From 79e91d1a4d671376ec7defd50a0f0f24a8662c40 Mon Sep 17 00:00:00 2001 From: ved pawar <85354558+vedpawar2254@users.noreply.github.com> Date: Thu, 9 Jan 2025 14:55:42 +0530 Subject: [PATCH 1/3] Fixes #4578 ([CVEDB] Why does the function metric_finder returns unknown or a metrics_id) --- cve_bin_tool/cvedb.py | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/cve_bin_tool/cvedb.py b/cve_bin_tool/cvedb.py index e8e4fde342..ba9627de71 100644 --- a/cve_bin_tool/cvedb.py +++ b/cve_bin_tool/cvedb.py @@ -45,6 +45,7 @@ DBNAME = "cve.db" OLD_CACHE_DIR = Path("~") / ".cache" / "cvedb" +UNKNOWN_METRIC_ID = 0 EPSS_METRIC_ID = 1 CVSS_2_METRIC_ID = 2 CVSS_3_METRIC_ID = 3 @@ -416,6 +417,9 @@ def init_database(self) -> None: for table in self.TABLE_SCHEMAS: cursor.execute(self.TABLE_SCHEMAS[table]) + # Ensure the UNKNOWN metric exists + self.ensure_unknown_metric(cursor) + # add indexes for index in self.INDEXES: cursor.execute(self.INDEXES[index]) @@ -619,6 +623,7 @@ def populate_metrics(self): # Insert a row without specifying cve_metrics_id insert_metrics = self.INSERT_QUERIES["insert_metrics"] data = [ + (UNKNOWN_METRIC_ID, "UNKNOWN"), (EPSS_METRIC_ID, "EPSS"), (CVSS_2_METRIC_ID, "CVSS-2"), (CVSS_3_METRIC_ID, "CVSS-3"), @@ -632,7 +637,7 @@ def populate_metrics(self): def metric_finder(self, cursor, cve): """ SQL query to retrieve the metrics_name based on the metrics_id - currently cve["CVSS_version"] return 2,3 based on there version and they are mapped accordingly to there metrics name in metrics table. + currently cve["CVSS_version"] return 2,3 based on their version and they are mapped accordingly to their metrics name in metrics table. """ query = """ SELECT metrics_id FROM metrics @@ -640,7 +645,7 @@ def metric_finder(self, cursor, cve): """ metric = None if cve["CVSS_version"] == "unknown": - metric = "unknown" + metric = 0 else: cursor.execute(query, [cve.get("CVSS_version")]) # Fetch all the results of the query and use 'map' to extract only the 'metrics_name' from the result @@ -1173,8 +1178,18 @@ def fetch_from_mirror(self, mirror, pubkey, ignore_signature, log_signature_erro @contextlib.contextmanager def with_cursor(self): + """Context manager for database cursor.""" cursor = self.db_open_and_get_cursor() try: yield cursor finally: self.db_close() + + def ensure_unknown_metric(self, cursor): + """Ensure that the UNKNOWN metric exists in the metrics table.""" + insert_metrics = self.INSERT_QUERIES["insert_metrics"] + try: + cursor.execute(insert_metrics, (UNKNOWN_METRIC_ID, "UNKNOWN")) + except sqlite3.IntegrityError: + # The metric already exists, no action needed + pass From b7369fe2750f05019e308b5b8bce331aa22b087d Mon Sep 17 00:00:00 2001 From: ved pawar <85354558+vedpawar2254@users.noreply.github.com> Date: Fri, 10 Jan 2025 23:31:38 +0530 Subject: [PATCH 2/3] Update cvedb.py --- cve_bin_tool/cvedb.py | 1 - 1 file changed, 1 deletion(-) diff --git a/cve_bin_tool/cvedb.py b/cve_bin_tool/cvedb.py index ba9627de71..f1040b3cb1 100644 --- a/cve_bin_tool/cvedb.py +++ b/cve_bin_tool/cvedb.py @@ -419,7 +419,6 @@ def init_database(self) -> None: # Ensure the UNKNOWN metric exists self.ensure_unknown_metric(cursor) - # add indexes for index in self.INDEXES: cursor.execute(self.INDEXES[index]) From 168d40e3b8532804d203476340beffb905281fde Mon Sep 17 00:00:00 2001 From: ved pawar <85354558+vedpawar2254@users.noreply.github.com> Date: Fri, 7 Feb 2025 13:56:28 +0530 Subject: [PATCH 3/3] changed metric from 0 to UNKNOWN_METRIC_ID --- cve_bin_tool/cvedb.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cve_bin_tool/cvedb.py b/cve_bin_tool/cvedb.py index f1040b3cb1..0f770f3bc0 100644 --- a/cve_bin_tool/cvedb.py +++ b/cve_bin_tool/cvedb.py @@ -644,7 +644,7 @@ def metric_finder(self, cursor, cve): """ metric = None if cve["CVSS_version"] == "unknown": - metric = 0 + metric = UNKNOWN_METRIC_ID else: cursor.execute(query, [cve.get("CVSS_version")]) # Fetch all the results of the query and use 'map' to extract only the 'metrics_name' from the result