Skip to content

Commit

Permalink
Vulnsrc rhel: handle "none" CVE impact
Browse files Browse the repository at this point in the history 
Some RHEL CVEs [1] contains "none" string in impact field. This is throwing
warning message when fetching vulnerabilities. The new code handles this
case and it uses advisory severity instead.

[1] https://www.redhat.com/security/data/oval/com.redhat.rhsa-20080038.xml
  • Loading branch information
@Allda
Allda committed Jan 2, 2019
1 parent 3947073 commit bd7102d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion ext/vulnsrc/rhel/rhel.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -221,7 +221,7 @@ func parseRHSA(ovalReader io.Reader) (vulnerabilities []database.VulnerabilityWi
for _, currentCve := range definition.Cves {
vulnerability.Name = currentCve.ID
vulnerability.Link = currentCve.Href
if currentCve.Impact != "" {
if currentCve.Impact != "" && currentCve.Impact != "none" {
vulnerability.Severity = severity(currentCve.Impact)
} else {
vulnerability.Severity = severity(definition.Severity)
Expand Down

0 comments on commit bd7102d

Please sign in to comment.