Add a creator that doesn't conflict with vulnogram showing the date and

time the file was imported (should only happen once). Impact is required, so add a unknown one
openssl · Nov 7, 2022 · 1852c1b · 1852c1b
1 parent 3abd635
commit 1852c1b
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/bin/vulnxml2json5.py b/bin/vulnxml2json5.py
@@ -11,6 +11,7 @@
 import simplejson as json
 import codecs
 import re
+import datetime
 from optparse import OptionParser
 
 # for validation
@@ -69,6 +70,9 @@
     cve['cveMetadata']= { "cveId": "CVE-"+cvename, "assignerOrgId": cfg.config['orgId'], "state":"PUBLISHED" }
     cve['containers'] = dict()
     cve['containers']['cna']={"providerMetadata": {"orgId":cfg.config['orgId'],"shortName":cfg.config['project']}}
+
+    cve['containers']['cna']['x_generator']={"importer":"vulnxml2json5.py "+str(datetime.datetime.now())}
+
     datepublic = issue.getAttribute("public")
     if datepublic:
        cve['containers']['cna']['datePublic'] = datepublic[:4]+'-'+datepublic[4:6]+'-'+datepublic[6:8]+"T00:00:00Z"
@@ -87,7 +91,10 @@
         cve['containers']['cna']['problemTypes'] = [{ "descriptions": [ { "lang":"en", "description": problemtype} ] }]
     impact = issue.getElementsByTagName('impact') # openssl does it like this
     if impact:
-        cve['containers']['cna']['metrics'] = [ {  "format":"other", "other":{ "content":{"text":impact[0].getAttribute('severity')}, "type":cfg.config['security_policy_url']+impact[0].getAttribute('severity')}}]                                                
+        cve['containers']['cna']['metrics'] = [ {  "format":"other", "other":{ "content":{"text":impact[0].getAttribute('severity')}, "type":cfg.config['security_policy_url']+impact[0].getAttribute('severity')}}]
+    else:
+        # Impact is required or vulnogram will default to cvss
+        cve['containers']['cna']['metrics'] = [ {  "format":"other", "other":{ "content":{"text":"unknown"}, "type":cfg.config['security_policy_url']}}]
     impact = issue.getElementsByTagName('severity')  # httpd does it like this
     if impact:
         cve['containers']['cna']['metrics'] = [ { "format":"Other", "scenarios": [ {"lang":"en", "value":impact[0].childNodes[0].nodeValue, "url":cfg.config['security_policy_url']+impact[0].childNodes[0].nodeValue } ]}]