fix: Unknown CVEs in output (#1429)

anthonyharrison · web-flow · commit 0210dd53b665 · 2021-10-28T14:51:49.000-07:00
diff --git a/cve_bin_tool/cli.py b/cve_bin_tool/cli.py
@@ -460,7 +460,7 @@ def main(argv=None):
             )
             parsed_data = package_list.parse_list()
             for product_info, triage_data in parsed_data.items():
-                LOGGER.warning(f"{product_info}, {triage_data}")
+                LOGGER.debug(f"{product_info}, {triage_data}")
                 cve_scanner.get_cves(product_info, triage_data)
 
         if args["input_file"]:
@@ -470,7 +470,7 @@ def main(argv=None):
             parsed_data = input_engine.parse_input()
             if not args["directory"]:
                 for product_info, triage_data in parsed_data.items():
-                    LOGGER.warning(f"{product_info}, {triage_data}")
+                    LOGGER.debug(f"{product_info}, {triage_data}")
                     cve_scanner.get_cves(product_info, triage_data)
         if args["directory"]:
             version_scanner = VersionScanner(
@@ -504,7 +504,7 @@ def main(argv=None):
                 f"The number of products to process from SBOM - {len(parsed_data)}"
             )
             for product_info, triage_data in parsed_data.items():
-                LOGGER.warning(f"{product_info}, {triage_data}")
+                LOGGER.debug(f"{product_info}, {triage_data}")
                 cve_scanner.get_cves(product_info, triage_data)
 
         LOGGER.info("")
diff --git a/cve_bin_tool/cve_scanner.py b/cve_bin_tool/cve_scanner.py
@@ -231,7 +231,6 @@ def get_cves(self, product_info: ProductInfo, triage_data: TriageData):
             self.logger.debug(
                 f"No CVEs found for {product_info}. Is the vendor/product info correct?"
             )
-            self.all_cve_data[product_info]["cves"] = [CVE("UNKNOWN", "UNKNOWN")]
 
     def openssl_convert(self, version: str) -> str:
         """pkg_resources follows pep-440 which doesn't expect openssl style 1.1.0g version numbering
diff --git a/cve_bin_tool/package_list_parser/__init__.py b/cve_bin_tool/package_list_parser/__init__.py
@@ -164,7 +164,7 @@ def parse_data(self):
             self.parsed_data_with_vendor[product_info][
                 row.get("cve_number", "").strip() or "default"
             ] = {
-                "remarks": Remarks(str(row.get("remarks", "")).strip()),
+                "remarks": Remarks.NewFound,
                 "comments": row.get("comments", "").strip(),
                 "severity": row.get("severity", "").strip(),
             }
diff --git a/test/test_package_list_parser.py b/test/test_package_list_parser.py
@@ -25,30 +25,30 @@ class TestPackageListParser:
 
     REQ_PARSED_TRIAGE_DATA = {
         ProductInfo(vendor="httplib2_project*", product="httplib2", version="0.18.1"): {
-            "default": {"remarks": Remarks.Unexplored, "comments": "", "severity": ""},
+            "default": {"remarks": Remarks.NewFound, "comments": "", "severity": ""},
             "paths": {""},
         },
         ProductInfo(vendor="python*", product="requests", version="2.25.1"): {
-            "default": {"remarks": Remarks.Unexplored, "comments": "", "severity": ""},
+            "default": {"remarks": Remarks.NewFound, "comments": "", "severity": ""},
             "paths": {""},
         },
         ProductInfo(vendor="html5lib*", product="html5lib", version="0.99"): {
-            "default": {"remarks": Remarks.Unexplored, "comments": "", "severity": ""},
+            "default": {"remarks": Remarks.NewFound, "comments": "", "severity": ""},
             "paths": {""},
         },
     }
 
     UBUNTU_PARSED_TRIAGE_DATA = {
         ProductInfo(vendor="gnu*", product="bash", version="5.0-6ubuntu1.1"): {
-            "default": {"remarks": Remarks.Unexplored, "comments": "", "severity": ""},
+            "default": {"remarks": Remarks.NewFound, "comments": "", "severity": ""},
             "paths": {""},
         },
         ProductInfo(vendor="gnu*", product="binutils", version="2.34-6ubuntu1.1"): {
-            "default": {"remarks": Remarks.Unexplored, "comments": "", "severity": ""},
+            "default": {"remarks": Remarks.NewFound, "comments": "", "severity": ""},
             "paths": {""},
         },
         ProductInfo(vendor="gnu*", product="wget", version="1.20.3-1ubuntu1"): {
-            "default": {"remarks": Remarks.Unexplored, "comments": "", "severity": ""},
+            "default": {"remarks": Remarks.NewFound, "comments": "", "severity": ""},
             "paths": {""},
         },
     }

Original file line number	Diff line number	Diff line change
`@@ -231,7 +231,6 @@ def get_cves(self, product_info: ProductInfo, triage_data: TriageData):`
`231`	`231`	`self.logger.debug(`
`232`	`232`	`f"No CVEs found for {product_info}. Is the vendor/product info correct?"`
`233`	`233`	`)`
`234`		`- self.all_cve_data[product_info]["cves"] = [CVE("UNKNOWN", "UNKNOWN")]`
`235`	`234`
`236`	`235`	`def openssl_convert(self, version: str) -> str:`
`237`	`236`	`"""pkg_resources follows pep-440 which doesn't expect openssl style 1.1.0g version numbering`
Original file line number	Diff line number	Diff line change
`@@ -164,7 +164,7 @@ def parse_data(self):`
`164`	`164`	`self.parsed_data_with_vendor[product_info][`
`165`	`165`	`row.get("cve_number", "").strip() or "default"`
`166`	`166`	`] = {`
`167`		`- "remarks": Remarks(str(row.get("remarks", "")).strip()),`
	`167`	`+ "remarks": Remarks.NewFound,`
`168`	`168`	`"comments": row.get("comments", "").strip(),`
`169`	`169`	`"severity": row.get("severity", "").strip(),`
`170`	`170`	`}`