8000 Add weakness in unique content ID in advisories by TG1999 · Pull Request #1245 · aboutcode-org/vulnerablecode · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Add weakness in unique content ID in advisories #1245

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 24, 2023
Merged

Add weakness in unique content ID in advisories #1245

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 17 additions & 13 deletions vulnerabilities/import_runner.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,19 +54,23 @@ def process_advisories(advisory_datas: Iterable[AdvisoryData], importer_name: st
for data in advisory_datas:
# https://nvd.nist.gov/vuln/detail/CVE-2013-4314
# https://github.com/cms-dev/cms/issues/888#issuecomment-516977572
data.summary = data.summary.replace("\x00", "\uFFFD")
obj, created = Advisory.objects.get_or_create(
aliases=data.aliases,
summary=data.summary,
affected_packages=[pkg.to_dict() for pkg in data.affected_packages],
references=[ref.to_dict() for ref in data.references],
date_published=data.date_published,
weaknesses=data.weaknesses,
defaults={
"created_by": importer_name,
"date_collected": datetime.datetime.now(tz=datetime.timezone.utc),
},
)
try:
data.summary = data.summary.replace("\x00", "\uFFFD")
obj, created = Advisory.objects.get_or_create(
aliases=data.aliases,
summary=data.summary,
affected_packages=[pkg.to_dict() for pkg in data.affected_packages],
references=[ref.to_dict() for ref in data.references],
date_published=data.date_published,
weaknesses=data.weaknesses,
defaults={
"created_by": importer_name,
"date_collected": datetime.datetime.now(tz=datetime.timezone.utc),
},
)
except Exception as e:
logger.error(f"Error while processing {data!r} with aliases {data.aliases!r}: {e!r}")
continue
if created:
logger.info(
f"[*] New Advisory with aliases: {obj.aliases!r}, created_by: {obj.created_by}"
Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -836,7 +836,7 @@ class Meta:

def save(self, *args, **kwargs):
checksum = hashlib.md5()
for field in (self.summary, self.affected_packages, self.references):
for field in (self.summary, self.affected_packages, self.references, self.weaknesses):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not dumping only once?

key_data = [self.summary, self.affected_packages, self.references, self.weaknesses]
dumped = json.dumps(key_data, separators=(",", ":")).encode("utf-8")
checksum = hashlib.md5(dumped)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will change the checksum IMO, we should do it separately as a migration first and then change the function on models.

value = json.dumps(field, separators=(",", ":")).encode("utf-8")
checksum.update(value)
self.unique_content_id = checksum.hexdigest()
Expand Down
62 changes: 31 additions & 31 deletions vulnerabilities/tests/test_data/nginx/security_advisories-importer-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[
{
"unique_content_id": "9c968129f10b424807b830f0219b8d4c",
"unique_content_id": "dabe133c6355b18f153a511f5829492c",
"aliases": [
"CORE-2010-0121"
],
Expand Down Expand Up @@ -40,7 +40,7 @@
"weaknesses": []
},
{
"unique_content_id": "b55c336a480792ece857368101645c0c",
"unique_content_id": "c9dcd3bec014b1f9e351d9c7514e5f01",
"aliases": [
"CVE-2009-3896"
],
Expand Down Expand Up @@ -116,7 +116,7 @@
"weaknesses": []
},
{
"unique_content_id": "5df3f01df0d85143bc51ddbb453c1581",
"unique_content_id": "835e668ec8d9f005b4472e28421c2006",
"aliases": [
"CVE-2009-3898"
],
Expand Down Expand Up @@ -158,7 +158,7 @@
"weaknesses": []
},
{
"unique_content_id": "480c77ca27341a47f11299017c7660b7",
"unique_content_id": "a0007fe2ea8f6ddf29ea126d21f6956d",
"aliases": [
"CVE-2009-4487"
],
Expand Down Expand Up @@ -188,7 +188,7 @@
"weaknesses": []
},
{
"unique_content_id": "20cecfba57d0a66b04e1b4b6fb4efb26",
"unique_content_id": "a0928f78826f958a2432126b2a884e83",
"aliases": [
"CVE-2010-2263"
],
Expand Down Expand Up @@ -234,7 +234,7 @@
"weaknesses": []
},
{
"unique_content_id": "646911f1d2f21611b0a3720f3523b3b2",
"unique_content_id": "6717167491546825b89448925539ffba",
"aliases": [
"CVE-2010-2266"
],
Expand Down Expand Up @@ -280,7 +280,7 @@
"weaknesses": []
},
{
"unique_content_id": "56a7ea32d809aa1a3181ab87eea4fe43",
"unique_content_id": "73cb4dac8940113bcd2045ae82b8e2a8",
"aliases": [
"CVE-2011-4315"
],
Expand Down Expand Up @@ -322,7 +322,7 @@
"weaknesses": []
},
{
"unique_content_id": "2bac8349cb492bcc4990b161b01dc414",
"unique_content_id": "602ad465c0476fdbc1254919ae6021e2",
"aliases": [
"CVE-2011-4963"
],
Expand Down Expand Up @@ -379,7 +379,7 @@
"weaknesses": []
},
{
"unique_content_id": "aff5af1bcc53f6fa1a49917e044acf79",
"unique_content_id": "4d0d128ad68cd0640c62bfa2412269e0",
"aliases": [
"CVE-2012-1180"
],
Expand Down Expand Up @@ -436,7 +436,7 @@
"weaknesses": []
},
{
"unique_content_id": "b0a336b612b378d72e93193756b3e376",
"unique_content_id": "34fdffdb5803857f20519de081d5aa47",
"aliases": [
"CVE-2012-2089"
],
Expand Down Expand Up @@ -493,7 +493,7 @@
"weaknesses": []
},
{
"unique_content_id": "e35afe5b1aadcb66c5ad82c8894dff17",
"unique_content_id": "d4bc5fe3ed17d7a6eeebf9a4731ab245",
"aliases": [
"CVE-2013-2028"
],
Expand Down Expand Up @@ -550,7 +550,7 @@
"weaknesses": []
},
{
"unique_content_id": "870c7bf846dc50554e9fa2290598b001",
"unique_content_id": "014359d8701d1b0220a1d4a53938167e",
"aliases": [
"CVE-2013-2070"
],
Expand Down Expand Up @@ -635,7 +635,7 @@
"weaknesses": []
},
{
"unique_content_id": "ce0711c66b7cdd60814c1abfbafdd3b9",
"unique_content_id": "a98e3e8cc6c61be3e0bb0c766422000a",
"aliases": [
"CVE-2013-4547"
],
Expand Down Expand Up @@ -698,7 +698,7 @@
"weaknesses": []
},
{
"unique_content_id": "55dccce79c4247faa1ed8db0f8fbd44f",
"unique_content_id": "ca4a84fef474aa4dc5aec6cdedcb543a",
"aliases": [
"CVE-2014-0088"
],
Expand Down Expand Up @@ -743,7 +743,7 @@
"weaknesses": []
},
{
"unique_content_id": "0c5952c29a54fdbc5526988c898e639d",
"unique_content_id": "023ec91ead7d7978f99823b1b00fd8d0",
"aliases": [
"CVE-2014-0133"
],
