vulnerablecode icon indicating copy to clipboard operation
vulnerablecode copied to clipboard
verified publisher icon nexB

Huawei Pipeline Added with Tests

Open Rishi-source opened this issue 10 months ago • 3 comments

The following pull request is fixes the issue fixes #1750 and adds a pipeline importer with tests.

Signed-off-by: Rishi Garg [email protected]

Rishi-source avatar Feb 02 '25 16:02 Rishi-source

Hi @TG1999 , Can you please review this pipeline importer.

Rishi-source avatar Feb 08 '25 12:02 Rishi-source

@Rishi-source I am also a contributor for vulnerablecode. You recently pushed code for huawei pipelines. I was working on some other advisories , and wanted to create tests for it , how should I create the JSON files for tests ? The output of my advisory data looks like this. Your help will be really appreciated

AdvisoryData(aliases='CVE-2024-13176', summary='A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.', affected_packages=[AffectedPackage(package=PackageURL(type='openssl', namespace=None, name='openssl', version=None, qualifiers={}, subpath=None), affected_version_range=OpensslVersionRange(constraints=(VersionConstraint(comparator='=', version=OpensslVersion(string='3.4.0')), VersionConstraint(comparator='=', version=OpensslVersion(string='3.4.1')))), fixed_version=None), AffectedPackage(package=PackageURL(type='openssl', namespace=None, name='openssl', version=None, qualifiers={}, subpath=None), affected_version_range=OpensslVersionRange(constraints=(VersionConstraint(comparator='=', version=OpensslVersion(string='3.3.0')), VersionConstraint(comparator='=', version=OpensslVersion(string='3.3.3')))), fixed_version=None), AffectedPackage(package=PackageURL(type='openssl', namespace=None, name='openssl', version=None, qualifiers={}, subpath=None), affected_version_range=OpensslVersionRange(constraints=(VersionConstraint(comparator='=', version=OpensslVersion(string='3.2.0')), VersionConstraint(comparator='=', version=OpensslVersion(string='3.2.4')))), fixed_version=None), AffectedPackage(package=PackageURL(type='openssl', namespace=None, name='openssl', version=None, qualifiers={}, subpath=None), affected_version_range=OpensslVersionRange(constraints=(VersionConstraint(comparator='=', version=OpensslVersion(string='3.1.0')), VersionConstraint(comparator='=', version=OpensslVersion(string='3.1.8')))), fixed_version=None), AffectedPackage(package=PackageURL(type='openssl', namespace=None, name='openssl', version=None, qualifiers={}, subpath=None), affected_version_range=OpensslVersionRange(constraints=(VersionConstraint(comparator='=', version=OpensslVersion(string='3.0.0')), VersionConstraint(comparator='=', version=OpensslVersion(string='3.0.16')))), fixed_version=None), AffectedPackage(package=PackageURL(type='openssl', namespace=None, name='openssl', version=None, qualifiers={}, subpath=None), affected_version_range=OpensslVersionRange(constraints=(VersionConstraint(comparator='=', version=OpensslVersion(string='1.1.1')), VersionConstraint(comparator='=', version=OpensslVersion(string='1.1.1zb')))), fixed_version=None), AffectedPackage(package=PackageURL(type='openssl', namespace=None, name='openssl', version=None, qualifiers={}, subpath=None), affected_version_range=OpensslVersionRange(constraints=(VersionConstraint(comparator='=', version=OpensslVersion(string='1.0.2')), VersionConstraint(comparator='=', version=OpensslVersion(string='1.0.2zl')))), fixed_version=None)], references=[Reference(reference_id='CVE-2024-13176', reference_type='', url='https://www.cve.org/CVERecord?id=CVE-2024-13176', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='', published_at=None)]), Reference(reference_id='CVE-2024-13176', reference_type='', url='https://openssl-library.org/news/secadv/20250120.txt', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='', published_at=None)]), Reference(reference_id='CVE-2024-13176', reference_type='', url='https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='', published_at=None)]), Reference(reference_id='CVE-2024-13176', reference_type='', url='https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='', published_at=None)]), Reference(reference_id='CVE-2024-13176', reference_type='', url='https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='', published_at=None)]), Reference(reference_id='CVE-2024-13176', reference_type='', url='https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='', published_at=None)]), Reference(reference_id='CVE-2024-13176', reference_type='', url='https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='', published_at=None)]), Reference(reference_id='CVE-2024-13176', reference_type='', url='https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='', published_at=None)]), Reference(reference_id='CVE-2024-13176', reference_type='', url='https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='', published_at=None)])], date_published=datetime.datetime(2025, 1, 20, 0, 0, tzinfo=datetime.timezone.utc), weaknesses=[], url='https://openssl-library.org/news/vulnerabilities/index.html#CVE-2024-13176')

kunalsz avatar Feb 11 '25 09:02 kunalsz

Hi @kunalsz, In order to convert the advisory data to json you have to firstly convert your AdvisoryData object to a dictionary

advisory_dict = advisory_data.to_dict()

then import json and convert the dictionary to JSON formatted string.

import json
json_string = json.dumps(advisory_dict)

you can add indent = 2 it enhances the readability of json format. after this print the json string on your cli or save it in the form of file.

Rishi-source avatar Feb 11 '25 09:02 Rishi-source