You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by hu...@apache.org on 2023/01/17 16:52:49 UTC
[httpd-site] branch main updated: better logic for data version
This is an automated email from the ASF dual-hosted git repository.
humbedooh pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/httpd-site.git
The following commit(s) were added to refs/heads/main by this push:
new f88f38c better logic for data version
f88f38c is described below
commit f88f38cbe579f9d83ae582da57ef9d0e48f97404
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Tue Jan 17 17:52:44 2023 +0100
better logic for data version
We need to differentiate between the 4.0 and 5.0 formats.
The 5.0 format has a dataType and dataVersion tag we can use. If not found, fall back to 4.0
---
content/security/cvejsontohtml.py | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/content/security/cvejsontohtml.py b/content/security/cvejsontohtml.py
index e9f7324..f386655 100644
--- a/content/security/cvejsontohtml.py
+++ b/content/security/cvejsontohtml.py
@@ -19,6 +19,7 @@ def natural_sort_key(s, _nsre=re.compile('([0-9]+)')):
filterversion = options.filterversion or ""
cves = []
entries = {}
+DEFAULT_CVE_DATA_VERSION = "4.0" # Default (old) CVE data version
for x in os.listdir(options.directory or "./"):
if x.endswith(".json"):
@@ -32,10 +33,15 @@ for x in os.listdir(options.directory or "./"):
# Filter on version and store by release(s) that fixed it
for cve in cves:
- if "CVE_data_meta" in cve: # Old style JSON
+ # Establish which version of CVE JSON we are dealing with
+ data_version = DEFAULT_CVE_DATA_VERSION
+ if cve.get("dataType") == "CVE":
+ data_version = cve.get("dataVersion", DEFAULT_CVE_DATA_VERSION)
+
+ if data_version == DEFAULT_CVE_DATA_VERSION: # Old style CVE
timearray = cve["timeline"]
cve["id"] = cve["CVE_data_meta"]["ID"]
- else: # Newer style JSON
+ elif data_version == "5.0": # Newer style JSON
timearray = cve["containers"]["cna"]["timeline"]
cve["id"] = cve["cveMetadata"]["cveId"]
for time in timearray: