Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 08:58:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 114

Vuln cron fail fix (#21240)

Browse source 
#21239 

This PR fixes the generated vuln JSON files, which would get the current
customers up and running.

QA Done:

- New vuln JSON files generated at:
https://github.com/getvictor/vulnerabilities/releases
- Ran local server with new vuln JSON files by setting `export
TEST_VULN_GITHUB_OWNER=getvictor`
- Diff of JSON files from https://github.com/fleetdm/vulnerabilities and
https://github.com/getvictor/vulnerabilities

Steps for diff:
```
mkdir new
cd new
gh release download cve-202408111650 -D . -R getvictor/vulnerabilities
gunzip *.gz
cd ../
mkdir old
cd old
gh release download cve-202408111637 -D . -R fleetdm/vulnerabilities
gunzip *.gz
cd ..
diff old new
```

Diff results also remove a few Rejected CVEs from JSON files. The 2024
results also have a few minor diffs that don't seem significant.
This commit is contained in:
Victor Lyuboslavsky 2024-08-11 20:57:29 +02:00 committed by GitHub
parent 16f63482b9
commit 1176afbb0b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 18 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
server/vulnerabilities/nvd/sync/cve_syncer.go
View file

@ -781,15 +781,31 @@ func convertAPI20CVEToLegacy(cve nvdapi.CVE, logger log.Logger) *schema.NVDCVEFe
descriptions := make([]*schema.CVEJSON40LangString, 0, len(cve.Descriptions))
for _, description := range cve.Descriptions {
// Keep only english descriptions to match the legacy.
if description.Lang != "en" {
var lang string
switch {
case description.Lang == "en":
lang = description.Lang
case description.Lang == "en-US":
// This occurred starting with Microsoft CVE-2024-38200
lang = "en"
default:
// Non-english descriptions are ignored.
continue
}
descriptions = append(descriptions, &schema.CVEJSON40LangString{
Lang: description.Lang,
Lang: lang,
Value: description.Value,
})
}
if len(descriptions) == 0 {
// Populate a blank description to prevent Fleet cron job from crashing: https://github.com/fleetdm/fleet/issues/21239
descriptions = append(descriptions, &schema.CVEJSON40LangString{
Lang: "en",
Value: "",
})
}
problemtypeData := make([]*schema.CVEJSON40ProblemtypeProblemtypeData, 0, len(cve.Weaknesses))
if len(cve.Weaknesses) == 0 {
problemtypeData = append(problemtypeData, &schema.CVEJSON40ProblemtypeProblemtypeData{