Skip to content

fix(output): normalize severity values to prevent HTML report failure #4786

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Mar 7, 2025
Merged

fix(output): normalize severity values to prevent HTML report failure #4786

merged 7 commits into from
Mar 7, 2025

Conversation

JigyasuRajput
Copy link
Contributor

@JigyasuRajput JigyasuRajput commented Feb 8, 2025
edited
Loading

Description

Fixes #4392 where the HTML report generator fails due to unexpected severity values like "HIGH-EXPLOIT". The error occurs because the severity key is not recognized in SEVERITY_TYPES_COLOR, leading to a KeyError.

Solution

  • Introduced a normalize_severity() function to standardize severity values before processing.
  • The function converts severities to uppercase and ensures that values with prefixes (e.g., "HIGH-EXPLOIT") are mapped to their base severities ("HIGH").
  • Updated occurrences where severity values are used:
    • Normalized severity before incrementing cve_severity counters.
    • Applied normalization while analyzing cve_data["cves"].

Previously, this failed due to an unknown severity. With this fix, it now processes correctly.

Testing

  • Unit Tests: Added a test case for normalize_severity() with various input formats (e.g., "HIGH-EXPLOIT", "critical-risk", "something-else").
  • Integration Test: Verified that an HTML report with non-standard severity values is generated correctly without errors.
  • Manually tested with severities like "HIGH-EXPLOIT", "CRITICAL-RISK", and "LOW-VULNERABILITY".
  • Verified that the HTML report is generated successfully without errors.

terriko
terriko previously requested changes Feb 10, 2025
View reviewed changes
Copy link
Contributor

@terriko terriko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, this is looking good. Could you also add a test that will trigger this?

@JigyasuRajput
Copy link
Contributor Author

Thanks, this is looking good. Could you also add a test that will trigger this?

Done! I've Added test cases to cover severity normalization. Let me know if any changes are needed...

@JigyasuRajput
Copy link
Contributor Author

Hey everyone!
If anyone has time, I'd appreciate a review on this PR. Thanks!

@mastersans
Copy link
Member

Looks good to me. @JigyasuRajput can you fix whatever black and flake8 complaining about in Linters, Feel free to reach out if you face any issues.

@terriko terriko added awaiting submitter Need more information from submitter and removed awaiting CI labels Mar 4, 2025
@JigyasuRajput
Copy link
Contributor Author

thanks for the follow-up @mastersans, i've fixed the linters

@JigyasuRajput JigyasuRajput force-pushed the fix-html-report-severity-4392 branch from 5af0ff6 to 623556f Compare March 4, 2025 21:13
mastersans
mastersans approved these changes Mar 5, 2025
View reviewed changes
Copy link
Member

@mastersans mastersans left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, Minor nitpicks to make it better.

@JigyasuRajput
Copy link
Contributor Author

JigyasuRajput commented Mar 5, 2025
edited
Loading

I noticed that test_output_json2 is failing with sqlite3.OperationalError: no such table: cve_severity. This seems unrelated to the changes. I’m creating an issue to track this separately.

@JigyasuRajput JigyasuRajput mentioned this pull request Mar 5, 2025
Open
@JigyasuRajput JigyasuRajput requested a review from mastersans March 7, 2025 07:23
mastersans
mastersans approved these changes Mar 7, 2025
View reviewed changes
Copy link
Member

@mastersans mastersans left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test are passing so let get it merged, Thanks for the contribution.

@mastersans mastersans enabled auto-merge (squash) March 7, 2025 11:27
@mastersans mastersans disabled auto-merge March 7, 2025 11:27
@mastersans mastersans dismissed terriko’s stale review March 7, 2025 11:32

Ahh github won't let me merge PR, I think @terriko 's concerns have been addressed here well so Its good to get it merged.

@mastersans mastersans merged commit 32917db into intel:main Mar 7, 2025
24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mastersans mastersans mastersans approved these changes

@terriko terriko Awaiting requested review from terriko

Assignees
No one assigned
Labels
awaiting submitter Need more information from submitter
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bug: HTML report generator fails due to unknown severity
3 participants
@JigyasuRajput @mastersans @terriko