Skip to content

Commit fc42808

Browse files
ziadhanyziadhany
committed
Add missing severity
Update reference_type in the expected advisory file Signed-off-by: ziad hany <ziadhany2016@gmail.com>
1 parent f064033 commit fc42808

File tree

2 files changed

+33
-5
lines changed

2 files changed

+33
-5
lines changed

vulnerabilities/pipelines/v2_importers/aosp_importer.py

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,9 @@
1717

1818
from vulnerabilities.importer import AdvisoryData
1919
from vulnerabilities.importer import ReferenceV2
20+
from vulnerabilities.importer import VulnerabilitySeverity
2021
from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2
22+
from vulnerabilities.severity_systems import GENERIC
2123

2224

2325
class AospImporterPipeline(VulnerableCodeBaseImporterPipelineV2):
@@ -68,20 +70,34 @@ def collect_advisories(self):
6870
date_reported = vulnerability_data.get("dateReported")
6971
date_published = dateparser.parse(date_reported) if date_reported else None
7072

73+
severities = []
74+
severity_value = vulnerability_data.get("severity")
75+
if severity_value:
76+
severities.append(
77+
VulnerabilitySeverity(
78+
system=GENERIC,
79+
value=severity_value,
80+
)
81+
)
82+
7183
references = []
7284
for commit_data in vulnerability_data.get("fixes", []):
7385
vcs_url = commit_data.get("patchUrl")
7486

7587
if not vcs_url:
7688
continue
7789

78-
ref = ReferenceV2(reference_type="commit", url=vcs_url)
90+
ref = ReferenceV2(
91+
reference_type="commit",
92+
url=vcs_url,
93+
)
7994
references.append(ref)
8095

8196
yield AdvisoryData(
8297
advisory_id=vulnerability_id,
8398
summary=summary,
8499
references_v2=references,
100+
severities=severities,
85101
date_published=date_published,
86102
url=f"https://raw.githubusercontent.com/quarkslab/aosp_dataset/refs/heads/master/cves/{file_path.name}",
87103
)

vulnerabilities/tests/test_data/aosp/aosp_advisoryv2-expected.json

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,17 @@
77
"references_v2": [
88
{
99
"reference_id": "",
10-
"reference_type": "",
10+
"reference_type": "commit",
1111
"url": "https://source.codeaurora.org/quic/la/kernel/msm-5.4/commit/?id=d6876813add62f3cac7c429a41cc8710005d69e8"
1212
}
1313
],
14-
"severities": [],
14+
"severities": [
15+
{
16+
"system": "generic_textual",
17+
"value": "High",
18+
"scoring_elements": ""
19+
}
20+
],
1521
"date_published": null,
1622
"weaknesses": [],
1723
"url": "https://raw.githubusercontent.com/quarkslab/aosp_dataset/refs/heads/master/cves/CVE-aosp_test1.json"
@@ -24,11 +30,17 @@
2430
"references_v2": [
2531
{
2632
"reference_id": "",
27-
"reference_type": "",
33+
"reference_type": "commit",
2834
"url": "https://android.googlesource.com/platform/system/bt/+/6ecbbc093f4383e90cbbf681cd55da1303a8ef94"
2935
}
3036
],
31-
"severities": [],
37+
"severities": [
38+
{
39+
"system": "generic_textual",
40+
"value": "Critical",
41+
"scoring_elements": ""
42+
}
43+
],
3244
"date_published": "2018-04-04T00:00:00",
3345
"weaknesses": [],
3446
"url": "https://raw.githubusercontent.com/quarkslab/aosp_dataset/refs/heads/master/cves/CVE-aosp_test2.json"

0 commit comments

Comments
 (0)