Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cve_lookup: added support for CVSS metrics v4.0+ #1233

Merged
merged 4 commits into from
Dec 10, 2024
Merged

Conversation

jstucke
Copy link
Collaborator

@jstucke jstucke commented Jul 2, 2024

  • fixed a KeyError in the CVE data parsing
  • added generic support for more versions of CVSS metrics than v2, v3.0 and v3.1 (as long as the general structure of the data does not change)
    • changed the schema of the internal DB so that all scores are stored as JSON instead of storing v2 and v3.x separately
      • these changes require rebuilding the database by rerunning the installation for existing FACT installations!
    • adjusted jinja filters and the template

@jstucke jstucke requested a review from maringuu July 2, 2024 09:48
@jstucke jstucke self-assigned this Jul 2, 2024
@jstucke jstucke force-pushed the cve-lookup-cvss-v40 branch from 071c255 to 041ecc7 Compare November 27, 2024 10:38
@codecov-commenter
Copy link

codecov-commenter commented Nov 27, 2024

Codecov Report

Attention: Patch coverage is 84.21053% with 6 lines in your changes missing coverage. Please review.

Project coverage is 91.82%. Comparing base (ad4d6d8) to head (cd3257c).
Report is 9 commits behind head on master.

Files with missing lines Patch % Lines
...lysis/cve_lookup/internal/database/db_interface.py 50.00% 4 Missing ⚠️
...ugins/analysis/cve_lookup/internal/data_parsing.py 92.85% 1 Missing ⚠️
src/web_interface/filter.py 83.33% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##           master    #1233      +/-   ##
==========================================
- Coverage   92.23%   91.82%   -0.41%     
==========================================
  Files         379      378       -1     
  Lines       23188    20927    -2261     
==========================================
- Hits        21387    19217    -2170     
+ Misses       1801     1710      -91     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@jstucke jstucke force-pushed the cve-lookup-cvss-v40 branch from 041ecc7 to 769a13a Compare December 9, 2024 12:15
@@ -20,6 +20,7 @@
from lookup import Lookup

DB_PATH = str(Path(__file__).parent / '../internal/database/cve_cpe.db')
MINIMUM_CRITICAL_SCORE = 9.0
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this value might change, we could consider making it configurable.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@jstucke jstucke force-pushed the cve-lookup-cvss-v40 branch from 769a13a to cd3257c Compare December 10, 2024 11:42
@jstucke jstucke merged commit 7efb24a into master Dec 10, 2024
9 of 10 checks passed
@jstucke jstucke deleted the cve-lookup-cvss-v40 branch December 10, 2024 12:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants