From 461653a054505e74dede5f595c9449bc61a7acf7 Mon Sep 17 00:00:00 2001 From: Marko Reiprecht Date: Thu, 21 Mar 2024 18:09:05 +0100 Subject: [PATCH] fix: #159 vulnz is failing cve caching from NVD due to an introduced 'cveTags' property. Fix adds ignore unknown properties flag on CveItem.java to support new introduced properties without failing. --- .../jeremylong/openvulnerability/client/nvd/CveItem.java | 2 ++ .../openvulnerability/client/nvd/NvdCveClient.java | 2 ++ open-vulnerability-clients/src/test/resources/nvd.json | 8 ++++++++ 3 files changed, 12 insertions(+) diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CveItem.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CveItem.java index 497d191a..65b82e5b 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CveItem.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CveItem.java @@ -19,6 +19,7 @@ import com.fasterxml.jackson.annotation.JsonFormat; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonPropertyDescription; import com.fasterxml.jackson.annotation.JsonPropertyOrder; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; @@ -30,6 +31,7 @@ import java.util.Objects; @JsonInclude(JsonInclude.Include.NON_NULL) +@JsonIgnoreProperties(ignoreUnknown = true) @JsonPropertyOrder({"id", "sourceIdentifier", "published", "lastModified", "vulnStatus", "evaluatorComment", "evaluatorSolution", "evaluatorImpact", "cisaExploitAdd", "cisaActionDue", "cisaRequiredAction", "cisaVulnerabilityName", "descriptions", "vendorComments", "metrics", "weaknesses", "configurations", diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java index 582c7efd..db08e899 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java @@ -338,6 +338,8 @@ public Collection next() { current = objectMapper.readValue(json, CveApiJson20.class); this.indexesToRetrieve.remove(call.getStartIndex()); } catch (JsonProcessingException e) { + LOG.debug("Error processing NVD data", e); + // really re-fetch the same data? return next(); } this.totalAvailable = current.getTotalResults(); diff --git a/open-vulnerability-clients/src/test/resources/nvd.json b/open-vulnerability-clients/src/test/resources/nvd.json index 9ad93468..1d2d9b8f 100644 --- a/open-vulnerability-clients/src/test/resources/nvd.json +++ b/open-vulnerability-clients/src/test/resources/nvd.json @@ -13,6 +13,14 @@ "published": "2008-07-27T22:41:00.000", "lastModified": "2017-08-08T01:31:28.247", "vulnStatus": "Modified", + "cveTags": [ + { + "sourceIdentifier": "cve@mitre.org", + "tags": [ + "disputed" + ] + } + ], "descriptions": [ { "lang": "en",