Vulnsrc rhel: handle "none" CVE impact

Some RHEL CVEs [1] contains "none" string in impact field. This is throwing
warning message when fetching vulnerabilities. The new code handles this
case and it uses advisory severity instead.

[1] https://www.redhat.com/security/data/oval/com.redhat.rhsa-20080038.xml
This commit is contained in:
Ales Raszka 2019-01-02 14:27:08 +01:00
parent 3947073b9e
commit bd7102d963

View File

@ -221,7 +221,7 @@ func parseRHSA(ovalReader io.Reader) (vulnerabilities []database.VulnerabilityWi
for _, currentCve := range definition.Cves { for _, currentCve := range definition.Cves {
vulnerability.Name = currentCve.ID vulnerability.Name = currentCve.ID
vulnerability.Link = currentCve.Href vulnerability.Link = currentCve.Href
if currentCve.Impact != "" { if currentCve.Impact != "" && currentCve.Impact != "none" {
vulnerability.Severity = severity(currentCve.Impact) vulnerability.Severity = severity(currentCve.Impact)
} else { } else {
vulnerability.Severity = severity(definition.Severity) vulnerability.Severity = severity(definition.Severity)