Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Huawei Pipeline Added with Tests #1770

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Huawei Pipeline Added with Tests #1770

wants to merge 2 commits into from

Conversation

Rishi-source
Copy link

The following pull request is fixes the issue fixes #1750 and adds a pipeline importer with tests.

Signed-off-by: Rishi Garg [email protected]

@Rishi-source
Copy link
Author

Hi @TG1999 , Can you please review this pipeline importer.

@kunalsz
Copy link

kunalsz commented Feb 11, 2025

@Rishi-source I am also a contributor for vulnerablecode. You recently pushed code for huawei pipelines. I was working on some other advisories , and wanted to create tests for it , how should I create the JSON files for tests ? The output of my advisory data looks like this. Your help will be really appreciated

AdvisoryData(aliases='CVE-2024-13176', summary='A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.', affected_packages=[AffectedPackage(package=PackageURL(type='openssl', namespace=None, name='openssl', version=None, qualifiers={}, subpath=None), affected_version_range=OpensslVersionRange(constraints=(VersionConstraint(comparator='=', version=OpensslVersion(string='3.4.0')), VersionConstraint(comparator='=', version=OpensslVersion(string='3.4.1')))), fixed_version=None), AffectedPackage(package=PackageURL(type='openssl', namespace=None, name='openssl', version=None, qualifiers={}, subpath=None), affected_version_range=OpensslVersionRange(constraints=(VersionConstraint(comparator='=', version=OpensslVersion(string='3.3.0')), VersionConstraint(comparator='=', version=OpensslVersion(string='3.3.3')))), fixed_version=None), AffectedPackage(package=PackageURL(type='openssl', namespace=None, name='openssl', version=None, qualifiers={}, subpath=None), affected_version_range=OpensslVersionRange(constraints=(VersionConstraint(comparator='=', version=OpensslVersion(string='3.2.0')), VersionConstraint(comparator='=', version=OpensslVersion(string='3.2.4')))), fixed_version=None), AffectedPackage(package=PackageURL(type='openssl', namespace=None, name='openssl', version=None, qualifiers={}, subpath=None), affected_version_range=OpensslVersionRange(constraints=(VersionConstraint(comparator='=', version=OpensslVersion(string='3.1.0')), VersionConstraint(comparator='=', version=OpensslVersion(string='3.1.8')))), fixed_version=None), AffectedPackage(package=PackageURL(type='openssl', namespace=None, name='openssl', version=None, qualifiers={}, subpath=None), affected_version_range=OpensslVersionRange(constraints=(VersionConstraint(comparator='=', version=OpensslVersion(string='3.0.0')), VersionConstraint(comparator='=', version=OpensslVersion(string='3.0.16')))), fixed_version=None), AffectedPackage(package=PackageURL(type='openssl', namespace=None, name='openssl', version=None, qualifiers={}, subpath=None), affected_version_range=OpensslVersionRange(constraints=(VersionConstraint(comparator='=', version=OpensslVersion(string='1.1.1')), VersionConstraint(comparator='=', version=OpensslVersion(string='1.1.1zb')))), fixed_version=None), AffectedPackage(package=PackageURL(type='openssl', namespace=None, name='openssl', version=None, qualifiers={}, subpath=None), affected_version_range=OpensslVersionRange(constraints=(VersionConstraint(comparator='=', version=OpensslVersion(string='1.0.2')), VersionConstraint(comparator='=', version=OpensslVersion(string='1.0.2zl')))), fixed_version=None)], references=[Reference(reference_id='CVE-2024-13176', reference_type='', url='https://www.cve.org/CVERecord?id=CVE-2024-13176', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='', published_at=None)]), Reference(reference_id='CVE-2024-13176', reference_type='', url='https://openssl-library.org/news/secadv/20250120.txt', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='', published_at=None)]), Reference(reference_id='CVE-2024-13176', reference_type='', url='https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='', published_at=None)]), Reference(reference_id='CVE-2024-13176', reference_type='', url='https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='', published_at=None)]), Reference(reference_id='CVE-2024-13176', reference_type='', url='https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='', published_at=None)]), Reference(reference_id='CVE-2024-13176', reference_type='', url='https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='', published_at=None)]), Reference(reference_id='CVE-2024-13176', reference_type='', url='https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='', published_at=None)]), Reference(reference_id='CVE-2024-13176', reference_type='', url='https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='', published_at=None)]), Reference(reference_id='CVE-2024-13176', reference_type='', url='https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='', published_at=None)])], date_published=datetime.datetime(2025, 1, 20, 0, 0, tzinfo=datetime.timezone.utc), weaknesses=[], url='https://openssl-library.org/news/vulnerabilities/index.html#CVE-2024-13176')

@Rishi-source
Copy link
Author

Hi @kunalsz, In order to convert the advisory data to json you have to firstly convert your AdvisoryData object to a dictionary

advisory_dict = advisory_data.to_dict()

then import json and convert the dictionary to JSON formatted string.

import json
json_string = json.dumps(advisory_dict)

you can add indent = 2 it enhances the readability of json format.
after this print the json string on your cli or save it in the form of file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Collect from https://consumer.huawei.com/en/support/bulletin/2024/9/
3 participants
@Rishi-source @kunalsz @Rishi-garg03