Parse advisory data from raw JSON data and return an AdvisoryData object. Args: raw_data (dict): Raw JSON data containing advisory information. Returns: AdvisoryData: Parsed advisory data as an AdvisoryData object. Example: >>> raw_data = { ...
(raw_data)
| 56 | |
| 57 | |
| 58 | def parse_advisory_data(raw_data) -> AdvisoryData: |
| 59 | """ |
| 60 | Parse advisory data from raw JSON data and return an AdvisoryData object. |
| 61 | |
| 62 | Args: |
| 63 | raw_data (dict): Raw JSON data containing advisory information. |
| 64 | |
| 65 | Returns: |
| 66 | AdvisoryData: Parsed advisory data as an AdvisoryData object. |
| 67 | |
| 68 | Example: |
| 69 | >>> raw_data = { |
| 70 | ... "aliases": ["CVE-2024-2379"], |
| 71 | ... "summary": "QUIC certificate check bypass with wolfSSL", |
| 72 | ... "database_specific": { |
| 73 | ... "package": "curl", |
| 74 | ... "URL": "https://curl.se/docs/CVE-2024-2379.json", |
| 75 | ... "www": "https://curl.se/docs/CVE-2024-2379.html", |
| 76 | ... "issue": "https://hackerone.com/reports/2410774", |
| 77 | ... "severity": "Low", |
| 78 | ... "CWE": { |
| 79 | ... "id": "CWE-297", |
| 80 | ... "desc": "Improper Validation of Certificate with Host Mismatch" |
| 81 | ... }, |
| 82 | ... }, |
| 83 | ... "published": "2024-03-27T08:00:00.00Z", |
| 84 | ... "affected": [ |
| 85 | ... { |
| 86 | ... "ranges": [ |
| 87 | ... { |
| 88 | ... "type": "SEMVER", |
| 89 | ... "events": [ |
| 90 | ... {"introduced": "8.6.0"}, |
| 91 | ... {"fixed": "8.7.0"} |
| 92 | ... ] |
| 93 | ... } |
| 94 | ... ], |
| 95 | ... "versions": ["8.6.0"] |
| 96 | ... } |
| 97 | ... ] |
| 98 | ... } |
| 99 | >>> parse_advisory_data(raw_data) |
| 100 | AdvisoryData(aliases=['CVE-2024-2379'], summary='QUIC certificate check bypass with wolfSSL', affected_packages=[AffectedPackage(package=PackageURL(type='generic', namespace='curl.se', name='curl', version=None, qualifiers={}, subpath=None), affected_version_range=GenericVersionRange(constraints=(VersionConstraint(comparator='=', version=SemverVersion(string='8.6.0')),)), fixed_version=SemverVersion(string='8.7.0'))], references=[Reference(reference_id='', reference_type='', url='https://curl.se/docs/CVE-2024-2379.html', severities=[VulnerabilitySeverity(system=Cvssv3ScoringSystem(identifier='cvssv3.1', name='CVSSv3.1 Base Score', url='https://www.first.org/cvss/v3-1/', notes='CVSSv3.1 base score and vector'), value='Low', scoring_elements='', published_at=None, url=None)]), Reference(reference_id='', reference_type='', url='https://hackerone.com/reports/2410774', severities=[])], date_published=datetime.datetime(2024, 3, 27, 8, 0, tzinfo=datetime.timezone.utc), weaknesses=[297], url='https://curl.se/docs/CVE-2024-2379.json') |
| 101 | """ |
| 102 | |
| 103 | affected = get_item(raw_data, "affected")[0] if len(get_item(raw_data, "affected")) > 0 else [] |
| 104 | |
| 105 | ranges = get_item(affected, "ranges")[0] if len(get_item(affected, "ranges")) > 0 else [] |
| 106 | events = get_item(ranges, "events")[1] if len(get_item(ranges, "events")) > 1 else {} |
| 107 | version_type = get_item(ranges, "type") if get_item(ranges, "type") else "" |
| 108 | fixed_version = events.get("fixed") |
| 109 | if version_type == "SEMVER" and fixed_version: |
| 110 | fixed_version = SemverVersion(fixed_version) |
| 111 | |
| 112 | purl = PackageURL(type="generic", namespace="curl.se", name="curl") |
| 113 | versions = affected.get("versions") or [] |
| 114 | affected_version_range = GenericVersionRange.from_versions(versions) |
| 115 |