Extract severity from the metrics JSON object #112

New issue

Closed

opened 2023-12-11 19:35:16 +00:00 by fricklerhandwerk · 1 comment

fricklerhandwerk commented 2023-12-11 19:35:16 +00:00 (Migrated from github.com)

Copy link

Required for https://github.com/Nix-Security-WG/nix-local-security-scanner/issues/51

In CVEs the data could look something like this:

            "metrics": [
                {
                    "other": {
                        "content": {
                            "text": "low"
                        },
                        "type": "Textual description of severity"
                    }
                },
                {
                    "cvssV3_1": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                        "baseScore": 6.4,
                        "baseSeverity": "MEDIUM"
                    }
                }
            ],

but at the time of writing our data model for that is

class Metric(models.Model):
    """Class representing an impact information related to a CVE record."""

    format = models.CharField(max_length=64)
    scenarios = models.ManyToManyField(Description)
    content = models.JSONField()


class Container(models.Model):
    # ...
    metrics = models.ManyToManyField(Metric)

Required for https://github.com/Nix-Security-WG/nix-local-security-scanner/issues/51 In CVEs the data could look something like this: ```json "metrics": [ { "other": { "content": { "text": "low" }, "type": "Textual description of severity" } }, { "cvssV3_1": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM" } } ], ``` but at the time of writing our data model for that is ```python class Metric(models.Model): """Class representing an impact information related to a CVE record.""" format = models.CharField(max_length=64) scenarios = models.ManyToManyField(Description) content = models.JSONField() class Container(models.Model): # ... metrics = models.ManyToManyField(Metric) ```

RaitoBezarius commented 2024-10-04 20:43:09 +00:00 (Migrated from github.com)

Copy link

This will be implemented as a data migration and a modification to the CVE ingester to parse immediately metrics further.

This will be implemented as a data migration and a modification to the CVE ingester to parse immediately metrics further.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

npins-auto-update

No results found.

Labels

Clear labels   

automation

  

backend

something the web server needs to provide the frontend with

  

bug

Something isn't working

  

contributor experience

  

data

something about quality or quantity of ingested data

  

deployment

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

nice to have

Nice to have, but not necessary for the time being

  

notifications

  

package maintainer

user story for package maintainers

  

performance

  

skin

Anything related to the visual presentation

  

tech debt

Activities that reduce tech debt

  

user story

description or implementation of a workflow

No labels

automation

backend

bug

contributor experience

data

deployment

documentation

duplicate

good first issue

help wanted

nice to have

notifications

package maintainer

performance

skin

tech debt

user story

Milestone

Clear milestone

No items

No milestone

0 Basic triaging

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: lix-community/nix-security-tracker#112

No description provided.