Vulnsrc rhel: handle "none" CVE impact
Some RHEL CVEs [1] contains "none" string in impact field. This is throwing warning message when fetching vulnerabilities. The new code handles this case and it uses advisory severity instead. [1] https://www.redhat.com/security/data/oval/com.redhat.rhsa-20080038.xml
This commit is contained in:
parent
3947073b9e
commit
bd7102d963
@ -221,7 +221,7 @@ func parseRHSA(ovalReader io.Reader) (vulnerabilities []database.VulnerabilityWi
|
|||||||
for _, currentCve := range definition.Cves {
|
for _, currentCve := range definition.Cves {
|
||||||
vulnerability.Name = currentCve.ID
|
vulnerability.Name = currentCve.ID
|
||||||
vulnerability.Link = currentCve.Href
|
vulnerability.Link = currentCve.Href
|
||||||
if currentCve.Impact != "" {
|
if currentCve.Impact != "" && currentCve.Impact != "none" {
|
||||||
vulnerability.Severity = severity(currentCve.Impact)
|
vulnerability.Severity = severity(currentCve.Impact)
|
||||||
} else {
|
} else {
|
||||||
vulnerability.Severity = severity(definition.Severity)
|
vulnerability.Severity = severity(definition.Severity)
|
||||||
|
Loading…
Reference in New Issue
Block a user