fix(RangeGuesser) filter None values

delvelabs · May 29, 2018 · a274320 · a274320
1 parent 19ccb66
commit a274320
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/openwebvulndb/common/cve.py b/openwebvulndb/common/cve.py
@@ -347,9 +347,11 @@ def guess(self, summary, configurations):
         if len(matches) > 0:
             return
 
-        versions = [match_cpe.search(v) for v in configurations]
+        def filter_bad_versions(versions):
+            return [p.group('version') for p in versions if p is not None and p.group('version') is not None]
 
-        versions = VersionCompare.sorted(p.group('version') for p in versions if p.group('version') is not None)
+        versions = filter_bad_versions([match_cpe.search(v) for v in configurations])
+        versions = VersionCompare.sorted(versions)
 
         if len(versions) == 0:
             return

diff --git a/tests/common_test/cve_reader_test.py b/tests/common_test/cve_reader_test.py
@@ -610,6 +610,7 @@ def test_bad_version(self):
         self.guesser.known_versions = ["2.4.3", "2.4.4"]
         self.assertNotIn(VersionRange(fixed_in="3.5"), self.guess("XSS - critical", [
             "cpe:2.3:a:wordpress:wordpress:-",
+            "cpe:2.3:o:debian:debian_linux:9.0",
         ]))
 
     def test_versions_not_found(self):