[Git][security-tracker-team/security-tracker][master] 3 commits: check-new-issues: fix crash if there are no products

Emilio Pozuelo Monfort (@pochu) pochu at debian.org
Thu Mar 13 06:52:41 GMT 2025 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3412b0d0 by Emilio Pozuelo Monfort at 2025-03-13T07:52:02+01:00
check-new-issues: fix crash if there are no products

If product info has been removed, we would crash. That can happen
if a CVE has been rejected while we still have it as TODO.

- - - - -
fe0bc2f5 by Emilio Pozuelo Monfort at 2025-03-13T07:52:02+01:00
check-new-issues: fix crash if there is no description

This can also happen if the CVE has been rejected.

- - - - -
36099623 by Emilio Pozuelo Monfort at 2025-03-13T07:52:02+01:00
check-new-issues: add support for title field

- - - - -


1 changed file:

- bin/check-new-issues


Changes:

=====================================
bin/check-new-issues
=====================================
@@ -96,6 +96,15 @@ def print_urls(cve_id):
                 print('Reference: ' + ref['url'])
             print("")
 
+def get_cve5_title(cve_id):
+    cve = get_cve5(cve_id)
+
+    if cve:
+        if 'title' in cve['containers']['cna']:
+            return cve['containers']['cna']['title']
+
+    return None
+
 def get_cve5_description(cve_id):
     cve = get_cve5(cve_id)
     desc = None
@@ -207,15 +216,21 @@ def nfu_entry_matches(nfu_entry, cve5):
     if 'cna' in nfu_entry and nfu_entry['cna'] == cna_name:
         return True
 
-    products = [ affected['product'] for affected in cve5['containers']['cna']['affected'] if 'product' in affected ]
-    # only mark it if there's a single product, in case the CVE affects various
-    # projects and one of the others applies to us
-    if 'product' in nfu_entry and len(products) == 1 and nfu_entry['product'] in products:
-        return True
+    if 'affected' in cve5['containers']['cna']:
+        products = [ affected['product'] for affected in cve5['containers']['cna']['affected'] if 'product' in affected ]
+        # only mark it if there's a single product, in case the CVE affects various
+        # projects and one of the others applies to us
+        if 'product' in nfu_entry and len(products) == 1 and nfu_entry['product'] in products:
+            return True
+
+    if 'title' in nfu_entry:
+        cve5_title = get_cve5_title(cve5['cveMetadata']['cveId'])
+        if cve5_title and re.fullmatch(nfu_entry['title'], cve5_title):
+            return True
 
     if 'description' in nfu_entry:
         cve5_desc = get_cve5_description(cve5['cveMetadata']['cveId'])
-        if re.fullmatch(nfu_entry['description'], cve5_desc):
+        if cve5_desc and re.fullmatch(nfu_entry['description'], cve5_desc):
             return True
 
     return False



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5517e1b8e2533035f0ec5376e6a2c334cc754e8d...360996236ce0e0021798d6733fe9759e6684c59f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5517e1b8e2533035f0ec5376e6a2c334cc754e8d...360996236ce0e0021798d6733fe9759e6684c59f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250313/7ad58908/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list