Граф коммитов

3 Коммитов

Автор SHA1 Сообщение Дата
Tatiana Bradley 2781e77ea5 internal/report, data/cve: update generation of cve v5 records
CVE JSON 5.0 records now include Vendor and Product data.

Updates records to reflect this change in data/cve/v5.

Change-Id: I67937c0f6eec8d528fbc2f33c8eff51d3fb38832
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/446217
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
2022-11-02 21:06:40 +00:00
Maceo Thompson 7ad1062dd0 internal/report: properly mark defaultStatus and link to go advisory when saving CVE 5.0 JSON records
Previously, if a record did not have any versions associated with it, the default status would be marked as "unaffected" when it should be "affected". This change reflects that.
Additionally, a link to the record's go advisory is now stored in the references section of the CVE 5.0 JSON.

Change-Id: I55be77062638d34ba273b0c32799639f982cc266
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/444876
Run-TryBot: Maceo Thompson <maceothompson@google.com>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
2022-10-24 18:34:50 +00:00
Maceo Thompson b8b87b14ca data: add the saved CVE 5.0 JSON records and associated testing
Tests now enforce that a CVE JSON 5.0 record is stored in data/cve/v5 for each YAML report that sets cve_metadata.

The now-required files for all existing reports are added.

Fixes golang/go#56302

Change-Id: I0731792cd80e672d5be7e753370d6f97e450562d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/444576
Reviewed-by: Maceo Thompson <maceothompson@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Maceo Thompson <maceothompson@google.com>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
2022-10-21 15:49:16 +00:00