/tests/test_nvd.py @@ -11,6 +11,7 @@ import os from vulnerabilities.importers import nvd +from vulnerabilities.tests.util_tests import VULNERABLECODE_REGEN_TEST_FIXTURES as REGEN BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data/nvd/nvd_test.json") @@ -23,7 +24,8 @@ def load_test_data(): def sorted_advisory_data(advisory_data): """ - Sorted nested lists in a list of AdvisoryData mappings. + Return ``advisory_data`` of AdvisoryData mappings where each mapping nested + list is sorted for stable testing results. """ sorter = lambda dct: tuple(dct.items()) for data in advisory_data: @@ -33,7 +35,7 @@ def sorted_advisory_data(advisory_data): return advisory_data -def test_to_advisories_skips_hardware(regen=False): +def test_to_advisories_skips_hardware(regen=REGEN): expected_file = os.path.join(BASE_DIR, "test_data/nvd/nvd-expected.json") test_data = load_test_data() diff --git a/vulnerabilities/tests/test_osv.py b/vulnerabilities/tests/test_osv.py index 1c6bce28b..3ca50cebf 100644 --- a/vulnerabilities/tests/test_osv.py +++ b/vulnerabilities/tests/test_osv.py @@ -154,10 +154,12 @@ def test_get_severities7(self): } ) ) + expected = [ VulnerabilitySeverity( - system=SCORING_SYSTEMS["cvssv3.1_vector"], - value="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + system=SCORING_SYSTEMS["cvssv3.1"], + value="7.1", + scoring_elements="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", ) ] assert results == expected @@ -183,12 +185,14 @@ def test_get_severities8(self): expected = [ VulnerabilitySeverity( - system=SCORING_SYSTEMS["cvssv3.1_vector"], - value="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + system=SCORING_SYSTEMS["cvssv3.1"], + value="7.1", + scoring_elements="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", ), VulnerabilitySeverity( - system=SCORING_SYSTEMS["cvssv3.1_vector"], - value="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + system=SCORING_SYSTEMS["cvssv3.1"], + value="7.1", + scoring_elements="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", ), ] assert results == expected diff --git a/vulnerabilities/tests/test_postgresql.py b/vulnerabilities/tests/test_postgresql.py index ffdffe625..eac336bf6 100644 --- a/vulnerabilities/tests/test_postgresql.py +++ b/vulnerabilities/tests/test_postgresql.py @@ -95,10 +95,7 @@ def test_to_advisories(self): VulnerabilitySeverity( system=severity_systems.CVSSV3, value="3.1", - ), - VulnerabilitySeverity( - system=severity_systems.CVSSV3_VECTOR, - value=["AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"], + scoring_elements="AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", ), ], ), @@ -177,10 +174,7 @@ def test_to_advisories(self): VulnerabilitySeverity( system=severity_systems.CVSSV3, value="6.7", - ), - VulnerabilitySeverity( - system=severity_systems.CVSSV3_VECTOR, - value=["AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"], + scoring_elements="AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", ), ], ), diff --git a/vulnerabilities/tests/test_pysec.py b/vulnerabilities/tests/test_pysec.py index 8af2118ca..f5d8107ac 100644 --- a/vulnerabilities/tests/test_pysec.py +++ b/vulnerabilities/tests/test_pysec.py @@ -11,7 +11,8 @@ from unittest import TestCase from vulnerabilities.importers.osv import parse_advisory_data -from vulnerabilities.tests import util_tests +from vulnerabilities.tests.util_tests import VULNERABLECODE_REGEN_TEST_FIXTURES as REGEN +from vulnerabilities.tests.util_tests import check_results_against_json BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data/pysec") @@ -19,17 +20,26 @@ class TestPyPIImporter(TestCase): def test_to_advisories_with_summary(self): - with open(os.path.join(TEST_DATA, "pysec_test_1.json")) as f: + with open(os.path.join(TEST_DATA, "pysec-advisories_with_summary.json")) as f: mock_response = json.load(f) - expected_file = os.path.join(TEST_DATA, f"pysec-expected-1.json") - imported_data = parse_advisory_data(mock_response, "pypi") - result = imported_data.to_dict() - util_tests.check_results_against_json(result, expected_file) + results = parse_advisory_data(mock_response, "pypi").to_dict() + + expected_file = os.path.join(TEST_DATA, "pysec-advisories_with_summary-expected.json") + check_results_against_json( + results=results, + expected_file=expected_file, + regen=REGEN, + ) def test_to_advisories_without_summary(self): - with open(os.path.join(TEST_DATA, "pysec_test_2.json")) as f: + with open(os.path.join(TEST_DATA, "pysec-advisories_without_summary.json")) as f: mock_response = json.load(f) - expected_file = os.path.join(TEST_DATA, f"pysec-expected-2.json") - imported_data = parse_advisory_data(mock_response, "pypi") - result = imported_data.to_dict() - util_tests.check_results_against_json(result, expected_file) + + results = parse_advisory_data(mock_response, "pypi").to_dict() + + expected_file = os.path.join(TEST_DATA, "pysec-advisories_without_summary-expected.json") + check_results_against_json( + results=results, + expected_file=expected_file, + regen=REGEN, + ) diff --git a/vulnerabilities/tests/test_redhat_importer.py b/vulnerabilities/tests/test_redhat_importer.py index dc947bf36..582903fdd 100644 --- a/vulnerabilities/tests/test_redhat_importer.py +++ b/vulnerabilities/tests/test_redhat_importer.py @@ -32,18 +32,18 @@ def