Skip to content

OSIDB-4923 - Add helper function to pull cpe list #1253

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
darakian wants to merge 6 commits into from
+28 −1
Closed

OSIDB-4923 - Add helper function to pull cpe list #1253

Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
7c1734f
Add helper function to pull cpe list
darakian Apr 23, 2026
bb2d409
Return an empty list instead of a None value
darakian Apr 27, 2026
fa056a0
reduced cpe field check
darakian Apr 27, 2026
6bb043b
Remove optional value
darakian Apr 27, 2026
a36d034
Stub test. Need to work test on another machine
darakian Apr 27, 2026
9169a82
Move test and look for length for the moment
darakian Apr 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 16 additions & 1 deletion collectors/nvd/collectors.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
from typing import Union
from typing import List, Optional, Union

import nvdlib
from celery.utils.log import get_task_logger
Expand Down Expand Up @@ -65,6 +65,20 @@ def response2result(self, vulnerabilities: list) -> list:
filtering out everything unnecessary and simplifying
"""

def get_cpe_list(data: CVE) -> Optional[List[str]]:
"""
Return a list of CPEs from the CVE `data`
"""
cpe_list = []
if "cpe" in data and len(data.cpe) > 0:
Copy link
Copy Markdown
Contributor

@Jincxz Jincxz Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be reduced to hasattr(data, "cpe") since we are checking if the field exists. An empty data.cpe will just mean that the following loop wouldn't run.

Copy link
Copy Markdown
Contributor Author

@darakian darakian Apr 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh good call. Changed that in fa056a0

Copy link
Copy Markdown
Member

@Elkasitu Elkasitu Apr 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cpe doesn't seem to be a valid top-level attribute per NVD's Vulnerability API schema, I would add a test or two as Jin suggested.

for entry in data.cpe:
cpe_list.append(entry.criteria)

if len(cpe_list) > 0:
return cpe_list
else:
return None
Copy link
Copy Markdown
Contributor

@Jincxz Jincxz Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it should be fine with just returning the cpe_list as is (potentially an empty list). The new field will likely have a default of an empty list and a None value might produce an unexpected result when writing to it. Will make adjustments later if that is no longer the case.

Copy link
Copy Markdown
Contributor Author

@darakian darakian Apr 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair enough. Updated in bb2d409


def get_cvss_metric(data: CVE, version: str) -> Union[dict, None]:
"""
Return CVSS metric from `data` for the given `version`.
Expand Down Expand Up @@ -104,6 +118,7 @@ def get_cvss_metric(data: CVE, version: str) -> Union[dict, None]:
],
)
),
"nvd_cpes": get_cpe_list(vulnerability),
}
)

Expand Down
Loading