From a64993e83a78baecdc55b3b20549c9bec4f975e0 Mon Sep 17 00:00:00 2001 From: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> Date: Tue, 9 Jul 2024 10:24:42 +0600 Subject: [PATCH] test: add missing advisory details for integration tests database (#7122) --- integration/testdata/conan.json.golden | 31 ++++++++++++++++++- .../testdata/fixtures/db/vulnerability.yaml | 4 +-- .../testdata/spring4shell-jre11.json.golden | 4 ++- .../testdata/spring4shell-jre8.json.golden | 4 ++- 4 files changed, 38 insertions(+), 5 deletions(-) diff --git a/integration/testdata/conan.json.golden b/integration/testdata/conan.json.golden index 1aac990b6304..d34caa079428 100644 --- a/integration/testdata/conan.json.golden +++ b/integration/testdata/conan.json.golden @@ -171,7 +171,36 @@ "FixedVersion": "8.45", "Status": "fixed", "Layer": {}, - "Severity": "UNKNOWN" + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14155", + "Title": "pcre: Integer overflow when parsing callout numeric arguments", + "Description": "libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "alma": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155", + "https://nvd.nist.gov/vuln/detail/CVE-2020-14155" + ], + "PublishedDate": "2020-06-15T17:15:00Z", + "LastModifiedDate": "2022-04-28T15:06:00Z" } ] } diff --git a/integration/testdata/fixtures/db/vulnerability.yaml b/integration/testdata/fixtures/db/vulnerability.yaml index 1cc7882214be..5b66fd7b9acc 100644 --- a/integration/testdata/fixtures/db/vulnerability.yaml +++ b/integration/testdata/fixtures/db/vulnerability.yaml @@ -1364,7 +1364,7 @@ V3Vector: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" V3Score: 8.1 References: - - "https://github.com/advisories/GHSA-36p3-wjmg-h94x", + - "https://github.com/advisories/GHSA-36p3-wjmg-h94x" PublishedDate: "2022-04-01T23:15:00Z" LastModifiedDate: "2022-05-19T14:21:00Z" - key: CVE-2020-14155 @@ -1387,7 +1387,7 @@ V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" V3Score: 5.3 References: - - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155", + - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155" - "https://nvd.nist.gov/vuln/detail/CVE-2020-14155" PublishedDate: "2020-06-15T17:15:00Z" LastModifiedDate: "2022-04-28T15:06:00Z" diff --git a/integration/testdata/spring4shell-jre11.json.golden b/integration/testdata/spring4shell-jre11.json.golden index 98c49376cf53..927db3df8d96 100644 --- a/integration/testdata/spring4shell-jre11.json.golden +++ b/integration/testdata/spring4shell-jre11.json.golden @@ -245,7 +245,9 @@ }, "References": [ "https://github.com/advisories/GHSA-36p3-wjmg-h94x" - ] + ], + "PublishedDate": "2022-04-01T23:15:00Z", + "LastModifiedDate": "2022-05-19T14:21:00Z" } ] }, diff --git a/integration/testdata/spring4shell-jre8.json.golden b/integration/testdata/spring4shell-jre8.json.golden index 45da22c7f39c..b41aa8878c5a 100644 --- a/integration/testdata/spring4shell-jre8.json.golden +++ b/integration/testdata/spring4shell-jre8.json.golden @@ -245,7 +245,9 @@ }, "References": [ "https://github.com/advisories/GHSA-36p3-wjmg-h94x" - ] + ], + "PublishedDate": "2022-04-01T23:15:00Z", + "LastModifiedDate": "2022-05-19T14:21:00Z" } ] },