From a2743206d7f4155c3f8af8734dd22ecd954f99ad Mon Sep 17 00:00:00 2001
From: Keven Marin <keven@delvelabs.ca>
Date: Tue, 29 May 2018 14:06:13 +0000
Subject: [PATCH] fix(RangeGuesser) filter None values

---
 openwebvulndb/common/cve.py          | 6 ++++--
 tests/common_test/cve_reader_test.py | 1 +
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/openwebvulndb/common/cve.py b/openwebvulndb/common/cve.py
index b0273ab..68e4587 100644
--- a/openwebvulndb/common/cve.py
+++ b/openwebvulndb/common/cve.py
@@ -347,9 +347,11 @@ def guess(self, summary, configurations):
         if len(matches) > 0:
             return
 
-        versions = [match_cpe.search(v) for v in configurations]
+        def filter_bad_versions(versions):
+            return [p.group('version') for p in versions if p is not None and p.group('version') is not None]
 
-        versions = VersionCompare.sorted(p.group('version') for p in versions if p.group('version') is not None)
+        versions = filter_bad_versions([match_cpe.search(v) for v in configurations])
+        versions = VersionCompare.sorted(versions)
 
         if len(versions) == 0:
             return
diff --git a/tests/common_test/cve_reader_test.py b/tests/common_test/cve_reader_test.py
index 07158b2..5028d80 100644
--- a/tests/common_test/cve_reader_test.py
+++ b/tests/common_test/cve_reader_test.py
@@ -610,6 +610,7 @@ def test_bad_version(self):
         self.guesser.known_versions = ["2.4.3", "2.4.4"]
         self.assertNotIn(VersionRange(fixed_in="3.5"), self.guess("XSS - critical", [
             "cpe:2.3:a:wordpress:wordpress:-",
+            "cpe:2.3:o:debian:debian_linux:9.0",
         ]))
 
     def test_versions_not_found(self):