Merge branch 'main' into thunderbird

Author: metabiswadeep

.github/workflows/testing.yml

@@ -261,12 +261,12 @@ jobs:
       - name: Get date
         id: get-date
         run: |
-          echo "date=$(get-date -format "yyyyMMdd")" >> $GITHUB_OUTPUT
+          echo "DATE=$(powershell get-date -format "yyyyMMdd")" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append
       - name: Get cached database
         uses: actions/cache@v3
         with:
           path: ~/.cache/cve-bin-tool
-          key: ${{ runner.os }}-cve-bin-tool-${{ steps.get-date.outputs.date }}
+          key: ${{ runner.os }}-cve-bin-tool-${{ steps.get-date.outputs.DATE }}
       - name: Install cve-bin-tool
         run: |
           python -m pip install --upgrade pip
@@ -337,12 +337,12 @@ jobs:
       - name: Get date
         id: get-date
         run: |
-          echo "date=$(get-date -format "yyyyMMdd")" >> $GITHUB_OUTPUT
+          echo "DATE=$(powershell get-date -format "yyyyMMdd")" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append
       - name: Get cached database
         uses: actions/cache@v3
         with:
           path: ~/.cache/cve-bin-tool
-          key: ${{ runner.os }}-cve-bin-tool-${{ steps.get-date.outputs.date }}
+          key: ${{ runner.os }}-cve-bin-tool-${{ steps.get-date.outputs.DATE }}
       - name: Install cve-bin-tool
         run: |
           python -m pip install --upgrade pip

.github/workflows/update-cache.yml

@@ -45,7 +45,7 @@ jobs:
     if: github.repository == 'intel/cve-bin-tool'
     name: Update windows cached database
     runs-on: windows-latest
-    timeout-minutes: 20
+    timeout-minutes: 60
     env:
       PYTHONIOENCODING: 'utf8'
     steps:
@@ -57,11 +57,11 @@ jobs:
       - name: Get date
         id: get-date
         run: |
-          echo "date=$(get-date -format "yyyyMMdd")" >> $GITHUB_OUTPUT
+          echo "DATE=$(powershell get-date -format "yyyyMMdd")" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append
       - uses: actions/cache@v3
         with:
           path: ~/.cache/cve-bin-tool
-          key: ${{ runner.os }}-cve-bin-tool-${{ steps.get-date.outputs.date }}
+          key: ${{ runner.os }}-cve-bin-tool-${{ steps.get-date.outputs.DATE }}
       - name: Install cve-bin-tool
         run: |
           python -m pip install --upgrade pip

cve_bin_tool/cve_scanner.py

@@ -211,8 +211,8 @@ def get_cves(self, product_info: ProductInfo, triage_data: TriageData):
                 query = f"""
                 SELECT CVE_number, severity, description, score, cvss_version, cvss_vector, data_source
                 FROM cve_severity
-                WHERE CVE_number IN ({",".join(["?"] * number_of_cves)}) AND score >= ?
-                ORDER BY CVE_number
+                WHERE CVE_number IN ({",".join(["?"] * number_of_cves)}) AND score >= ? and description != "unknown"
+                ORDER BY CVE_number, last_modified DESC
                 """
                 # Add score parameter to tuple listing CVEs to pass to query
                 result = self.cursor.execute(query, cve_list[start:end] + [self.score])

cve_bin_tool/cvedb.py

@@ -157,9 +157,17 @@ def get_cvelist_if_stale(self) -> None:
                 self.time_of_last_update = datetime.datetime.today()
 
     def latest_schema(
-        self, table_name: str, table_schema: str, cursor: sqlite3.Cursor | None = None
+        self,
+        table_name: str = "",
+        table_schema: str = "",
+        cursor: sqlite3.Cursor | None = None,
     ) -> bool:
         """Check database is using latest schema"""
+        if table_name == "":
+            # If no table specified, check cve_range (the last one changed)
+            _, range_schema = self.table_schemas()
+            return self.latest_schema("cve_range", range_schema)
+
         self.LOGGER.debug("Check database is using latest schema")
         cursor = self.db_open_and_get_cursor()
         schema_check = f"SELECT * FROM {table_name} WHERE 1=0"
@@ -265,13 +273,19 @@ def init_database(self) -> None:
         # Check schema on cve_severity
         if not self.latest_schema("cve_severity", severity_schema, cursor):
             # Recreate table using latest schema
-            self.LOGGER.info("Upgrading database cve_severity to latest schema")
+            self.LOGGER.info("Upgrading cve_severity data. This may take some time.")
+            self.LOGGER.info(
+                "If this step hangs, try using `-u now` to get a fresh db."
+            )
             cursor.execute("DROP TABLE cve_severity")
             cursor.execute(cve_data_create)
 
