Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CVEDB] Why does the function metric_finder returns unknown or a metrics_id #4578

Open
jloehel opened this issue Nov 18, 2024 · 3 comments · May be fixed by #4682
Open

[CVEDB] Why does the function metric_finder returns unknown or a metrics_id #4578

jloehel opened this issue Nov 18, 2024 · 3 comments · May be fixed by #4682
Assignees

Comments

@jloehel
Copy link

jloehel commented Nov 18, 2024

@Rexbeast2 I don't really get the function metric_finder? The function checks basically if the CVSS_version can be mapped to an existing metrics_id but why unknown ? The metric_finder should return a metrics_id.

if cve["CVSS_version"] == "unknown":
metric = "unknown"

It would make more sense to add a fourth entry to the table metrics called unknown with the id 0 and skip the db check.

METRICS = [
    (0, "UNKNOWN"),
	(1, "EPSS"),
	(2, "CVSS-2"),
	(3, "CVSS-3"),
]

The IDs a predefined and will not change. Something like this should be enough, right?

...
UNKNOWN_METRIC_ID = 0
SUPPORTED_METRIC_VERSIONS = [CVSS_2_METRIC_ID, CVSS_3_METRIC_ID]

def version2metrics_id(self, version):
    if version not in SUPPORTED_METRIC_VERSIONS:
        logger.warning(f"Unsupported metric version: {version}")
        return UNKNOWN_METRIC_ID
    return version
...
                cursor.execute(
                    insert_cve_metrics,
                    [
                        cve["ID"],
                        self.version2metrics_id(cve["CVSS_version"]),
                        cve["score"],
                        cve["CVSS_vector"],
                    ],
                )
@vedpawar2254
Copy link
Contributor

can you assign this to me

@terriko
Copy link
Contributor

terriko commented Dec 27, 2024

@vedpawar2254 done! Convention here is to just add a comment saying you're working on an issue, so don't feel like you have to wait for me to click the assignment button before you start in the future! (I know some projects are more into using the assignment button, but I hardly use it unless someone asks.)

Anyhow, let us know if you have questions about this. It should be fairly straightforwards refactor based on what @jloehel has said above, I think, but don't be afraid to ask questions about the database and data structures since they aren't always obvious!

@vedpawar2254
Copy link
Contributor

Thanks @terriko!, i'll ask if I have any questions

vedpawar2254 added a commit to vedpawar2254/cve-bin-tool that referenced this issue Jan 9, 2025
vedpawar2254 added a commit to vedpawar2254/cve-bin-tool that referenced this issue Jan 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
3 participants