[Git][security-tracker-team/security-tracker][master] check-new-issues: Check if product key for specific CVE cna container is defined

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 4 07:32:01 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5b308fde by Salvatore Bonaccorso at 2025-03-04T07:55:15+01:00
check-new-issues: Check if product key for specific CVE cna container is defined

There seem to be CVE entries where the cna container when listing the
affected product does not contain an actual 'product' assigned. Check
for this case to avoid an error:

	Traceback (most recent call last):
	  File "/home/carnil/src/security-tracker/security-tracker/./bin/check-new-issues", line 503, in <module>
	    if nfu_entry := auto_nfu(todo, nfu_entries):
			    ~~~~~~~~^^^^^^^^^^^^^^^^^^^
	  File "/home/carnil/src/security-tracker/security-tracker/./bin/check-new-issues", line 228, in auto_nfu
	    if nfu_entry_matches(nfu_entry, cve5):
	       ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
	  File "/home/carnil/src/security-tracker/security-tracker/./bin/check-new-issues", line 210, in nfu_entry_matches
	    products = [ affected['product'] for affected in cve5['containers']['cna']['affected'] ]
			 ~~~~~~~~^^^^^^^^^^^
	KeyError: 'product'

Suggested-by: Sebastien Delafond <seb at debian.org>
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -


1 changed file:

- bin/check-new-issues


Changes:

=====================================
bin/check-new-issues
=====================================
@@ -207,7 +207,7 @@ def nfu_entry_matches(nfu_entry, cve5):
     if 'cna' in nfu_entry and nfu_entry['cna'] == cna_name:
         return True
 
-    products = [ affected['product'] for affected in cve5['containers']['cna']['affected'] ]
+    products = [ affected['product'] for affected in cve5['containers']['cna']['affected'] if 'product' in affected ]
     # only mark it if there's a single product, in case the CVE affects various
     # projects and one of the others applies to us
     if 'product' in nfu_entry and len(products) == 1 and nfu_entry['product'] in products:



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b308fdebf5fbd10fb9e01caa628d3d26559b5b5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b308fdebf5fbd10fb9e01caa628d3d26559b5b5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250304/7e03ff11/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list