diff --git a/src/vunnel/providers/debian/parser.py b/src/vunnel/providers/debian/parser.py index cc0b48e7..de29f765 100644 --- a/src/vunnel/providers/debian/parser.py +++ b/src/vunnel/providers/debian/parser.py @@ -12,6 +12,7 @@ from vunnel.result import SQLiteReader from vunnel.utils import http, vulnerability +from vunnel.utils.vulnerability import FixedIn, Vulnerability DSAFixedInTuple = namedtuple("DSAFixedInTuple", ["dsa", "link", "distro", "pkg", "ver"]) DSACollection = namedtuple("DSACollection", ["cves", "nocves"]) @@ -269,7 +270,7 @@ def _normalize_json(self, ns_cve_dsalist=None): # noqa: PLR0912,PLR0915,C901 if ns_cve_dsalist is None: ns_cve_dsalist = {} - vuln_records = {} + vuln_records: dict[str, dict[str, dict[str, Vulnerability]]] = {} for pkg in data: for vid in data[pkg]: @@ -310,15 +311,20 @@ def _normalize_json(self, ns_cve_dsalist=None): # noqa: PLR0912,PLR0915,C901 if complete: if vid not in vuln_records[relno]: # create a new record - vuln_records[relno][vid] = copy.deepcopy(vulnerability.vulnerability_element) + # and populate the static information about the new vuln record + vuln_records[relno][vid] = { + "Vulnerability": Vulnerability( + Name=str(vid), + NamespaceName="debian:" + str(relno), + Description=vulnerability_data.get("description", ""), + Link="https://security-tracker.debian.org/tracker/" + str(vid), + Severity="Unknown", + CVSS=[], + FixedIn=[], + ), + } vuln_record = vuln_records[relno][vid] - # populate the static information about the new vuln record - vuln_record["Vulnerability"]["Description"] = vulnerability_data.get("description", "") - vuln_record["Vulnerability"]["Name"] = str(vid) - vuln_record["Vulnerability"]["NamespaceName"] = "debian:" + str(relno) - vuln_record["Vulnerability"]["Link"] = "https://security-tracker.debian.org/tracker/" + str(vid) - vuln_record["Vulnerability"]["Severity"] = "Unknown" else: vuln_record = vuln_records[relno][vid] @@ -349,9 +355,9 @@ def _normalize_json(self, ns_cve_dsalist=None): # noqa: PLR0912,PLR0915,C901 if ( sev and vulnerability.severity_order[sev] - > vulnerability.severity_order[vuln_record["Vulnerability"]["Severity"]] + > vulnerability.severity_order[vuln_record["Vulnerability"].Severity] ): - vuln_record["Vulnerability"]["Severity"] = sev + vuln_record["Vulnerability"].Severity = sev # add fixedIn skip_fixedin = False @@ -375,8 +381,8 @@ def _normalize_json(self, ns_cve_dsalist=None): # noqa: PLR0912,PLR0915,C901 if not skip_fixedin: # collect metrics for vendor advisory - met_ns = vuln_record["Vulnerability"]["NamespaceName"] - met_sev = vuln_record["Vulnerability"]["Severity"] + met_ns = vuln_record["Vulnerability"].NamespaceName + met_sev = vuln_record["Vulnerability"].Severity if met_ns not in adv_mets: adv_mets[met_ns] = { @@ -422,18 +428,14 @@ def _normalize_json(self, ns_cve_dsalist=None): # noqa: PLR0912,PLR0915,C901 ] += 1 # append fixed in record to vulnerability - vuln_record["Vulnerability"]["FixedIn"].append(fixed_el) + if "Module" not in fixed_el: + fixed_el["Module"] = None + vuln_record["Vulnerability"].FixedIn.append(FixedIn(**fixed_el)) - # strip out any top level that is not set - final_record = {"Vulnerability": {}} - for k in vuln_record["Vulnerability"]: - if vuln_record["Vulnerability"][k]: - final_record["Vulnerability"][k] = copy.deepcopy(vuln_record["Vulnerability"][k]) - - # retlists[relno].append(final_record) - - except Exception: - self.logger.exception(f"ignoring error parsing vuln: {vid}, pkg: {pkg}, rel: {rel}") + except Exception as e: + self.logger.exception( + f"ignoring error ({e.__class__.__name__}) parsing vuln: {vid}, pkg: {pkg}, rel: {rel}", + ) self.logger.debug(f"metrics for advisory information: {orjson.dumps(adv_mets).decode('utf-8')}") @@ -477,7 +479,9 @@ def process_result(file_path: str) -> None: legacy_records[relno] = {} records += 1 - legacy_records[relno][vid] = envelope.item + envelope.item["Vulnerability"].setdefault("CVSS", []) + envelope.item["Vulnerability"].setdefault("FixedIn", []) + legacy_records[relno][vid] = {"Vulnerability": Vulnerability(**envelope.item["Vulnerability"])} self.logger.debug(f"legacy dataset {file_path} contains {len(releases)} releases with {records} records") @@ -505,8 +509,11 @@ def process_file(contents: list[dict[str, Any]]) -> None: del cvss_metadata["Vectors"] record["Vulnerability"]["Metadata"]["NVD"]["CVSSv2"] = cvss_metadata + # default required fields for dataclass + record["Vulnerability"].setdefault("FixedIn", []) + record["Vulnerability"].setdefault("CVSS", []) # write the record back - legacy_records[relno][vid] = record + legacy_records[relno][vid] = Vulnerability(**record["Vulnerability"]) # read every json file in the legacy directory for root, _dirs, files in os.walk(self.legacy_records_path): @@ -548,7 +555,7 @@ def get(self): self.logger.info( f"clearing severity on {vid}, see https://github.com/anchore/grype-db/issues/108#issuecomment-1796301073", ) - vuln_record["Vulnerability"]["Severity"] = "Unknown" + vuln_record["Vulnerability"].Severity = "Unknown" yield relno, vid, vuln_record else: yield from () diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2005-3111.