Skip to content

Commit 0ba0090

Browse files
terrikoterriko
authored
fix: improve comment propagation from lib4vex (#4423)
Lib4vex produces a "comment" field but we were trying to load a "comments" (plural) one and thus not getting any comments parsed by the library. This changes our grab from lib4vex to match what it's producing, and changes the necessary tests that will suddenly be getting the correct data. Signed-off-by: Terri Oda <[email protected]>
1 parent 1cb692c commit 0ba0090

File tree

2 files changed

+5
-5
lines changed

2 files changed

+5
-5
lines changed

cve_bin_tool/vex_manager/parse.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -113,7 +113,7 @@ def __process_vulnerabilities(self, vulnerabilities) -> None:
113113
remarks = self.analysis_state[self.vextype][vuln.get("status")]
114114
justification = vuln.get("justification")
115115
response = vuln.get("remediation")
116-
comments = vuln.get("comments")
116+
comments = vuln.get("comment")
117117
severity = vuln.get("severity") # Severity is not available in Lib4VEX
118118
# Decode the bom reference for cyclonedx and purl for csaf and openvex
119119
product_info = None

test/test_vex.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -173,7 +173,7 @@ class TestVexParse:
173173
},
174174
"CVE-1234-1005": {
175175
"remarks": Remarks.NotAffected,
176-
"comments": "",
176+
"comments": "Detail field populated.",
177177
"response": [],
178178
},
179179
"paths": {},
@@ -187,7 +187,7 @@ class TestVexParse:
187187
): {
188188
"CVE-1234-1007": {
189189
"remarks": Remarks.Mitigated,
190-
"comments": "",
190+
"comments": "Data field populated.",
191191
"response": [],
192192
},
193193
"CVE-1234-1008": {
@@ -212,7 +212,7 @@ class TestVexParse:
212212
},
213213
"CVE-1234-1005": {
214214
"remarks": Remarks.NotAffected,
215-
"comments": "",
215+
"comments": "NotAffected: Detail field populated.",
216216
"response": "will_not_fix",
217217
"justification": "code_not_reachable",
218218
},
@@ -226,7 +226,7 @@ class TestVexParse:
226226
): {
227227
"CVE-1234-1007": {
228228
"remarks": Remarks.Mitigated,
229-
"comments": "",
229+
"comments": "Data field populated.",
230230
"response": [],
231231
},
232232
"CVE-1234-1008": {

0 commit comments

Comments
 (0)