Skip to content

Commit

Permalink
Fix debian OVAL importer
Browse files Browse the repository at this point in the history 
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
  • Loading branch information
@TG1999
TG1999 committed Dec 7, 2023
1 parent 514624b commit dc900e1
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 4 deletions.
4 changes: 2 additions & 2 deletions vulnerabilities/importer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -431,7 +431,6 @@ def get_data_from_xml_doc(
# connected/linked to an OvalDefinition
vuln_id = definition_data["vuln_id"]
description = definition_data["description"]

severities = []
severity = definition_data.get("severity")
if severity:
Expand All @@ -453,7 +452,8 @@ def get_data_from_xml_doc(
except Exception as e:
logger.error(
f"Failed to parse version range {affected_version_range!r} "
f"for package {package_name!r}:\n{e}"
f"for package {package_name!r}:\n{e}\n"
f"{definition_data!r}"
)
continue
if package_name:
Expand Down
6 changes: 4 additions & 2 deletions vulnerabilities/importers/debian_oval.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
#


import bz2
import xml.etree.ElementTree as ET

import requests
Expand Down Expand Up @@ -64,9 +65,10 @@ def __init__(self, *args, **kwargs):
def _fetch(self):
releases = ["wheezy", "stretch", "jessie", "buster", "bullseye"]
for release in releases:
file_url = f"https://www.debian.org/security/oval/oval-definitions-{release}.xml"
file_url = f"https://www.debian.org/security/oval/oval-definitions-{release}.xml.bz2"
resp = requests.get(file_url).content
extracted = bz2.decompress(resp)
yield (
{"type": "deb", "namespace": "debian", "qualifiers": {"distro": release}},
ET.ElementTree(ET.fromstring(resp.decode("utf-8"))),
ET.ElementTree(ET.fromstring(extracted.decode("utf-8"))),
)

0 comments on commit dc900e1

Please sign in to comment.