test_rpm_to_purl(): ) -@patch("vulnerabilities.importers.redhat.fetch_list_of_cves") +@patch("vulnerabilities.importers.redhat.fetch_cves") @patch("vulnerabilities.importers.redhat.get_data_from_url") def test_redhat_importer(get_data_from_url, fetcher): redhat_importer = redhat.RedhatImporter() - response_file = os.path.join(TEST_DATA, f"redhat-input.json") + response_file = os.path.join(TEST_DATA, "redhat-input.json") with open(response_file) as f: fetcher.return_value = [json.load(f)] - bugzilla_2075788_response_file = os.path.join(TEST_DATA, f"bugzilla-2075788.json") - bugzilla_2077736_response_file = os.path.join(TEST_DATA, f"bugzilla-2077736.json") - rhsa_1437 = os.path.join(TEST_DATA, f"RHSA-2022:1437.json") - rhsa_1439 = os.path.join(TEST_DATA, f"RHSA-2022:1439.json") + bugzilla_2075788_response_file = os.path.join(TEST_DATA, "bugzilla-2075788.json") + bugzilla_2077736_response_file = os.path.join(TEST_DATA, "bugzilla-2077736.json") + rhsa_1437 = os.path.join(TEST_DATA, "RHSA-2022:1437.json") + rhsa_1439 = os.path.join(TEST_DATA, "RHSA-2022:1439.json") get_data_from_url.side_effect = [ json.load(open(bugzilla_2075788_response_file)), json.load(open(bugzilla_2077736_response_file)), @@ -51,7 +51,7 @@ def test_redhat_importer(get_data_from_url, fetcher): json.load(open(rhsa_1437)), None, ] - expected_file = os.path.join(TEST_DATA, f"redhat-expected.json") + expected_file = os.path.join(TEST_DATA, "redhat-expected.json") imported_data = list(redhat_importer.advisory_data()) result = [data.to_dict() for data in imported_data] util_tests.check_results_against_json(result, expected_file) diff --git a/vulnerabilities/tests/test_suse_scores.py b/vulnerabilities/tests/test_suse_scores.py index 6a8ba09c1..4f6b39a8a 100644 --- a/vulnerabilities/tests/test_suse_scores.py +++ b/vulnerabilities/tests/test_suse_scores.py @@ -35,18 +35,12 @@ def test_to_advisory(self): VulnerabilitySeverity( system=severity_systems.CVSSV2, value="4.3", - ), - VulnerabilitySeverity( - system=severity_systems.CVSSV2_VECTOR, - value="AV:N/AC:M/Au:N/C:N/I:N/A:P", + scoring_elements="AV:N/AC:M/Au:N/C:N/I:N/A:P", ), VulnerabilitySeverity( system=severity_systems.CVSSV31, value="3.7", - ), - VulnerabilitySeverity( - system=severity_systems.CVSSV31_VECTOR, - value="CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + scoring_elements="CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", ), ], ) @@ -63,10 +57,7 @@ def test_to_advisory(self): VulnerabilitySeverity( system=severity_systems.CVSSV3, value="8.6", - ), - VulnerabilitySeverity( - system=severity_systems.CVSSV3_VECTOR, - value="CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + scoring_elements="CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", ), ], ) diff --git a/vulnerabilities/tests/test_upstream.py b/vulnerabilities/tests/test_upstream.py index b0cdcaef0..925d28d80 100644 --- a/vulnerabilities/tests/test_upstream.py +++ b/vulnerabilities/tests/test_upstream.py @@ -7,57 +7,25 @@ # See https://aboutcode.org for more information about nexB OSS projects. # -import inspect -from unittest.mock import patch - import pytest -from vulnerabilities import importers -from vulnerabilities.importer import AdvisoryData -from vulnerabilities.importer_yielder import IMPORTERS_REGISTRY - -MAX_ADVISORIES = 1 - - -class MaxAdvisoriesCreatedInterrupt(BaseException): - # Inheriting BaseException is intentional because the function being tested might catch Exception - pass +from vulnerabilities.importers import IMPORTERS_REGISTRY @pytest.mark.webtest @pytest.mark.parametrize( - ("data_source", "config"), - ((data["data_source"], data["data_source_cfg"]) for data in IMPORTERS_REGISTRY), + ("importer_name", "importer_class"), + IMPORTERS_REGISTRY.items(), ) -def test_updated_advisories(data_source, config): - if not data_source == "GitHubAPIImporter": - data_src = getattr(importers, data_source) - data_src = data_src(batch_size=MAX_ADVISORIES, config=config) - advisory_counter = 0 - - def patched_advisory(*args, **kwargs): - nonlocal advisory_counter - - if advisory_counter >= MAX_ADVISORIES: - raise MaxAdvisoriesCreatedInterrupt - - advisory_counter += 1 - return Advisory(*args, **kwargs) - - module = inspect.getmodule(data_src) - module_members = [m[0] for m in inspect.getmembers(module)] - advisory_class = f"{module.__name__}.Advisory" - if "Advisory" not in module_members: - advisory_class = "vulnerabilities.importer.Advisory" - - # Either - # 1) Advisory class is successfully patched and MaxAdvisoriesCreatedInterrupt is thrown when - # an importer tries to create an Advisory or - # 2) Importer somehow bypasses the patch / handles BaseException internally, then - # updated_advisories is required to return non zero advisories - with patch(advisory_class, side_effect=patched_advisory): - try: - with data_src: - assert len(list(data_src.updated_advisories())) > 0 - except MaxAdvisoriesCreatedInterrupt: - pass +def test_updated_advisories(importer_name, importer_class): + # FIXME: why are we doing this? + if importer_name.endswith("GitHubAPIImporter"): + return + + advisory_datas = importer_class().advisory_data() + for advisory_data in advisory_datas: + # stop after a single import + break + + # check that we have at least one advisory_data + assert advisory_data.to_dict()