feat: find_vendor not able to find vendors with matching product IN P…

…ROGRESS Signed-off-by: John Andersen <[email protected]>
johnandersen777 · Jun 17, 2024 · 57b71a1 · 57b71a1
1 parent 327969e
commit 57b71a1
Showing 1 changed file with 28 additions and 2 deletions.
diff --git a/cve_bin_tool/parsers/env.py b/cve_bin_tool/parsers/env.py
@@ -112,6 +112,7 @@ def run_checker(self, filename):
                 "cve_id": cve.ad_hoc_cve_id,
                 "vendor": cve.vendor,
                 "product": cve.product,
+                # TODO Version MUST be unique to this bug!
                 "version": cve.version,
                 "versionStartIncluding": "",
                 # "versionStartIncluding": cve.version,
@@ -122,10 +123,35 @@ def run_checker(self, filename):
             }
             for _namespace, cve in env_config.namespaces.items()
         ]
+        severity_data = [
+            {
+                "ID": cve.ad_hoc_cve_id,
+                # TODO severity
+                "severity": "LOW",
+                # TODO description
+                "description": "TODO",
+                # TODO score
+                "score": 0,
+                # TODO CVSS_version
+                "CVSS_version": "unknown",
+                # TODO CVSS_vector
+                "CVSS_vector": "",
+                # TODO Ideally this comes from bisecting and pinpointing the
+                # bug's introduction to the codebase
+                "last_modified": "",
+            }
+            for _namespace, cve in env_config.namespaces.items()
+        ]
+
+        with self.cve_db.with_cursor() as cursor:
+            for _namespace, cve in env_config.namespaces.items():
+                cursor.execute(f"DELETE from cve_range where product='{cve.product}'")
         with self.cve_db.with_cursor() as cursor:
             self.cve_db.populate_affected(affected_data, cursor, data_source)
+            self.cve_db.populate_severity(severity_data, cursor, data_source)
+            self.cve_db.populate_cve_metrics(severity_data, cursor)
 
-            for _namespace, cve in env_config.namespaces.items():
-                yield from self.find_vendor(cve.product, cve.version)
+        for _namespace, cve in env_config.namespaces.items():
+            yield from self.find_vendor(cve.product, cve.vendor)
 
         # TODO VEX attached via linked data to ad-hoc CVE-ID