Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: parse CPE names correctly #4041 #4063

Merged
merged 4 commits into from
Apr 25, 2024
Merged

fix: parse CPE names correctly #4041 #4063

merged 4 commits into from
Apr 25, 2024

Conversation

fthdrmzzz
Copy link
Contributor

This PR fixes issue #4041. I have parsed cpe names with regex to basically escape `:``s in the cpe name.

@fthdrmzzz
fix: parse CPE names correctly intel#4041
292479d 
Signed-off-by: fthdrmzzz <mail.fatih.durmaz@gmail.com>
fthdrmzzz
fthdrmzzz commented Apr 22, 2024
View reviewed changes
cve_bin_tool/data_sources/nvd_source.py Outdated
@@ -183,7 +183,8 @@ def parse_node(self, node: dict[str, list[dict[str, str]]]) -> list[dict[str, st
if "cpe_match" in node:
vulnerable_matches = (m for m in node["cpe_match"] if m["vulnerable"])
for cpe_match in vulnerable_matches:
cpe_split = cpe_match["cpe23Uri"].split(":")
cpe_uri = cpe_match["cpe23Uri"]
cpe_split = re.split(r"(?<!\\):", cpe_uri)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here regex pattern splits with :'s only if there is no preceding \\.

terriko
terriko requested changes Apr 23, 2024
View reviewed changes
Copy link
Contributor

@terriko terriko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor change: If it's worth putting a comment in the PR, it's probably worth putting the comment in the code! (especially since regexes can be a pain to read) And I condensed things into a single line because I felt like it went better with the comment, though that's an entirely subjective choice.

Since these changes shouldn't make any functional diference, I'm going to merge them and let the tests re-run and this will probably be approved thereafter.

Also, this is making me wonder if we have a similar issue in the SBOM CPE code...

cve_bin_tool/data_sources/nvd_source.py Outdated Show resolved Hide resolved
cve_bin_tool/data_sources/nvd_source.py Outdated Show resolved Hide resolved
@terriko
Copy link
Contributor

terriko commented Apr 23, 2024

Ah, nevermind, looks like you didn't grant me permission to merge to your branch. So I'll leave merging the suggestions to you!

But I want to say again that this looks great and thank you very much for spotting this issue and fixing it!

@terriko terriko mentioned this pull request Apr 23, 2024
Closed
fthdrmzzz and others added 3 commits April 25, 2024 15:11
@fthdrmzzz
Copy link
Contributor Author

Ah, nevermind, looks like you didn't grant me permission to merge to your branch. So I'll leave merging the suggestions to you!

But I want to say again that this looks great and thank you very much for spotting this issue and fixing it!

Thank you for having time to review it quickly. I have merged your suggestions.

@codecov-commenter
Copy link

codecov-commenter commented Apr 25, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 50.00000% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 81.97%. Comparing base (d6cbe40) to head (6fda4c3).
Report is 191 commits behind head on main.

Files Patch % Lines
cve_bin_tool/data_sources/nvd_source.py 50.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4063      +/-   ##
==========================================
+ Coverage   75.41%   81.97%   +6.56%     
==========================================
  Files         808      820      +12     
  Lines       11983    12533     +550     
  Branches     1598     1941     +343     
==========================================
+ Hits         9037    10274    +1237     
+ Misses       2593     1844     -749     
- Partials      353      415      +62
Flag Coverage Δ
longtests 81.04% <50.00%> (+5.62%) ⬆️
win-longtests 79.77% <50.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

terriko
terriko approved these changes Apr 25, 2024
View reviewed changes
Copy link
Contributor

@terriko terriko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Merge time! Thank you again, and congratulations on your first merged commit with us @fthdrmzzz !

@terriko terriko merged commit daea8e4 into intel:main Apr 25, 2024
22 checks passed
@fthdrmzzz fthdrmzzz deleted the mybranch branch April 26, 2024 07:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@terriko terriko terriko approved these changes

Assignees
No one assigned
Labels
awaiting CI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fthdrmzzz @terriko @codecov-commenter