-
Notifications
You must be signed in to change notification settings - Fork 463
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bug: Epss_Source.update_epss() missing 1 required positional argument: 'cursor' #4473
Comments
I think I see what happened here: when I moved epss into its own data source (so that it could be disabled correctly as the other data sources are) I missed the cursor setup that was previously happening just in cvedb. I need to think a bit about the best way to fix it (i.e. do we pass the cursor from cvedb or get it anew) but it's definitely a bug. And the fact that our own tests didn't find it is obnoxious so I need to think about how to ensure that this doesn't happen again. Thanks for finding the bug! |
Think the cursor is only need for cve-bin-tool/cve_bin_tool/cvedb.py Line 854 in 0405d52
Regarding catching such errors, maybe the possible exceptions (timeout etc) could be handled different than the generic exceptions (which can be displayed as error log message). |
I implemented a proof of concept fix. But while implementing I saw that it must always be 1: cve-bin-tool/cve_bin_tool/cvedb.py Line 618 in 0405d52
An idea would to introduce a constant for the metric ids and use then the constant in epss_source |
Did the constant version here: https://github.com/weichslgartner/cve-bin-tool/tree/metric_id_constant |
That sounds great! Did you want to do a pull request? |
Sure. :) |
Add a test to the cli tests to check the EPSS functionality: It first tests if the the update of EPSS source runs without errors (regression test for intel#4473). Then checks for an example SBOM if EPSS values are written to csv report. test: fix Delete epss testfile if exists
Add a test to the cli tests to check the EPSS functionality: It first tests if the the update of EPSS source runs without errors (regression test for intel#4473). Then checks for an example SBOM if EPSS values are written to csv report.
Add a test to the cli tests to check the EPSS functionality: It first tests if the the update of EPSS source runs without errors (regression test for intel#4473). Then checks for an example SBOM if EPSS values are written to csv report.
Add a test to the cli tests to check the EPSS functionality: It first tests if the the update of EPSS source runs without errors (regression test for intel#4473). Then checks for an example SBOM if EPSS values are written to csv report.
Add a test to the cli tests to check the EPSS functionality: It first tests if the update of EPSS source runs without errors (regression test for intel#4473). Then checks for an example SBOM if EPSS values are written to csv report.
Description
In version 3.4 the download of EPSS data does not work. It seems
cve-bin-tool/cve_bin_tool/data_sources/epss_source.py
Line 155 in 8b3b32c
cve-bin-tool/cve_bin_tool/data_sources/epss_source.py
Line 42 in 8b3b32c
With debug logs activated the log message in
cve-bin-tool/cve_bin_tool/data_sources/epss_source.py
Line 157 in 8b3b32c
Epss_Source.update_epss() missing 1 required positional argument: 'cursor'
Exception. (also when I change the log message to error).To reproduce
Steps to reproduce the behavior:
cve-bin-tool -l debug --update now
Expected behaviour: epss data should be downloaded, no error
Actual behaviour:
ERROR CVEDB - Unable to fetch EPSS, skipping EPSS. epss_source.py:158
Version/platform info
Version of CVE-bin-tool( e.g. output of
cve-bin-tool --version
): 3.4Installed from pypi or github?: pypi
Operating system: "5.4.0-193-generic #213-Ubuntu SMP Fri Aug 2 19:14:16 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux"
Python version (e.g.
python3 --version
): 3.11.10Running in any particular CI environment we should know about? (e.g. Github Actions)
The text was updated successfully, but these errors were encountered: