pepelyaevip/vuln-list-update
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

feat(ghsa): store CVSS score/vector for Github Security Advisory (#128)

Browse Source
This commit is contained in:
afdesk 2022-01-16 22:44:06 +06:00 committed by GitHub
parent 6e141c6628
commit d7e5ea99dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 52 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
arch/archlinux_test.go
View File

@ -9,7 +9,6 @@ import (
"path/filepath" "path/filepath"
"testing" "testing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )

24
ghsa/ghsa_test.go
View File

@ -88,6 +88,10 @@ func TestConfig_Update(t *testing.T) {
Summary: "Low severity vulnerability that affects simplesamlphp/simplesamlphp", Summary: "Low severity vulnerability that affects simplesamlphp/simplesamlphp",
UpdatedAt: "2020-01-24T21:27:17Z", UpdatedAt: "2020-01-24T21:27:17Z",
WithdrawnAt: "", WithdrawnAt: "",
CVSS: GithubCVSS{
Score: 3.7,
VectorString: "3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
},
}, },
FirstPatchedVersion: FirstPatchedVersion{ FirstPatchedVersion: FirstPatchedVersion{
Identifier: "1.14.4", Identifier: "1.14.4",
@ -149,6 +153,10 @@ func TestConfig_Update(t *testing.T) {
Summary: "High severity vulnerability that affects org.apache.solr:solr-core", Summary: "High severity vulnerability that affects org.apache.solr:solr-core",
UpdatedAt: "2020-01-28T22:26:54Z", UpdatedAt: "2020-01-28T22:26:54Z",
WithdrawnAt: "", WithdrawnAt: "",
CVSS: GithubCVSS{
Score: 9.8,
VectorString: "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
},
}, },
FirstPatchedVersion: FirstPatchedVersion{ FirstPatchedVersion: FirstPatchedVersion{
Identifier: "8.3.0", Identifier: "8.3.0",
@ -188,6 +196,10 @@ func TestConfig_Update(t *testing.T) {
Summary: "Moderate severity vulnerability that affects org.apache.qpid:qpid-broker", Summary: "Moderate severity vulnerability that affects org.apache.qpid:qpid-broker",
UpdatedAt: "2019-07-03T21:02:04Z", UpdatedAt: "2019-07-03T21:02:04Z",
WithdrawnAt: "", WithdrawnAt: "",
CVSS: GithubCVSS{
Score: 9.8,
VectorString: "3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
},
}, },
FirstPatchedVersion: FirstPatchedVersion{ FirstPatchedVersion: FirstPatchedVersion{
Identifier: "6.0.0", Identifier: "6.0.0",
@ -238,6 +250,10 @@ func TestConfig_Update(t *testing.T) {
Summary: "Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service", Summary: "Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service",
UpdatedAt: "2019-07-03T21:02:07Z", UpdatedAt: "2019-07-03T21:02:07Z",
WithdrawnAt: "", WithdrawnAt: "",
CVSS: GithubCVSS{
Score: 4.3,
VectorString: "3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
},
}, },
FirstPatchedVersion: FirstPatchedVersion{ FirstPatchedVersion: FirstPatchedVersion{
Identifier: "2.3.1", Identifier: "2.3.1",
@ -278,6 +294,10 @@ func TestConfig_Update(t *testing.T) {
Summary: "Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service", Summary: "Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service",
UpdatedAt: "2019-07-03T21:02:07Z", UpdatedAt: "2019-07-03T21:02:07Z",
WithdrawnAt: "", WithdrawnAt: "",
CVSS: GithubCVSS{
Score: 4.3,
VectorString: "3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
},
}, },
FirstPatchedVersion: FirstPatchedVersion{ FirstPatchedVersion: FirstPatchedVersion{
Identifier: "2.2.1", Identifier: "2.2.1",
@ -318,6 +338,10 @@ func TestConfig_Update(t *testing.T) {
Summary: "Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service", Summary: "Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service",
UpdatedAt: "2019-07-03T21:02:07Z", UpdatedAt: "2019-07-03T21:02:07Z",
WithdrawnAt: "", WithdrawnAt: "",
CVSS: GithubCVSS{
Score: 4.3,
VectorString: "3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
},
}, },
FirstPatchedVersion: FirstPatchedVersion{ FirstPatchedVersion: FirstPatchedVersion{
Identifier: "2.1.2", Identifier: "2.1.2",

6
ghsa/testdata/composer/simplesamlphp/simplesamlphp/GHSA-2r3v-q9x3-7g46.json vendored
View File

@ -26,7 +26,11 @@
"Severity": "LOW", "Severity": "LOW",
"Summary": "Low severity vulnerability that affects simplesamlphp/simplesamlphp", "Summary": "Low severity vulnerability that affects simplesamlphp/simplesamlphp",
"UpdatedAt": "2020-01-24T21:27:17Z", "UpdatedAt": "2020-01-24T21:27:17Z",
"WithdrawnAt": "" "WithdrawnAt": "",
"CVSS": {
"Score": 3.7,
"VectorString": "3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
}, },
"Versions": [ "Versions": [
{ {

6
ghsa/testdata/maven/org.apache.hive/hive/GHSA-2g9q-chq2-w8qw.json vendored
View File

@ -30,7 +30,11 @@
"Severity": "MODERATE", "Severity": "MODERATE",
"Summary": "Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service", "Summary": "Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service",
"UpdatedAt": "2019-07-03T21:02:07Z", "UpdatedAt": "2019-07-03T21:02:07Z",
"WithdrawnAt": "" "WithdrawnAt": "",
"CVSS": {
"Score": 4.3,
"VectorString": "3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
}, },
"Versions": [ "Versions": [
{ {

6
ghsa/testdata/maven/org.apache.qpid/qpid-broker/GHSA-269m-695x-j34p.json vendored
View File

@ -30,7 +30,11 @@
"Severity": "MODERATE", "Severity": "MODERATE",
"Summary": "Moderate severity vulnerability that affects org.apache.qpid:qpid-broker", "Summary": "Moderate severity vulnerability that affects org.apache.qpid:qpid-broker",
"UpdatedAt": "2019-07-03T21:02:04Z", "UpdatedAt": "2019-07-03T21:02:04Z",
"WithdrawnAt": "" "WithdrawnAt": "",
"CVSS": {
"Score": 9.8,
"VectorString": "3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
}, },
"Versions": [ "Versions": [
{ {

6
ghsa/testdata/maven/org.apache.solr/solr-core/GHSA-2289-pqfq-6wx7.json vendored
View File

@ -30,7 +30,11 @@
"Severity": "HIGH", "Severity": "HIGH",
"Summary": "High severity vulnerability that affects org.apache.solr:solr-core", "Summary": "High severity vulnerability that affects org.apache.solr:solr-core",
"UpdatedAt": "2020-01-28T22:26:54Z", "UpdatedAt": "2020-01-28T22:26:54Z",
"WithdrawnAt": "" "WithdrawnAt": "",
"CVSS": {
"Score": 9.8,
"VectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
}, },
"Versions": [ "Versions": [
{ {

6
ghsa/types.go
View File

@ -24,6 +24,11 @@ type GithubSecurityAdvisory struct {
VulnerableVersionRange string VulnerableVersionRange string
} }
type GithubCVSS struct {
Score float32
VectorString string
}
type GitHubClient struct { type GitHubClient struct {
ApiKey string ApiKey string
} }
@ -46,6 +51,7 @@ type Advisory struct {
Summary string Summary string
UpdatedAt string UpdatedAt string
WithdrawnAt string WithdrawnAt string
CVSS GithubCVSS
} }
type Identifier struct { type Identifier struct {