Fix: qod-type is in advisory not meta-data

nichtsfrei · nichtsfrei · commit fd1d5298c962 · 2022-10-11T12:37:38.000+02:00
Instead of asking meta-data and always fallback to package use the
defined value within advisory.
diff --git a/ospd_openvas/notus.py b/ospd_openvas/notus.py
@@ -169,7 +169,7 @@ def __to_ospd(
             'Checks if a vulnerable package version is present on the target'
             ' host.'
         )
-        result['qod_type'] = meta_data.get('qod_type', 'package')
+        result['qod_type'] = advisory.get('qod_type', 'package')
         severity = advisory.get('severity', {})
         cvss = severity.get("cvss_v3", None)
         if not cvss:
diff --git a/tests/test_notus.py b/tests/test_notus.py
@@ -98,6 +98,36 @@ def test_notus_reload(self, mock_openvasdb):
         do_not_load_into_redis.reload_cache()
         self.assertEqual(mock_openvasdb.set_single_item.call_count, 0)
 
+    def test_notus_qod_type(self):
+        path_mock = mock.MagicMock()
+        adv_path = mock.MagicMock()
+        adv_path.name = "hi"
+        adv_path.stem = "family"
+        path_mock.glob.return_value = [adv_path]
+        adv_path.read_bytes.return_value = b'''
+        { 
+            "family": "family", 
+            "advisories": [ 
+                {
+                    "oid": "12",
+                    "qod_type": "package_unreliable",
+                    "severity": {
+                        "origin": "NVD",
+                        "date": 1505784960,
+                        "cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
+                        "cvss_v3": null
+                    }
+                } 
+            ] 
+        }'''
+        cache_fake = CacheFake()
+        notus = Notus(path_mock, cache_fake)
+        notus._verifier = lambda _: True  # pylint: disable=protected-access
+        notus.reload_cache()
+        nm = notus.get_nvt_metadata("12")
+        assert nm
+        self.assertEqual("package_unreliable", nm.get("qod_type", ""))
+
     def test_notus_cvss_v2_v3_none(self):
         path_mock = mock.MagicMock()
         adv_path = mock.MagicMock()
@@ -107,7 +137,6 @@ def test_notus_cvss_v2_v3_none(self):
         adv_path.read_bytes.return_value = b'''
         { 
             "family": "family", 
-            "qod_type": "remote_app", 
             "advisories": [ 
                 {
                     "oid": "12",

Original file line number	Diff line number	Diff line change
`@@ -169,7 +169,7 @@ def __to_ospd(`
`169`	`169`	`'Checks if a vulnerable package version is present on the target'`
`170`	`170`	`' host.'`
`171`	`171`	`)`
`172`		`- result['qod_type'] = meta_data.get('qod_type', 'package')`
	`172`	`+ result['qod_type'] = advisory.get('qod_type', 'package')`
`173`	`173`	`severity = advisory.get('severity', {})`
`174`	`174`	`cvss = severity.get("cvss_v3", None)`
`175`	`175`	`if not cvss:`