feat(ghsa): store CVSS score/vector for Github Security Advisory (#128)
This commit is contained in:
afdesk
GitHub
parent
6e141c6628
commit
d7e5ea99dd
@ -9,7 +9,6 @@ import (
|
||||
"path/filepath"
|
||||
"testing"
|
||||
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
@ -88,6 +88,10 @@ func TestConfig_Update(t *testing.T) {
|
||||
Summary: "Low severity vulnerability that affects simplesamlphp/simplesamlphp",
|
||||
UpdatedAt: "2020-01-24T21:27:17Z",
|
||||
WithdrawnAt: "",
|
||||
CVSS: GithubCVSS{
|
||||
Score: 3.7,
|
||||
VectorString: "3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
|
||||
},
|
||||
},
|
||||
FirstPatchedVersion: FirstPatchedVersion{
|
||||
Identifier: "1.14.4",
|
||||
@ -149,6 +153,10 @@ func TestConfig_Update(t *testing.T) {
|
||||
Summary: "High severity vulnerability that affects org.apache.solr:solr-core",
|
||||
UpdatedAt: "2020-01-28T22:26:54Z",
|
||||
WithdrawnAt: "",
|
||||
CVSS: GithubCVSS{
|
||||
Score: 9.8,
|
||||
VectorString: "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
},
|
||||
},
|
||||
FirstPatchedVersion: FirstPatchedVersion{
|
||||
Identifier: "8.3.0",
|
||||
@ -188,6 +196,10 @@ func TestConfig_Update(t *testing.T) {
|
||||
Summary: "Moderate severity vulnerability that affects org.apache.qpid:qpid-broker",
|
||||
UpdatedAt: "2019-07-03T21:02:04Z",
|
||||
WithdrawnAt: "",
|
||||
CVSS: GithubCVSS{
|
||||
Score: 9.8,
|
||||
VectorString: "3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
},
|
||||
},
|
||||
FirstPatchedVersion: FirstPatchedVersion{
|
||||
Identifier: "6.0.0",
|
||||
@ -238,6 +250,10 @@ func TestConfig_Update(t *testing.T) {
|
||||
Summary: "Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service",
|
||||
UpdatedAt: "2019-07-03T21:02:07Z",
|
||||
WithdrawnAt: "",
|
||||
CVSS: GithubCVSS{
|
||||
Score: 4.3,
|
||||
VectorString: "3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
|
||||
},
|
||||
},
|
||||
FirstPatchedVersion: FirstPatchedVersion{
|
||||
Identifier: "2.3.1",
|
||||
@ -278,6 +294,10 @@ func TestConfig_Update(t *testing.T) {
|
||||
Summary: "Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service",
|
||||
UpdatedAt: "2019-07-03T21:02:07Z",
|
||||
WithdrawnAt: "",
|
||||
CVSS: GithubCVSS{
|
||||
Score: 4.3,
|
||||
VectorString: "3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
|
||||
},
|
||||
},
|
||||
FirstPatchedVersion: FirstPatchedVersion{
|
||||
Identifier: "2.2.1",
|
||||
@ -318,6 +338,10 @@ func TestConfig_Update(t *testing.T) {
|
||||
Summary: "Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service",
|
||||
UpdatedAt: "2019-07-03T21:02:07Z",
|
||||
WithdrawnAt: "",
|
||||
CVSS: GithubCVSS{
|
||||
Score: 4.3,
|
||||
VectorString: "3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
|
||||
},
|
||||
},
|
||||
FirstPatchedVersion: FirstPatchedVersion{
|
||||
Identifier: "2.1.2",
|
||||
|
||||
@ -26,7 +26,11 @@
|
||||
"Severity": "LOW",
|
||||
"Summary": "Low severity vulnerability that affects simplesamlphp/simplesamlphp",
|
||||
"UpdatedAt": "2020-01-24T21:27:17Z",
|
||||
"WithdrawnAt": ""
|
||||
"WithdrawnAt": "",
|
||||
"CVSS": {
|
||||
"Score": 3.7,
|
||||
"VectorString": "3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
|
||||
}
|
||||
},
|
||||
"Versions": [
|
||||
{
|
||||
|
||||
@ -30,7 +30,11 @@
|
||||
"Severity": "MODERATE",
|
||||
"Summary": "Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service",
|
||||
"UpdatedAt": "2019-07-03T21:02:07Z",
|
||||
"WithdrawnAt": ""
|
||||
"WithdrawnAt": "",
|
||||
"CVSS": {
|
||||
"Score": 4.3,
|
||||
"VectorString": "3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
|
||||
}
|
||||
},
|
||||
"Versions": [
|
||||
{
|
||||
|
||||
@ -30,7 +30,11 @@
|
||||
"Severity": "MODERATE",
|
||||
"Summary": "Moderate severity vulnerability that affects org.apache.qpid:qpid-broker",
|
||||
"UpdatedAt": "2019-07-03T21:02:04Z",
|
||||
"WithdrawnAt": ""
|
||||
"WithdrawnAt": "",
|
||||
"CVSS": {
|
||||
"Score": 9.8,
|
||||
"VectorString": "3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
|
||||
}
|
||||
},
|
||||
"Versions": [
|
||||
{
|
||||
|
||||
@ -30,7 +30,11 @@
|
||||
"Severity": "HIGH",
|
||||
"Summary": "High severity vulnerability that affects org.apache.solr:solr-core",
|
||||
"UpdatedAt": "2020-01-28T22:26:54Z",
|
||||
"WithdrawnAt": ""
|
||||
"WithdrawnAt": "",
|
||||
"CVSS": {
|
||||
"Score": 9.8,
|
||||
"VectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
|
||||
}
|
||||
},
|
||||
"Versions": [
|
||||
{
|
||||
|
||||
@ -24,6 +24,11 @@ type GithubSecurityAdvisory struct {
|
||||
VulnerableVersionRange string
|
||||
}
|
||||
|
||||
type GithubCVSS struct {
|
||||
Score float32
|
||||
VectorString string
|
||||
}
|
||||
|
||||
type GitHubClient struct {
|
||||
ApiKey string
|
||||
}
|
||||
@ -46,6 +51,7 @@ type Advisory struct {
|
||||
Summary string
|
||||
UpdatedAt string
|
||||
WithdrawnAt string
|
||||
CVSS GithubCVSS
|
||||
}
|
||||
|
||||
type Identifier struct {
|
||||
|
||||
@ -214,4 +214,4 @@ func (gc Config) Status(repoPath string) ([]string, error) {
|
||||
func generateGitArgs(repoPath string) []string {
|
||||
gitDir := filepath.Join(repoPath, ".git")
|
||||
return []string{"--git-dir", gitDir, "--work-tree", repoPath}
|
||||
}
|
||||
}
|
||||
|
||||
@ -88,4 +88,4 @@ func TestUpdater_WalkDir(t *testing.T) {
|
||||
assert.NoError(t, err, tc.name)
|
||||
})
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user