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2005-3111.json index 6c01756a..09d3d54d 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2005-3111.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2005-3111.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:10/cve-2005-3111","item":{"Vulnerability":{"Severity":"Medium","NamespaceName":"debian:10","FixedIn":[{"Name":"backupninja","NamespaceName":"debian:10","VersionFormat":"dpkg","Version":"0.8-2","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]}}],"Link":"https://security-tracker.debian.org/tracker/CVE-2005-3111","Description":"The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.","Metadata":{},"Name":"CVE-2005-3111","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:10/cve-2005-3111","item":{"Vulnerability":{"Name":"CVE-2005-3111","NamespaceName":"debian:10","Description":"The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.","Severity":"Medium","Link":"https://security-tracker.debian.org/tracker/CVE-2005-3111","CVSS":[],"FixedIn":[{"Name":"backupninja","NamespaceName":"debian:10","VersionFormat":"dpkg","Version":"0.8-2","Module":"","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]},"VulnerableRange":null}],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2007-2383.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2007-2383.json index 4ddb8007..18a16812 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2007-2383.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2007-2383.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:10/cve-2007-2383","item":{"Vulnerability":{"Severity":"Negligible","NamespaceName":"debian:10","FixedIn":[],"Link":"https://security-tracker.debian.org/tracker/CVE-2007-2383","Description":"The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"","Metadata":{},"Name":"CVE-2007-2383","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:10/cve-2007-2383","item":{"Vulnerability":{"Name":"CVE-2007-2383","NamespaceName":"debian:10","Description":"The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"","Severity":"Negligible","Link":"https://security-tracker.debian.org/tracker/CVE-2007-2383","CVSS":[],"FixedIn":[],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2008-7220.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2008-7220.json index 97cf64de..2c703197 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2008-7220.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2008-7220.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:10/cve-2008-7220","item":{"Vulnerability":{"Severity":"High","NamespaceName":"debian:10","FixedIn":[{"Name":"prototypejs","NamespaceName":"debian:10","VersionFormat":"dpkg","Version":"1.6.0.2-1","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]}}],"Link":"https://security-tracker.debian.org/tracker/CVE-2008-7220","Description":"Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make \"cross-site ajax requests\" via unknown vectors.","Metadata":{},"Name":"CVE-2008-7220","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:10/cve-2008-7220","item":{"Vulnerability":{"Name":"CVE-2008-7220","NamespaceName":"debian:10","Description":"Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make \"cross-site ajax requests\" via unknown vectors.","Severity":"High","Link":"https://security-tracker.debian.org/tracker/CVE-2008-7220","CVSS":[],"FixedIn":[{"Name":"prototypejs","NamespaceName":"debian:10","VersionFormat":"dpkg","Version":"1.6.0.2-1","Module":"","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]},"VulnerableRange":null}],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2013-1444.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2013-1444.json index 2e07c5f0..7ce6e369 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2013-1444.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2013-1444.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:10/cve-2013-1444","item":{"Vulnerability":{"Severity":"Low","NamespaceName":"debian:10","FixedIn":[{"Name":"txt2man","NamespaceName":"debian:10","VersionFormat":"dpkg","Version":"1.5.5-4.1","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]}}],"Link":"https://security-tracker.debian.org/tracker/CVE-2013-1444","Description":"A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222.","Metadata":{},"Name":"CVE-2013-1444","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:10/cve-2013-1444","item":{"Vulnerability":{"Name":"CVE-2013-1444","NamespaceName":"debian:10","Description":"A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222.","Severity":"Low","Link":"https://security-tracker.debian.org/tracker/CVE-2013-1444","CVSS":[],"FixedIn":[{"Name":"txt2man","NamespaceName":"debian:10","VersionFormat":"dpkg","Version":"1.5.5-4.1","Module":"","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]},"VulnerableRange":null}],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2022-0456.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2022-0456.json index 5869c61c..d5584ea6 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2022-0456.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:10/cve-2022-0456.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:10/cve-2022-0456","item":{"Vulnerability":{"Severity":"Negligible","NamespaceName":"debian:10","FixedIn":[{"Name":"chromium","NamespaceName":"debian:10","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]}}],"Link":"https://security-tracker.debian.org/tracker/CVE-2022-0456","Description":"","Metadata":{},"Name":"CVE-2022-0456","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:10/cve-2022-0456","item":{"Vulnerability":{"Name":"CVE-2022-0456","NamespaceName":"debian:10","Description":"","Severity":"Negligible","Link":"https://security-tracker.debian.org/tracker/CVE-2022-0456","CVSS":[],"FixedIn":[{"Name":"chromium","NamespaceName":"debian:10","VersionFormat":"dpkg","Version":"None","Module":"","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]},"VulnerableRange":null}],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:11/cve-2022-0456.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:11/cve-2022-0456.json index 6f54bf15..7d88d517 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:11/cve-2022-0456.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:11/cve-2022-0456.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:11/cve-2022-0456","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"debian:11","FixedIn":[{"Name":"chromium","NamespaceName":"debian:11","VersionFormat":"dpkg","Version":"98.0.4758.80-1~deb11u1","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]}}],"Link":"https://security-tracker.debian.org/tracker/CVE-2022-0456","Description":"","Metadata":{},"Name":"CVE-2022-0456","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:11/cve-2022-0456","item":{"Vulnerability":{"Name":"CVE-2022-0456","NamespaceName":"debian:11","Description":"","Severity":"Unknown","Link":"https://security-tracker.debian.org/tracker/CVE-2022-0456","CVSS":[],"FixedIn":[{"Name":"chromium","NamespaceName":"debian:11","VersionFormat":"dpkg","Version":"98.0.4758.80-1~deb11u1","Module":"","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]},"VulnerableRange":null}],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:12/cve-2022-0456.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:12/cve-2022-0456.json index 150ab800..cf385947 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:12/cve-2022-0456.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:12/cve-2022-0456.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:12/cve-2022-0456","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"debian:12","FixedIn":[{"Name":"chromium","NamespaceName":"debian:12","VersionFormat":"dpkg","Version":"98.0.4758.80-1","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]}}],"Link":"https://security-tracker.debian.org/tracker/CVE-2022-0456","Description":"","Metadata":{},"Name":"CVE-2022-0456","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:12/cve-2022-0456","item":{"Vulnerability":{"Name":"CVE-2022-0456","NamespaceName":"debian:12","Description":"","Severity":"Unknown","Link":"https://security-tracker.debian.org/tracker/CVE-2022-0456","CVSS":[],"FixedIn":[{"Name":"chromium","NamespaceName":"debian:12","VersionFormat":"dpkg","Version":"98.0.4758.80-1","Module":"","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]},"VulnerableRange":null}],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:8/cve-2005-3111.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:8/cve-2005-3111.json index 0f13457a..5e8b079f 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:8/cve-2005-3111.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:8/cve-2005-3111.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:8/cve-2005-3111","item":{"Vulnerability":{"Severity":"Medium","NamespaceName":"debian:8","FixedIn":[{"Name":"backupninja","NamespaceName":"debian:8","VersionFormat":"dpkg","Version":"0.8-2","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]}}],"Link":"https://security-tracker.debian.org/tracker/CVE-2005-3111","Description":"The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.","Metadata":{},"Name":"CVE-2005-3111","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:8/cve-2005-3111","item":{"Vulnerability":{"Name":"CVE-2005-3111","NamespaceName":"debian:8","Description":"The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.","Severity":"Medium","Link":"https://security-tracker.debian.org/tracker/CVE-2005-3111","CVSS":[],"FixedIn":[{"Name":"backupninja","NamespaceName":"debian:8","VersionFormat":"dpkg","Version":"0.8-2","Module":"","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]},"VulnerableRange":null}],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:8/cve-2007-2383.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:8/cve-2007-2383.json index 30adc35b..eb726e91 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:8/cve-2007-2383.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:8/cve-2007-2383.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:8/cve-2007-2383","item":{"Vulnerability":{"Severity":"Negligible","NamespaceName":"debian:8","FixedIn":[],"Link":"https://security-tracker.debian.org/tracker/CVE-2007-2383","Description":"The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"","Metadata":{},"Name":"CVE-2007-2383","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:8/cve-2007-2383","item":{"Vulnerability":{"Name":"CVE-2007-2383","NamespaceName":"debian:8","Description":"The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"","Severity":"Negligible","Link":"https://security-tracker.debian.org/tracker/CVE-2007-2383","CVSS":[],"FixedIn":[],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:8/cve-2008-7220.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:8/cve-2008-7220.json index 96f046ca..8d2daa90 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:8/cve-2008-7220.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:8/cve-2008-7220.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:8/cve-2008-7220","item":{"Vulnerability":{"Severity":"High","NamespaceName":"debian:8","FixedIn":[{"Name":"prototypejs","NamespaceName":"debian:8","VersionFormat":"dpkg","Version":"1.6.0.2-1","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]}}],"Link":"https://security-tracker.debian.org/tracker/CVE-2008-7220","Description":"Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make \"cross-site ajax requests\" via unknown vectors.","Metadata":{},"Name":"CVE-2008-7220","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:8/cve-2008-7220","item":{"Vulnerability":{"Name":"CVE-2008-7220","NamespaceName":"debian:8","Description":"Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make \"cross-site ajax requests\" via unknown vectors.","Severity":"High","Link":"https://security-tracker.debian.org/tracker/CVE-2008-7220","CVSS":[],"FixedIn":[{"Name":"prototypejs","NamespaceName":"debian:8","VersionFormat":"dpkg","Version":"1.6.0.2-1","Module":"","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]},"VulnerableRange":null}],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:8/cve-2013-1444.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:8/cve-2013-1444.json index 1b2cc2ff..6810af59 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:8/cve-2013-1444.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:8/cve-2013-1444.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:8/cve-2013-1444","item":{"Vulnerability":{"Severity":"Low","NamespaceName":"debian:8","FixedIn":[{"Name":"txt2man","NamespaceName":"debian:8","VersionFormat":"dpkg","Version":"1.5.5-4.1","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]}}],"Link":"https://security-tracker.debian.org/tracker/CVE-2013-1444","Description":"A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222.","Metadata":{},"Name":"CVE-2013-1444","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:8/cve-2013-1444","item":{"Vulnerability":{"Name":"CVE-2013-1444","NamespaceName":"debian:8","Description":"A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222.","Severity":"Low","Link":"https://security-tracker.debian.org/tracker/CVE-2013-1444","CVSS":[],"FixedIn":[{"Name":"txt2man","NamespaceName":"debian:8","VersionFormat":"dpkg","Version":"1.5.5-4.1","Module":"","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]},"VulnerableRange":null}],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2005-3111.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2005-3111.json index 9f92e6d0..00233bcf 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2005-3111.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2005-3111.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:9/cve-2005-3111","item":{"Vulnerability":{"Severity":"Medium","NamespaceName":"debian:9","FixedIn":[{"Name":"backupninja","NamespaceName":"debian:9","VersionFormat":"dpkg","Version":"0.8-2","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]}}],"Link":"https://security-tracker.debian.org/tracker/CVE-2005-3111","Description":"The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.","Metadata":{},"Name":"CVE-2005-3111","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:9/cve-2005-3111","item":{"Vulnerability":{"Name":"CVE-2005-3111","NamespaceName":"debian:9","Description":"The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.","Severity":"Medium","Link":"https://security-tracker.debian.org/tracker/CVE-2005-3111","CVSS":[],"FixedIn":[{"Name":"backupninja","NamespaceName":"debian:9","VersionFormat":"dpkg","Version":"0.8-2","Module":"","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]},"VulnerableRange":null}],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2007-2383.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2007-2383.json index 0be48889..631cc3ff 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2007-2383.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2007-2383.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:9/cve-2007-2383","item":{"Vulnerability":{"Severity":"Negligible","NamespaceName":"debian:9","FixedIn":[],"Link":"https://security-tracker.debian.org/tracker/CVE-2007-2383","Description":"The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"","Metadata":{},"Name":"CVE-2007-2383","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:9/cve-2007-2383","item":{"Vulnerability":{"Name":"CVE-2007-2383","NamespaceName":"debian:9","Description":"The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"","Severity":"Negligible","Link":"https://security-tracker.debian.org/tracker/CVE-2007-2383","CVSS":[],"FixedIn":[],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2008-7220.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2008-7220.json index 89e5a29f..790248ed 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2008-7220.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2008-7220.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:9/cve-2008-7220","item":{"Vulnerability":{"Severity":"High","NamespaceName":"debian:9","FixedIn":[{"Name":"prototypejs","NamespaceName":"debian:9","VersionFormat":"dpkg","Version":"1.6.0.2-1","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]}}],"Link":"https://security-tracker.debian.org/tracker/CVE-2008-7220","Description":"Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make \"cross-site ajax requests\" via unknown vectors.","Metadata":{},"Name":"CVE-2008-7220","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:9/cve-2008-7220","item":{"Vulnerability":{"Name":"CVE-2008-7220","NamespaceName":"debian:9","Description":"Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make \"cross-site ajax requests\" via unknown vectors.","Severity":"High","Link":"https://security-tracker.debian.org/tracker/CVE-2008-7220","CVSS":[],"FixedIn":[{"Name":"prototypejs","NamespaceName":"debian:9","VersionFormat":"dpkg","Version":"1.6.0.2-1","Module":"","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]},"VulnerableRange":null}],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2013-1444.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2013-1444.json index 2ff71bbd..0dbbef97 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2013-1444.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2013-1444.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:9/cve-2013-1444","item":{"Vulnerability":{"Severity":"Low","NamespaceName":"debian:9","FixedIn":[{"Name":"txt2man","NamespaceName":"debian:9","VersionFormat":"dpkg","Version":"1.5.5-4.1","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]}}],"Link":"https://security-tracker.debian.org/tracker/CVE-2013-1444","Description":"A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222.","Metadata":{},"Name":"CVE-2013-1444","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:9/cve-2013-1444","item":{"Vulnerability":{"Name":"CVE-2013-1444","NamespaceName":"debian:9","Description":"A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222.","Severity":"Low","Link":"https://security-tracker.debian.org/tracker/CVE-2013-1444","CVSS":[],"FixedIn":[{"Name":"txt2man","NamespaceName":"debian:9","VersionFormat":"dpkg","Version":"1.5.5-4.1","Module":"","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]},"VulnerableRange":null}],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2022-0456.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2022-0456.json index c6cad8ed..43edace8 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2022-0456.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:9/cve-2022-0456.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:9/cve-2022-0456","item":{"Vulnerability":{"Severity":"Negligible","NamespaceName":"debian:9","FixedIn":[{"Name":"chromium","NamespaceName":"debian:9","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]}}],"Link":"https://security-tracker.debian.org/tracker/CVE-2022-0456","Description":"","Metadata":{},"Name":"CVE-2022-0456","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:9/cve-2022-0456","item":{"Vulnerability":{"Name":"CVE-2022-0456","NamespaceName":"debian:9","Description":"","Severity":"Negligible","Link":"https://security-tracker.debian.org/tracker/CVE-2022-0456","CVSS":[],"FixedIn":[{"Name":"chromium","NamespaceName":"debian:9","VersionFormat":"dpkg","Version":"None","Module":"","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]},"VulnerableRange":null}],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2005-3111.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2005-3111.json index 2593a80c..b25cbaa4 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2005-3111.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2005-3111.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:unstable/cve-2005-3111","item":{"Vulnerability":{"Severity":"Medium","NamespaceName":"debian:unstable","FixedIn":[{"Name":"backupninja","NamespaceName":"debian:unstable","VersionFormat":"dpkg","Version":"0.8-2","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]}}],"Link":"https://security-tracker.debian.org/tracker/CVE-2005-3111","Description":"The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.","Metadata":{},"Name":"CVE-2005-3111","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:unstable/cve-2005-3111","item":{"Vulnerability":{"Name":"CVE-2005-3111","NamespaceName":"debian:unstable","Description":"The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.","Severity":"Medium","Link":"https://security-tracker.debian.org/tracker/CVE-2005-3111","CVSS":[],"FixedIn":[{"Name":"backupninja","NamespaceName":"debian:unstable","VersionFormat":"dpkg","Version":"0.8-2","Module":"","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]},"VulnerableRange":null}],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2007-2383.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2007-2383.json index a954a39b..b53432cf 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2007-2383.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2007-2383.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:unstable/cve-2007-2383","item":{"Vulnerability":{"Severity":"Negligible","NamespaceName":"debian:unstable","FixedIn":[],"Link":"https://security-tracker.debian.org/tracker/CVE-2007-2383","Description":"The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"","Metadata":{},"Name":"CVE-2007-2383","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:unstable/cve-2007-2383","item":{"Vulnerability":{"Name":"CVE-2007-2383","NamespaceName":"debian:unstable","Description":"The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"","Severity":"Negligible","Link":"https://security-tracker.debian.org/tracker/CVE-2007-2383","CVSS":[],"FixedIn":[],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2008-7220.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2008-7220.json index d90119cb..be5a2fe3 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2008-7220.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2008-7220.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:unstable/cve-2008-7220","item":{"Vulnerability":{"Severity":"High","NamespaceName":"debian:unstable","FixedIn":[{"Name":"prototypejs","NamespaceName":"debian:unstable","VersionFormat":"dpkg","Version":"1.6.0.2-1","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]}}],"Link":"https://security-tracker.debian.org/tracker/CVE-2008-7220","Description":"Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make \"cross-site ajax requests\" via unknown vectors.","Metadata":{},"Name":"CVE-2008-7220","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:unstable/cve-2008-7220","item":{"Vulnerability":{"Name":"CVE-2008-7220","NamespaceName":"debian:unstable","Description":"Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make \"cross-site ajax requests\" via unknown vectors.","Severity":"High","Link":"https://security-tracker.debian.org/tracker/CVE-2008-7220","CVSS":[],"FixedIn":[{"Name":"prototypejs","NamespaceName":"debian:unstable","VersionFormat":"dpkg","Version":"1.6.0.2-1","Module":"","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]},"VulnerableRange":null}],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2013-1444.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2013-1444.json index b1b53ddd..ef298adf 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2013-1444.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2013-1444.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:unstable/cve-2013-1444","item":{"Vulnerability":{"Severity":"Low","NamespaceName":"debian:unstable","FixedIn":[{"Name":"txt2man","NamespaceName":"debian:unstable","VersionFormat":"dpkg","Version":"1.5.5-4.1","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]}}],"Link":"https://security-tracker.debian.org/tracker/CVE-2013-1444","Description":"A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222.","Metadata":{},"Name":"CVE-2013-1444","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:unstable/cve-2013-1444","item":{"Vulnerability":{"Name":"CVE-2013-1444","NamespaceName":"debian:unstable","Description":"A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222.","Severity":"Low","Link":"https://security-tracker.debian.org/tracker/CVE-2013-1444","CVSS":[],"FixedIn":[{"Name":"txt2man","NamespaceName":"debian:unstable","VersionFormat":"dpkg","Version":"1.5.5-4.1","Module":"","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]},"VulnerableRange":null}],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2022-0456.json b/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2022-0456.json index d74f2de5..9e559f85 100644 --- a/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2022-0456.json +++ b/tests/unit/providers/debian/test-fixtures/snapshots/debian:unstable/cve-2022-0456.json @@ -1 +1 @@ -{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:unstable/cve-2022-0456","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"debian:unstable","FixedIn":[{"Name":"chromium","NamespaceName":"debian:unstable","VersionFormat":"dpkg","Version":"98.0.4758.80-1","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]}}],"Link":"https://security-tracker.debian.org/tracker/CVE-2022-0456","Description":"","Metadata":{},"Name":"CVE-2022-0456","CVSS":[]}}} +{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"debian:unstable/cve-2022-0456","item":{"Vulnerability":{"Name":"CVE-2022-0456","NamespaceName":"debian:unstable","Description":"","Severity":"Unknown","Link":"https://security-tracker.debian.org/tracker/CVE-2022-0456","CVSS":[],"FixedIn":[{"Name":"chromium","NamespaceName":"debian:unstable","VersionFormat":"dpkg","Version":"98.0.4758.80-1","Module":"","VendorAdvisory":{"NoAdvisory":false,"AdvisorySummary":[]},"VulnerableRange":null}],"Metadata":{}}}} diff --git a/tests/unit/providers/debian/test_debian.py b/tests/unit/providers/debian/test_debian.py index 0d09eb41..676d1932 100644 --- a/tests/unit/providers/debian/test_debian.py +++ b/tests/unit/providers/debian/test_debian.py @@ -7,6 +7,7 @@ import pytest from vunnel import result, workspace from vunnel.providers.debian import Config, Provider, parser +from vunnel.utils.vulnerability import Vulnerability @pytest.fixture() @@ -100,11 +101,14 @@ def test_normalize_json(self, tmpdir, helpers, disable_get_requests): for _rel, vuln_dict in vuln_records.items(): assert isinstance(vuln_dict, dict) assert len(vuln_dict) > 0 - assert all("Vulnerability" in x for x in vuln_dict.values()) - - assert all(x.get("Vulnerability", {}).get("Name") for x in vuln_dict.values()) + for vuln_holder in vuln_dict.values(): + assert isinstance(vuln_holder, dict) + assert "Vulnerability" in vuln_holder + vuln = vuln_holder["Vulnerability"] + assert isinstance(vuln, Vulnerability) + assert len(vuln.Name) > 0 + assert vuln.Description is not None - assert all(x.get("Vulnerability", {}).get("Description") is not None for x in vuln_dict.values()) assert not subject.logger.exception.called, "no exceptions should be logged" def test_get_legacy_records(self, tmpdir, helpers, disable_get_requests, mock_legacy_db):