Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: handle unknown values in metric_finder (Fixes #4578) #4682

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix: handle unknown values in metric_finder (Fixes #4578) #4682

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
79e91d1
Fixes #4578 ([CVEDB] Why does the function metric_finder returns unkn…
vedpawar2254 Jan 9, 2025
b7369fe
Update cvedb.py
vedpawar2254 Jan 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 17 additions & 2 deletions cve_bin_tool/cvedb.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@
DBNAME = "cve.db"
OLD_CACHE_DIR = Path("~") / ".cache" / "cvedb"

UNKNOWN_METRIC_ID = 0
EPSS_METRIC_ID = 1
CVSS_2_METRIC_ID = 2
CVSS_3_METRIC_ID = 3
Expand Down Expand Up @@ -416,6 +417,9 @@ def init_database(self) -> None:
for table in self.TABLE_SCHEMAS:
cursor.execute(self.TABLE_SCHEMAS[table])

# Ensure the UNKNOWN metric exists
self.ensure_unknown_metric(cursor)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The blank line here has some extra spaces or a tab in it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @terriko , it should be good now, my vs code extensions are messing with me 😅, also there are some broken links in MANUAL.md as pointed out by @Molkree, i'll raise a pr to fix it, should i also create a issue.
I think I'll also checkout the other docs to see if there are any broken links or smtg

# add indexes
for index in self.INDEXES:
cursor.execute(self.INDEXES[index])
Expand Down Expand Up @@ -619,6 +623,7 @@ def populate_metrics(self):
# Insert a row without specifying cve_metrics_id
insert_metrics = self.INSERT_QUERIES["insert_metrics"]
data = [
(UNKNOWN_METRIC_ID, "UNKNOWN"),
(EPSS_METRIC_ID, "EPSS"),
(CVSS_2_METRIC_ID, "CVSS-2"),
(CVSS_3_METRIC_ID, "CVSS-3"),
Expand All @@ -632,15 +637,15 @@ def populate_metrics(self):
def metric_finder(self, cursor, cve):
"""
SQL query to retrieve the metrics_name based on the metrics_id
currently cve["CVSS_version"] return 2,3 based on there version and they are mapped accordingly to there metrics name in metrics table.
currently cve["CVSS_version"] return 2,3 based on their version and they are mapped accordingly to their metrics name in metrics table.
"""
query = """
SELECT metrics_id FROM metrics
WHERE metrics_id=?
"""
metric = None
if cve["CVSS_version"] == "unknown":
metric = "unknown"
metric = 0
else:
cursor.execute(query, [cve.get("CVSS_version")])
# Fetch all the results of the query and use 'map' to extract only the 'metrics_name' from the result
Expand Down Expand Up @@ -1173,8 +1178,18 @@ def fetch_from_mirror(self, mirror, pubkey, ignore_signature, log_signature_erro

@contextlib.contextmanager
def with_cursor(self):
"""Context manager for database cursor."""
cursor = self.db_open_and_get_cursor()
try:
yield cursor
finally:
self.db_close()

def ensure_unknown_metric(self, cursor):
"""Ensure that the UNKNOWN metric exists in the metrics table."""
insert_metrics = self.INSERT_QUERIES["insert_metrics"]
try:
cursor.execute(insert_metrics, (UNKNOWN_METRIC_ID, "UNKNOWN"))
except sqlite3.IntegrityError:
# The metric already exists, no action needed
pass
Loading