Skip to content

Commit

Permalink
fix: KeyError in format_data function (intel#3452)
Browse files Browse the repository at this point in the history 
* Update osv_source.py

Debugged the code based on a basic problem that I faced while installing cve-bin-tool

* fix: flake8 and codeql tweaks

* chore: blacken cve_bin_tool/data_sources/osv_source.py

---------

Co-authored-by: Terri Oda <terri.oda@intel.com>
  • Loading branch information
@joydeep049 @terriko
joydeep049 and terriko committed Nov 16, 2023
1 parent df8404f commit a5e446c
Showing 1 changed file with 12 additions and 9 deletions.
21 changes: 12 additions & 9 deletions cve_bin_tool/data_sources/osv_source.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -292,15 +292,18 @@ def format_data(self, all_cve_entries):

severity_data.append(cve)

for package in cve_item["affected"]:
product = package["package"]["name"]
for package_data in cve_item.get("affected", []):
package = package_data.get("package", {})
if not package:
continue

product = package.get("name")
vendor = (
"unknown" # OSV Schema does not provide vendor names for packages
)
if (
"github.com/" in product
): # if package name is of format github.com/xxxx/yyyy xxxx can be vendor name and yyyy is package name
vendor = product.split("/")[-2] # trying to guess vendor name

if product.startswith("github.com/"):
vendor = product.split("/")[-2]
product = product.split("/")[-1]

affected = {
Expand All @@ -315,12 +318,12 @@ def format_data(self, all_cve_entries):
}

events = None
for ranges in package.get("ranges", []):
for ranges in package_data.get("ranges", []):
if ranges["type"] == "SEMVER":
events = ranges["events"]

if events is None and "versions" in package:
versions = package["versions"]
if events is None and "versions" in package_data:
versions = package_data["versions"]

if versions == []:
continue
Expand Down

0 comments on commit a5e446c

Please sign in to comment.