         # Check schema on cve_range
         if not self.latest_schema("cve_range", range_schema, cursor):
-            self.LOGGER.info("Upgrading database cve_range to latest schema")
+            self.LOGGER.info("Upgrading cve_range data. This may take some time.")
+            self.LOGGER.info(
+                "If this step hangs, try using `-u now` to get a fresh db."
+            )
             cursor.execute("DROP TABLE cve_range")
             cursor.execute(version_range_create)
 

cve_bin_tool/parsers/python.py

@@ -49,7 +49,7 @@ def find_vendor(self, product, version):
         if vendor_package_pair != []:
             vendor = vendor_package_pair[0]["vendor"]
             file_path = self.filename
-            self.logger.info(f"{file_path} is {product} {version}")
+            self.logger.debug(f"{file_path} is {product} {version}")
             return ScanInfo(ProductInfo(vendor, product, version), file_path)
         return None
 

cve_bin_tool/version.py

@@ -8,7 +8,7 @@
 
 from cve_bin_tool.log import LOGGER
 
-VERSION: str = "3.2rc0"
+VERSION: str = "3.2"
 
 
 def check_latest_version():

triage.json

@@ -76,150 +76,6 @@
                "ref": "urn:cbt:1/plotly#plotly.js-2.13.2"
             }
          ]
-      },
-      {
-         "id": "CVE-2016-10735",
-         "source": {
-            "name": "GAD"
-         },
-         "analysis": {
-            "state": "not_affected",
-            "response": [ "code_not_reachable" ],
-            "justification": "Bad version detection with GAD",
-            "detail": ""
-         },
-         "affects": [
-            {
-               "ref": "urn:cdx:NOTKNOWN/1#bootstrap-5.2.0"
-            }
-         ],
-         "vendor": "getbootstrap",
-         "product": "bootstrap",
-         "version": "5.2.0",
-         "cve_number": "CVE-2016-10735",
-         "severity": "MEDIUM",
-         "score": "6.1",
-         "source": "GAD",
-         "cvss_version": "3",
-         "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
-         "paths": "",
-         "remarks": "Mitigated",
-         "comments": ""
-      },
-      {
-         "id": "CVE-2018-14040",
-         "source": {
-            "name": "GAD"
-         },
-         "analysis": {
-            "state": "not_affected",
-            "response": [ "code_not_reachable" ],
-            "justification": "Bad version detection with GAD",
-            "detail": ""
-         },
-         "affects": [
-            {
-               "ref": "urn:cdx:NOTKNOWN/1#bootstrap-5.2.0"
-            }
-         ],
-         "vendor": "getbootstrap",
-         "product": "bootstrap",
-         "version": "5.2.0",
-         "cve_number": "CVE-2018-14040",
-         "severity": "MEDIUM",
-         "score": "6.1",
-         "source": "GAD",
-         "cvss_version": "3",
-         "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
-         "paths": "",
-         "remarks": "Mitigated",
-         "comments": ""
-    },
-    {
-         "id": "CVE-2018-14041",
-         "source": {
-            "name": "GAD"
-         },
-         "analysis": {
-            "state": "not_affected",
-            "response": [ "code_not_reachable" ],
-            "justification": "Bad version detection with GAD",
-            "detail": ""
-         },
-         "affects": [
-            {
-               "ref": "urn:cdx:NOTKNOWN/1#bootstrap-5.2.0"
-            }
-         ],
-         "vendor": "getbootstrap",
-         "product": "bootstrap",
-         "version": "5.2.0",
-         "cve_number": "CVE-2018-14041",
-         "severity": "MEDIUM",
-         "score": "6.1",
-         "source": "GAD",
-         "cvss_version": "3",
-         "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
-         "paths": "",
-         "remarks": "Mitigated",
-         "comments": ""
-    },
-    {
-         "id": "CVE-2018-14042",
-         "source": {
-            "name": "GAD"
-         },
-         "analysis": {
-            "state": "not_affected",
-            "response": [ "code_not_reachable" ],
-            "justification": "Bad version detection with GAD",
-            "detail": ""
-         },
-         "affects": [
-            {
-               "ref": "urn:cdx:NOTKNOWN/1#bootstrap-5.2.0"
-            }
-         ],
-         "vendor": "getbootstrap",
-         "product": "bootstrap",
-         "version": "5.2.0",
-         "cve_number": "CVE-2018-14042",
-         "severity": "MEDIUM",
-         "score": "6.1",
-         "source": "GAD",
-         "cvss_version": "3",
-         "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
-         "paths": "",
-         "remarks": "Mitigated",
-         "comments": ""
-    },
-    {
-         "id": "CVE-2019-8331",
-         "source": {
-            "name": "GAD"
-         },
-         "analysis": {
-            "state": "not_affected",
-            "response": [ "code_not_reachable" ],
-            "justification": "Bad version detection with GAD",
-            "detail": ""
-         },
-         "affects": [
-            {
-               "ref": "urn:cdx:NOTKNOWN/1#bootstrap-5.2.0"
-            }
-         ],
-         "vendor": "getbootstrap",
-         "product": "bootstrap",
-         "version": "5.2.0",
-         "cve_number": "CVE-2019-8331",
-         "severity": "MEDIUM",
-         "score": "6.1",
-         "source": "GAD",
-         "cvss_version": "3",
-         "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
-         "paths": "",
-         "comments": ""
-   }
+      }
    ]
 }