fix: don't scan if vendor is "UNKNOWN" (#1436) (#1439)

anthonyharrison · web-flow · commit b87bad79c913 · 2021-11-08T13:03:57.000-08:00
* Fixes #1436
diff --git a/cve_bin_tool/cve_scanner.py b/cve_bin_tool/cve_scanner.py
@@ -55,6 +55,9 @@ def get_cves(self, product_info: ProductInfo, triage_data: TriageData):
         Example:
             nvd.get_cves('haxx', 'curl', '7.34.0')
         """
+        if product_info.vendor == "UNKNOWN":
+            return
+
         if product_info in self.all_cve_data:
             # If product_info already in all_cve_data no need to fetch cves from database again
             # We just need to update paths.
diff --git a/cve_bin_tool/package_list_parser/__init__.py b/cve_bin_tool/package_list_parser/__init__.py
@@ -152,10 +152,6 @@ def add_vendor(self, vendor_package_pairs):
                     self.package_names_without_vendor.remove(package_name)
                     break
 
-        for package_name in self.package_names_without_vendor:
-            package_name["vendor"] = "UNKNOWN"
-            self.package_names_with_vendor.append(package_name)
-
     def parse_data(self):
         for row in self.package_names_with_vendor:
             product_info = ProductInfo(
