fix: blank path gets added when using triage_input_file option (#3264)

intel · Aug 17, 2023 · 9b65b25 · 9b65b25
1 parent 6b0f36e
commit 9b65b25
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/cve_bin_tool/cve_scanner.py b/cve_bin_tool/cve_scanner.py
@@ -84,7 +84,7 @@ def get_cves(self, product_info: ProductInfo, triage_data: TriageData):
                 f"{product_info} already processed. Update path {triage_data['paths']}"
             )
             # self.products_with_cve += 1
-            self.all_cve_data[product_info]["paths"] |= triage_data["paths"]
+            self.all_cve_data[product_info]["paths"] |= set(triage_data["paths"])
             return
 
         # Check for anything directly marked
@@ -283,7 +283,7 @@ def get_cves(self, product_info: ProductInfo, triage_data: TriageData):
                         f"{len(cves)} CVE(s) in {product_info.vendor}.{product_info.product} version {product_info.version}"
                     )
                 self.all_cve_data[product_info]["cves"] = cves
-                self.all_cve_data[product_info]["paths"] |= triage_data["paths"]
+                self.all_cve_data[product_info]["paths"] |= set(triage_data["paths"])
             else:
                 # No cves found for (product, vendor, version) tuple in the NVD database.
                 self.products_without_cve += 1

diff --git a/cve_bin_tool/input_engine.py b/cve_bin_tool/input_engine.py
@@ -151,7 +151,7 @@ def strip_remark(detail) -> str:
                                 self.parsed_data[product_info][id.strip() or "default"][
                                     "severity"
                                 ] = severity.strip()
-                            self.parsed_data[product_info]["paths"] = {""}
+                            self.parsed_data[product_info]["paths"] = {}
 
     def parse_data(self, fields: Set[str], data: Iterable) -> None:
         required_fields = {"vendor", "product", "version"}

diff --git a/test/test_input_engine.py b/test/test_input_engine.py
@@ -66,15 +66,15 @@ class TestInputEngine:
                 "remarks": Remarks.Confirmed,
                 "severity": "CRITICAL",
             },
-            "paths": {""},
+            "paths": {},
         },
         ProductInfo("gnu", "glibc", "2.33"): {
             "CVE-2021-1234": {
                 "comments": "",
                 "remarks": Remarks.Unexplored,
                 "severity": "HIGH",
             },
-            "paths": {""},
+            "paths": {},
         },
     }
     # cyclonedx currently doesn't have vendors
@@ -85,15 +85,15 @@ class TestInputEngine:
                 "remarks": Remarks.Confirmed,
                 "severity": "CRITICAL",
             },
-            "paths": {""},
+            "paths": {},
         },
         ProductInfo("UNKNOWN", "glibc", "2.33"): {
             "CVE-2021-1234": {
                 "comments": "",
                 "remarks": Remarks.Unexplored,
                 "severity": "HIGH",
             },
-            "paths": {""},
+            "paths": {},
         },
     }
     MISSING_FIELD_REGEX = re.compile(