Expand Down Expand Up @@ -800,7 +800,7 @@
"weaknesses": []
},
{
"unique_content_id": "3637800165bcb0cf3917364af7654fee",
"unique_content_id": "57b7911aa13a1c069fcd3dac8ec79a2f",
"aliases": [
"CVE-2014-3556"
],
Expand Down Expand Up @@ -863,7 +863,7 @@
"weaknesses": []
},
{
"unique_content_id": "2024528d103453292ea1f23163cb7ad8",
"unique_content_id": "0fb96728d775c491b25b9c5d9e509169",
"aliases": [
"CVE-2014-3616"
],
Expand Down Expand Up @@ -916,7 +916,7 @@
"weaknesses": []
},
{
"unique_content_id": "4a748f6cbd00bbafac23faa271396b3a",
"unique_content_id": "654bff8d56e5324da4c873438d75470e",
"aliases": [
"CVE-2016-0742"
],
Expand Down Expand Up @@ -969,7 +969,7 @@
"weaknesses": []
},
{
"unique_content_id": "964babd1d8158846f348e9fa6df4e27f",
"unique_content_id": "48c76ecddb554fe1274ed090b1692081",
"aliases": [
"CVE-2016-0746"
],
Expand Down Expand Up @@ -1022,7 +1022,7 @@
"weaknesses": []
},
{
"unique_content_id": "e96daddac5c29ad0b9e157638fbeb3b2",
"unique_content_id": "8c61e735eef0a9205cee0bcd64d86c59",
"aliases": [
"CVE-2016-0747"
],
Expand Down Expand Up @@ -1075,7 +1075,7 @@
"weaknesses": []
},
{
"unique_content_id": "9cb4dc08fbceda238c4f45b00320ce42",
"unique_content_id": "04ebbd42272e64e6fc5a6f8d9f301fef",
"aliases": [
"CVE-2016-4450"
],
Expand Down Expand Up @@ -1148,7 +1148,7 @@
"weaknesses": []
},
{
"unique_content_id": "4ebd7508e9aaa3c3c89cac10397f47d4",
"unique_content_id": "4e89029cf59ea68756e72973eace4a6b",
"aliases": [
"CVE-2017-7529"
],
Expand Down Expand Up @@ -1211,7 +1211,7 @@
"weaknesses": []
},
{
"unique_content_id": "2fc1350472196c63ba9f7031fd456e76",
"unique_content_id": "f523c6c72d936bdb79de56b9fd46b1f0",
"aliases": [
"CVE-2018-16843"
],
Expand Down Expand Up @@ -1264,7 +1264,7 @@
"weaknesses": []
},
{
"unique_content_id": "1ae05361ffd7ba4b2a466afc6a3de34c",
"unique_content_id": "fd888e77e0b3b025f1fa65f761442d8c",
"aliases": [
"CVE-2018-16844"
],
Expand Down Expand Up @@ -1317,7 +1317,7 @@
"weaknesses": []
},
{
"unique_content_id": "c78f14d302f37c9241afbc18578c49b3",
"unique_content_id": "06084d7ef376d18305484283c2f3da73",
"aliases": [
"CVE-2018-16845"
],
Expand Down Expand Up @@ -1380,7 +1380,7 @@
"weaknesses": []
},
{
"unique_content_id": "dbbf831a29a655709b98cb79a5f90fac",
"unique_content_id": "ef70ce1787dad53097a6394e92cee831",
"aliases": [
"CVE-2019-9511"
],
Expand Down Expand Up @@ -1433,7 +1433,7 @@
"weaknesses": []
},
{
"unique_content_id": "834d4d1067390d7f84ebd3cea8f60fb4",
"unique_content_id": "42fe9391f57db8d38624dc2e07b35c33",
"aliases": [
"CVE-2019-9513"
],
Expand Down Expand Up @@ -1486,7 +1486,7 @@
"weaknesses": []
},
{
"unique_content_id": "8e94de6ae6386d8e0af0241a0989cdcd",
"unique_content_id": "1bf350eb789fa415c4d971caf298be95",
"aliases": [
"CVE-2019-9516"
],
Expand Down Expand Up @@ -1539,7 +1539,7 @@
"weaknesses": []
},
{
"unique_content_id": "fa52846658ab31e85334ad4af2fa7529",
"unique_content_id": "67435c71e6737dfa1a122184ee431e14",
"aliases": [
"CVE-2021-23017"
],
Expand Down Expand Up @@ -1602,7 +1602,7 @@
"weaknesses": []
},
{
"unique_content_id": "34b7ff4154010452c4dd186b7cbbcc5d",
"unique_content_id": "56ee126958340832e9b235a38b0c4495",
"aliases": [
"VU#120541",
"CVE-2009-3555"
Expand Down Expand Up @@ -1655,7 +1655,7 @@
"weaknesses": []
},
{
"unique_content_id": "cef6afb87317112ea248571bd6991994",
"unique_content_id": "b6f863030bb4fe1e2d3061bbcbc54d0c",
"aliases": [
"VU#180065",
"CVE-2009-2629"
Expand Down
Loading
0