MCPcopy Create free account
hub / github.com/aboutcode-org/vulnerablecode / parse_advisory_data

Function parse_advisory_data

vulnerabilities/importers/curl.py:58–146  ·  view source on GitHub ↗

Parse advisory data from raw JSON data and return an AdvisoryData object. Args: raw_data (dict): Raw JSON data containing advisory information. Returns: AdvisoryData: Parsed advisory data as an AdvisoryData object. Example: >>> raw_data = { ...

(raw_data)

Source from the content-addressed store, hash-verified

56
57
58def parse_advisory_data(raw_data) -> AdvisoryData:
59 """
60 Parse advisory data from raw JSON data and return an AdvisoryData object.
61
62 Args:
63 raw_data (dict): Raw JSON data containing advisory information.
64
65 Returns:
66 AdvisoryData: Parsed advisory data as an AdvisoryData object.
67
68 Example:
69 >>> raw_data = {
70 ... "aliases": ["CVE-2024-2379"],
71 ... "summary": "QUIC certificate check bypass with wolfSSL",
72 ... "database_specific": {
73 ... "package": "curl",
74 ... "URL": "https://curl.se/docs/CVE-2024-2379.json",
75 ... "www": "https://curl.se/docs/CVE-2024-2379.html",
76 ... "issue": "https://hackerone.com/reports/2410774",
77 ... "severity": "Low",
78 ... "CWE": {
79 ... "id": "CWE-297",
80 ... "desc": "Improper Validation of Certificate with Host Mismatch"
81 ... },
82 ... },
83 ... "published": "2024-03-27T08:00:00.00Z",
84 ... "affected": [
85 ... {
86 ... "ranges": [
87 ... {
88 ... "type": "SEMVER",
89 ... "events": [
90 ... {"introduced": "8.6.0"},
91 ... {"fixed": "8.7.0"}
92 ... ]
93 ... }
94 ... ],
95 ... "versions": ["8.6.0"]
96 ... }
97 ... ]
98 ... }
99 >>> parse_advisory_data(raw_data)
100 AdvisoryData(aliases=['CVE-2024-2379'], summary='QUIC certificate check bypass with wolfSSL', affected_packages=[AffectedPackage(package=PackageURL(type='generic', namespace='curl.se', name='curl', version=None, qualifiers={}, subpath=None), affected_version_range=GenericVersionRange(constraints=(VersionConstraint(comparator='=', version=SemverVersion(string='8.6.0')),)), fixed_version=SemverVersion(string='8.7.0'))], references=[Reference(reference_id='', reference_type='', url='https://curl.se/docs/CVE-2024-2379.html', severities=[VulnerabilitySeverity(system=Cvssv3ScoringSystem(identifier='cvssv3.1', name='CVSSv3.1 Base Score', url='https://www.first.org/cvss/v3-1/', notes='CVSSv3.1 base score and vector'), value='Low', scoring_elements='', published_at=None, url=None)]), Reference(reference_id='', reference_type='', url='https://hackerone.com/reports/2410774', severities=[])], date_published=datetime.datetime(2024, 3, 27, 8, 0, tzinfo=datetime.timezone.utc), weaknesses=[297], url='https://curl.se/docs/CVE-2024-2379.json')
101 """
102
103 affected = get_item(raw_data, "affected")[0] if len(get_item(raw_data, "affected")) > 0 else []
104
105 ranges = get_item(affected, "ranges")[0] if len(get_item(affected, "ranges")) > 0 else []
106 events = get_item(ranges, "events")[1] if len(get_item(ranges, "events")) > 1 else {}
107 version_type = get_item(ranges, "type") if get_item(ranges, "type") else ""
108 fixed_version = events.get("fixed")
109 if version_type == "SEMVER" and fixed_version:
110 fixed_version = SemverVersion(fixed_version)
111
112 purl = PackageURL(type="generic", namespace="curl.se", name="curl")
113 versions = affected.get("versions") or []
114 affected_version_range = GenericVersionRange.from_versions(versions)
115

Callers 4

advisory_dataMethod · 0.70

Calls 7

get_itemFunction · 0.90
AffectedPackageClass · 0.90
ReferenceClass · 0.90
AdvisoryDataClass · 0.90
getMethod · 0.45

Tested by 3