Skip to content

Commit

Permalink
fix: adjust scan matching to require detectedIn match
Browse files Browse the repository at this point in the history
  • Loading branch information
jdstrand committed Aug 18, 2023
1 parent 50080f8 commit 3fd9bc9
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 13 deletions.
16 changes: 9 additions & 7 deletions cvelib/scan.py
Original file line number Diff line number Diff line change
Expand Up @@ -145,12 +145,15 @@ def matches(self, b: "ScanOCI") -> Tuple[bool, bool]:
"""Test if self and b match in meaningful ways. Returns fuzzy and
precise tuple
"""
if self.advisory != b.advisory or self.component != b.component:
if (
self.advisory != b.advisory
or self.component != b.component
or self.detectedIn != b.detectedIn
):
return False, False

if (
self.detectedIn != b.detectedIn
or self.versionAffected != b.versionAffected
self.versionAffected != b.versionAffected
or self.versionFixed != b.versionFixed
or self.severity != b.severity
):
Expand All @@ -168,16 +171,15 @@ def _diff(a: "ScanOCI", b: "ScanOCI", attrib: str, precise: bool):
if attrib == "versionFixed":
attrib_p = "fixedBy"

# only show diff for versions, detectedIn and severity (the fuzzy
# matching parts)
# only show diff for versions and severity (the fuzzy matching
# parts)
if getattr(a, attrib) == getattr(b, attrib) or (
not precise
and attrib
not in [
"versionAffected",
"versionFixed",
"severity",
"detectedIn",
]
):
return " %s: %s\n" % (attrib_p, getattr(a, attrib))
Expand Down Expand Up @@ -515,7 +517,7 @@ def getScanOCIsReportTemplates(
cve_items: Dict[str, int] = {}
scan_reports: str = ""
highest: int = 0
for oci in sorted(ocis, key=lambda i: (i.component, i.advisory)):
for oci in sorted(ocis, key=lambda i: (i.component, i.advisory, i.detectedIn)):
cur: int = sev.index(oci.severity)
if cur > highest:
highest = cur
Expand Down
9 changes: 3 additions & 6 deletions tests/test_scan.py
Original file line number Diff line number Diff line change
Expand Up @@ -442,7 +442,6 @@ def test_diff(self):
b_diff["fixedBy"] = "1.2.4"
b_diff["severity"] = "low"
b_diff["status"] = "needs-triage"
b_diff["detectedIn"] = "Other Distro"

tsts = [
# a, b, precise, expected
Expand All @@ -466,8 +465,7 @@ def test_diff(self):
False,
""" - type: oci
component: foo
- detectedIn: Some Distro
+ detectedIn: Other Distro
detectedIn: Some Distro
advisory: https://www.cve.org/CVERecord?id=CVE-2023-0001
version: 1.2.2
- fixedBy: 1.2.3
Expand All @@ -483,8 +481,7 @@ def test_diff(self):
True,
""" - type: oci
component: foo
- detectedIn: Some Distro
+ detectedIn: Other Distro
detectedIn: Some Distro
advisory: https://www.cve.org/CVERecord?id=CVE-2023-0001
version: 1.2.2
- fixedBy: 1.2.3
Expand All @@ -499,7 +496,7 @@ def test_diff(self):

for a, b, precise, exp in tsts:
res = a.diff(b, precise=precise)
self.assertEqual(exp, res)
self.assertEqual(exp, res, msg=res)

def test_parse(self):
"""Test parse()"""
Expand Down

0 comments on commit 3fd9bc9

Please sign in to comment.