Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PDF output is not created when the severity is UNKNOWN #1151

Closed
BreadGenie opened this issue May 8, 2021 · 0 comments · Fixed by #1152
Closed

PDF output is not created when the severity is UNKNOWN #1151

BreadGenie opened this issue May 8, 2021 · 0 comments · Fixed by #1152

Comments

@BreadGenie
Copy link
Contributor

BreadGenie commented May 8, 2021
edited
Loading

While trying to create a PDF report with binaries that have CVE severity UNKNOWN throws this error.

╭─────────────────────────────── Traceback (most recent call last) ────────────────────────────────╮
│ /usr/lib/python3.9/runpy.py:197 in _run_module_as_main                                           │
│                                                                                                  │
│   194 │   main_globals = sys.modules["__main__"].__dict__                                        │
│   195 │   if alter_argv:                                                                         │
│   196 │   │   sys.argv[0] = mod_spec.origin                                                      │
│ ❱ 197 │   return _run_code(code, main_globals, None,                                             │
│   198 │   │   │   │   │    "__main__", mod_spec)                                                 │
│   199                                                                                            │
│   200 def run_module(mod_name, init_globals=None,                                                │
│                                                                                                  │
│ /usr/lib/python3.9/runpy.py:87 in _run_code                                                      │
│                                                                                                  │
│    84 │   │   │   │   │      __loader__ = loader,                                                │
│    85 │   │   │   │   │      __package__ = pkg_name,                                             │
│    86 │   │   │   │   │      __spec__ = mod_spec)                                                │
│ ❱  87 │   exec(code, run_globals)                                                                │
│    88 │   return run_globals                                                                     │
│    89                                                                                            │
│    90 def _run_module_code(code, init_globals=None,                                              │
│                                                                                                  │
│ /home/breadgenie/Code/cve-bin-tool/cve_bin_tool/cli.py:377 in <module>                           │
│                                                                                                  │
│   374 │   if os.getenv("NO_EXIT_CVE_NUM"):                                                       │
│   375 │   │   main()                                                                             │
│   376 │   else:                                                                                  │
│ ❱ 377 │   │   sys.exit(main())                                                                   │
│                                                                                                  │
│ /home/breadgenie/Code/cve-bin-tool/cve_bin_tool/cli.py:365 in main                               │
│                                                                                                  │
│   362 │   │   )                                                                                  │
│   363 │   │                                                                                      │
│   364 │   │   if not args["quiet"]:                                                              │
│ ❱ 365 │   │   │   output.output_file(args["format"])                                             │
│   366 │   │                                                                                      │
│   367 │   │   # Use the number of products with known cves as error code                         │
│   368 │   │   # as requested by folk planning to automate use of this script.                    │
│                                                                                                  │
│ /home/breadgenie/Code/cve-bin-tool/cve_bin_tool/output_engine/__init__.py:205 in output_file     │
│                                                                                                  │
│   202 │   │   if output_type == "pdf":                                                           │
│   203 │   │   │   mode = "wb"                                                                    │
│   204 │   │   with open(self.filename, mode) as f:                                               │
│ ❱ 205 │   │   │   self.output_cves(f, output_type)                                               │
│                                                                                                  │
│ /home/breadgenie/Code/cve-bin-tool/cve_bin_tool/output_engine/__init__.py:143 in output_cves     │
│                                                                                                  │
│   140 │   │   elif output_type == "csv":                                                         │
│   141 │   │   │   output_csv(self.all_cve_data, outfile)                                         │
│   142 │   │   elif output_type == "pdf":                                                         │
│ ❱ 143 │   │   │   output_pdf(self.all_cve_data, outfile)                                         │
│   144 │   │   elif output_type == "html":                                                        │
│   145 │   │   │   output_html(                                                                   │
│   146 │   │   │   │   self.all_cve_data,                                                         │
│                                                                                                  │
│ /home/breadgenie/Code/cve-bin-tool/cve_bin_tool/output_engine/__init__.py:101 in output_pdf      │
│                                                                                                  │
│    98 │   │   │   │   "Vulnlist",                                                                │
│    99 │   │   │   │   entry,                                                                     │
│   100 │   │   │   │   [                                                                          │
│ ❱ 101 │   │   │   │   │   ("TEXTCOLOR", (3, row), (4, row), severity_colour[cve.severity]),      │
│   102 │   │   │   │   │   ("FONT", (3, row), (4, row), "Helvetica-Bold"),                        │
│   103 │   │   │   │   ],                                                                         │
│   104 │   │   │   )                                                                              │
╰──────────────────────────────────────────────────────────────────────────────────────────────────╯
KeyError: 'UNKNOWN'

But the PDF report is created fine when there's only packages with known CVEs like we discussed in #1132.

[13:50:49] INFO     cve_bin_tool.CVEDB - Using cached CVE data (<24h old). Use -u now to update immediately.                                                                                           cvedb.py:268
           INFO     cve_bin_tool.CVEDB - There are 162327 CVE entries in the database                                                                                                                  cvedb.py:292
           WARNING  cve_bin_tool - ProductInfo(vendor='jquery', product='jquery', version='3.4.1'), {'default': {'remarks': <Remarks.Unexplored: 2>, 'comments': '', 'severity': ''}, 'paths': {''}}     cli.py:314
           INFO     cve_bin_tool.CVEScanner - Known CVEs in ProductInfo(vendor='jquery', product='jquery', version='3.4.1')                                                                      cve_scanner.py:185
[13:50:49]                                                                                                                                                                                       cve_scanner.py:189
           ╭──────────────────────────────────────────────────────────────────────── 2 CVE(s) in jquery.jquery v3.4.1 ─────────────────────────────────────────────────────────────────────────╮ cve_scanner.py:190
           │                                                                                                                                                                                   │                   
           │ CVE-2020-11022  CVE-2020-11023                                                                                                                                                    │                   
           │                                                                                                                                                                                   │                   
           ╰───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯                   
                                                                                                                                                                                                 cve_scanner.py:206
           INFO     cve_bin_tool -                                                                                                                                                                       cli.py:334
           INFO     cve_bin_tool - Overall CVE summary:                                                                                                                                                  cli.py:335
           INFO     cve_bin_tool - There are 1 products with known CVEs detected                                                                                                                         cli.py:337
           INFO     cve_bin_tool - Known CVEs in ('jquery', '3.4.1'):                                                                                                                                    cli.py:351
           INFO     cve_bin_tool.OutputEngine - Output stored at /home/breadgenie/Code/cve-bin-tool/output.cve-bin-tool.2021-05-08.13-50-49.pdf                                                     __init__.py:198
           INFO     cve_bin_tool.CVEDB - There are 162327 CVE entries in the database
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Handle UNKNOWN severity in PDF reports BreadGenie/cve-bin-tool
1 participant
@BreadGenie