nix-security-tracker icon indicating copy to clipboard operation
nix-security-tracker copied to clipboard

Published 20 hours ago verified publisher icon Nix-Security-WG

Extract severity from the `metrics` JSON object

Open fricklerhandwerk opened this issue 1 year ago • 1 comments

Required for https://github.com/Nix-Security-WG/nix-local-security-scanner/issues/51

In CVEs the data could look something like this:

            "metrics": [
                {
                    "other": {
                        "content": {
                            "text": "low"
                        },
                        "type": "Textual description of severity"
                    }
                },
                {
                    "cvssV3_1": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                        "baseScore": 6.4,
                        "baseSeverity": "MEDIUM"
                    }
                }
            ],

but at the time of writing our data model for that is

class Metric(models.Model):
    """Class representing an impact information related to a CVE record."""

    format = models.CharField(max_length=64)
    scenarios = models.ManyToManyField(Description)
    content = models.JSONField()


class Container(models.Model):
    # ...
    metrics = models.ManyToManyField(Metric)

fricklerhandwerk avatar Dec 11 '23 19:12 fricklerhandwerk