fix: #159 vulnz is failing cve caching from NVD due to an introduced …

…'cveTags' property. Fix adds ignore unknown properties flag on CveItem.java to support new introduced properties without failing.
jeremylong · Mar 21, 2024 · 461653a · 461653a
1 parent 5988546
commit 461653a
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 0 deletions.
diff --git a/...lity-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CveItem.java b/...lity-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CveItem.java
@@ -19,6 +19,7 @@
 import com.fasterxml.jackson.annotation.JsonFormat;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonPropertyDescription;
 import com.fasterxml.jackson.annotation.JsonPropertyOrder;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
@@ -30,6 +31,7 @@
 import java.util.Objects;
 
 @JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
 @JsonPropertyOrder({"id", "sourceIdentifier", "published", "lastModified", "vulnStatus", "evaluatorComment",
         "evaluatorSolution", "evaluatorImpact", "cisaExploitAdd", "cisaActionDue", "cisaRequiredAction",
         "cisaVulnerabilityName", "descriptions", "vendorComments", "metrics", "weaknesses", "configurations",

diff --git a/...clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java b/...clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java
@@ -338,6 +338,8 @@ public Collection<DefCveItem> next() {
                         current = objectMapper.readValue(json, CveApiJson20.class);
                         this.indexesToRetrieve.remove(call.getStartIndex());
                     } catch (JsonProcessingException e) {
+                        LOG.debug("Error processing NVD data", e);
+                        // really re-fetch the same data?
                         return next();
                     }
                     this.totalAvailable = current.getTotalResults();

diff --git a/open-vulnerability-clients/src/test/resources/nvd.json b/open-vulnerability-clients/src/test/resources/nvd.json
@@ -13,6 +13,14 @@
         "published": "2008-07-27T22:41:00.000",
         "lastModified": "2017-08-08T01:31:28.247",
         "vulnStatus": "Modified",
+        "cveTags": [
+          {
+            "sourceIdentifier": "[email protected]",
+            "tags": [
+              "disputed"
+            ]
+          }
+        ],
         "descriptions": [
           {
             "lang": "en",