AttributeError: 'effective_severity' #47

jurancodes · 2020-09-16T14:01:27Z

python-containeranalysis/samples/snippets/samples.py

Line 370 in 9d2f3a1

    
           if v.effective_severity == Severity.HIGH or v.effective_severity == Severity.CRITICAL:

Hello!
When I use v.effective_severity, the script raise this error:

.venv\lib\site-packages\proto\message.py", line 515, in getattr
raise AttributeError(str(ex))
AttributeError: 'effective_severity'

I had it fixed by changing v.effective_severity into v.vulnerability.effective_severity because the effective_severity object is inside vulnerability, as seen in:

vulnerability {
  severity: 4
  cvss_score: 7.8
  package_issue {
    affected_cpe_uri: "cpe:/o:debian:debian_linux:10"
    affected_package: "linux"
    affected_version {
      name: "4.19.132"
      revision: "1"
      kind: 1
      full_name: "4.19.132-1"
    }
    fixed_cpe_uri: "cpe:/o:debian:debian_linux:10"
    fixed_version {
      kind: 3
    }
  }
  short_description: "CVE-2019-10124"
  long_description: "NIST vectors: AV:N/AC:L/Au:N/C:N/I:N/A:C"
  related_urls {
    url: "https://security-tracker.debian.org/tracker/CVE-2019-10124"
    label: "More Info"
  }
  effective_severity: 4
}

If this is correct, it may also need to update the documentation that reference it (if not done automatically):
https://cloud.google.com/container-registry/docs/tutorial-vulnerability-scan?#listing_high-severity_vulnerabilities

The text was updated successfully, but these errors were encountered:

askmeegs · 2021-03-25T14:20:23Z

Thank you for opening this issue! I was able to reproduce the problem:

Traceback (most recent call last):
  File "/Users/mokeefe/dev/googleapis/python-containeranalysis/samples/snippets/megan/megan.py", line 31, in <module>
    result = find_high_severity_vulnerabilities_for_image(resource_url, project_id)
  File "/Users/mokeefe/dev/googleapis/python-containeranalysis/samples/snippets/megan/megan.py", line 22, in find_high_severity_vulnerabilities_for_image
    if v.effective_severity == Severity.HIGH or v.effective_severity == Severity.CRITICAL:
  File "/Users/mokeefe/dev/googleapis/python-containeranalysis/samples/snippets/megan/env/lib/python3.9/site-packages/proto/message.py", line 605, in __getattr__
    raise AttributeError(str(ex))
AttributeError: 'effective_severity'

And your suggested fix (adding .vulnerability) seems to resolve the problem. I will put out a pull request for the code sample. Thank you!

product-auto-label bot added the api: containeranalysis Issues related to the googleapis/python-containeranalysis API. label Sep 16, 2020

yoshi-automation added triage me I really want to be triaged. 🚨 This issue needs some love. labels Sep 17, 2020

donmccasland added priority: p2 Moderately-important priority. Fix may not be included in next release. type: question Request for information or clarification. Not an issue. and removed 🚨 This issue needs some love. triage me I really want to be triaged. labels Nov 10, 2020

yoshi-automation added 🚨 This issue needs some love. and removed 🚨 This issue needs some love. labels Feb 8, 2021

yoshi-automation added the 🚨 This issue needs some love. label Mar 15, 2021

askmeegs self-assigned this Mar 25, 2021

askmeegs mentioned this issue Mar 25, 2021

fix: effective_severity attribute error #104

Merged

askmeegs closed this as completed in #104 Mar 25, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

AttributeError: 'effective_severity' #47

AttributeError: 'effective_severity' #47

jurancodes commented Sep 16, 2020

askmeegs commented Mar 25, 2021

AttributeError: 'effective_severity' #47

AttributeError: 'effective_severity' #47

Comments

jurancodes commented Sep 16, 2020

askmeegs commented Mar 25, 2021