From d21ec3c70ae8541c307f09588bfef688c4463344 Mon Sep 17 00:00:00 2001 From: Sabin Date: Thu, 17 Oct 2024 15:08:08 +0545 Subject: [PATCH 1/3] date in flag made optional --- csaf/parser.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/csaf/parser.py b/csaf/parser.py index a0d68cc..aa51480 100644 --- a/csaf/parser.py +++ b/csaf/parser.py @@ -165,12 +165,15 @@ def _process_vulnerabilities(self): if "discovery_date" in vulnerability: vuln_info.set_value("discovery_date", vulnerability["discovery_date"]) if "flags" in vulnerability: + products = [] for flag in vulnerability["flags"]: if "label" in flag: vuln_info.set_value("justification", flag["label"]) - vuln_info.set_value("created", flag["date"]) + if "date" in flag: + vuln_info.set_value("created", flag["date"]) for product in flag["product_ids"]: - vuln_info.set_value("Product", product) + products.append(product) + vuln_info.set_value("Product", products) if "ids" in vulnerability: for id in vulnerability["ids"]: vuln_info.set_value("system_name", vulnerability["text"]) From 58e044a4a5348b40670e2fdd4c16a64474025166 Mon Sep 17 00:00:00 2001 From: Sabin Date: Fri, 18 Oct 2024 17:24:23 +0545 Subject: [PATCH 2/3] updated notes key in metadata for both parser and analyzer --- csaf/analyser.py | 6 +++++- csaf/parser.py | 6 ++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/csaf/analyser.py b/csaf/analyser.py index 4760606..9710ab2 100644 --- a/csaf/analyser.py +++ b/csaf/analyser.py @@ -164,7 +164,11 @@ def analyse(self): if "notes" in self.data["document"]: for note in self.data["document"]["notes"]: # Notes can be multi-line. Split text up across multiple lines - self._multiline(note["title"], note["text"]) + # category and text are mandatory. + if "title" not in note: + self._multiline(note["category"],note["text"]) + else: + self._multiline(note["title"], note["text"]) if "publisher" in self.data["document"]: publisher_info = ( f"{self.data['document']['publisher']['name']} " diff --git a/csaf/parser.py b/csaf/parser.py index aa51480..45d98e2 100644 --- a/csaf/parser.py +++ b/csaf/parser.py @@ -49,7 +49,9 @@ def _process_metadata(self): if "notes" in document: notes = [] for note in document["notes"]: - note_ref = {'title': note["title"], 'text' : note['text'], 'category': note['category']} + note_ref = {'text' : note['text'], 'category': note['category']} + if "title" in note: + note_ref['title']=note["title"] notes.append(note_ref) self.metadata["notes"] = notes if "publisher" in document: @@ -173,7 +175,7 @@ def _process_vulnerabilities(self): vuln_info.set_value("created", flag["date"]) for product in flag["product_ids"]: products.append(product) - vuln_info.set_value("Product", products) + vuln_info.set_value("product", products) if "ids" in vulnerability: for id in vulnerability["ids"]: vuln_info.set_value("system_name", vulnerability["text"]) From 2b3f3cd408bd11e90541a6b42424e742c680e224 Mon Sep 17 00:00:00 2001 From: Sabin Date: Mon, 21 Oct 2024 16:39:21 +0545 Subject: [PATCH 3/3] made cve optional --- csaf/parser.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/csaf/parser.py b/csaf/parser.py index 45d98e2..f93f6d3 100644 --- a/csaf/parser.py +++ b/csaf/parser.py @@ -156,7 +156,8 @@ def _process_vulnerabilities(self): vuln_info = Vulnerability(validation="csaf") for vulnerability in self.data["vulnerabilities"]: vuln_info.initialise() - vuln_info.set_id(vulnerability["cve"]) + if "cve" in vulnerability: + vuln_info.set_id(vulnerability["cve"]) if "title" in vulnerability: vuln_info.set_value("title", vulnerability["title"]) if "cwe" in vulnerability: