From cd12dc8734c2adfb56b5c83261065845bacdb761 Mon Sep 17 00:00:00 2001 From: joydeep049 Date: Thu, 3 Jul 2025 12:28:34 +0530 Subject: [PATCH 1/4] feat: OutputEngine updates for no-scan Signed-off-by: joydeep049 --- cve_bin_tool/cli.py | 6 +- cve_bin_tool/cve_scanner.py | 43 +++-- cve_bin_tool/output_engine/__init__.py | 5 +- cve_bin_tool/output_engine/console.py | 243 ++++++++++++++----------- 4 files changed, 178 insertions(+), 119 deletions(-) diff --git a/cve_bin_tool/cli.py b/cve_bin_tool/cli.py index f7f520dc9c..7ba6e0dadc 100644 --- a/cve_bin_tool/cli.py +++ b/cve_bin_tool/cli.py @@ -32,6 +32,7 @@ import textwrap import time from collections import ChainMap +from datetime import datetime from pathlib import Path from cve_bin_tool.available_fix import ( @@ -1267,7 +1268,9 @@ def main(argv=None): scanned_dir=args["directory"], filename=args["output_file"], themes_dir=args["html_theme"], - time_of_last_update=cvedb_orig.time_of_last_update, + time_of_last_update=( + cvedb_orig.time_of_last_update if cvedb_orig else datetime.now() + ), tag=args["tag"], products_with_cve=cve_scanner.products_with_cve, products_without_cve=cve_scanner.products_without_cve, @@ -1290,6 +1293,7 @@ def main(argv=None): sbom_root=sbom_root, strip_scan_dir=args["strip_scan_dir"], offline=args["offline"], + no_scan=args["no_scan"], ) if not args["quiet"]: diff --git a/cve_bin_tool/cve_scanner.py b/cve_bin_tool/cve_scanner.py index ae1fa9104d..f353dc2b09 100644 --- a/cve_bin_tool/cve_scanner.py +++ b/cve_bin_tool/cve_scanner.py @@ -46,20 +46,22 @@ def __init__( check_exploits: bool = False, exploits_list: List[str] = [], disabled_sources: List[str] = [], + no_scan: bool = False, ): - self.logger = logger or LOGGER.getChild(self.__class__.__name__) - self.error_mode = error_mode self.score = score self.check_metrics = check_metrics self.epss_percentile = epss_percentile self.epss_probability = epss_probability - self.products_with_cve = 0 - self.products_without_cve = 0 - self.all_cve_data = defaultdict(CVEData) - self.all_cve_version_info = dict() + self.logger = logger or LOGGER.getChild(self.__class__.__name__) + self.error_mode = error_mode self.check_exploits = check_exploits self.exploits_list = exploits_list self.disabled_sources = disabled_sources + self.no_scan = no_scan + self.products_with_cve = 0 + self.products_without_cve = 0 + self.all_cve_data = defaultdict(lambda: {"cves": [], "paths": set()}) + self.all_cve_version_info = dict() self.all_product_data = dict() def get_cves(self, product_info: ProductInfo, triage_data: TriageData): @@ -74,6 +76,21 @@ def get_cves(self, product_info: ProductInfo, triage_data: TriageData): if self.score > 10 or self.epss_probability > 1.0 or self.epss_percentile > 1.0: return + # Handle no-scan mode + if self.no_scan: + # In no-scan mode, just populate the product data without CVE scanning + if product_info not in self.all_product_data: + self.logger.debug(f"Add product {product_info} (no-scan mode)") + self.all_product_data[product_info] = 0 + + # Also populate all_cve_data with empty CVE list and paths + if product_info not in self.all_cve_data: + self.all_cve_data[product_info] = {"cves": [], "paths": set()} + + # Update paths + self.all_cve_data[product_info]["paths"] |= set(triage_data["paths"]) + return + if product_info.vendor == "UNKNOWN": # Add product if product_info not in self.all_product_data: @@ -298,7 +315,7 @@ def get_cves(self, product_info: ProductInfo, triage_data: TriageData): self.epss_percentile, self.epss_probability, ) - # row_dict doesnt have metric as key. As it based on result from query on + # row_dict doesn't have metric as key. As it based on result from query on # cve_severity table declaring row_dict[metric] row_dict["metric"] = {} # looping for result of query for metrics. @@ -481,9 +498,10 @@ def __enter__(self): Returns: CVEScanner: The instance of the CVEScanner with an active database connection. """ - self.connection = sqlite3.connect(self.dbname) - self.connection.row_factory = sqlite3.Row - self.cursor = self.connection.cursor() + if not self.no_scan: + self.connection = sqlite3.connect(self.dbname) + self.connection.row_factory = sqlite3.Row + self.cursor = self.connection.cursor() return self def __exit__(self, exc_type, exc_val, exc_tb): @@ -498,5 +516,6 @@ def __exit__(self, exc_type, exc_val, exc_tb): Returns: None """ - self.cursor.close() - self.connection.close() + if not self.no_scan and hasattr(self, "cursor") and hasattr(self, "connection"): + self.cursor.close() + self.connection.close() diff --git a/cve_bin_tool/output_engine/__init__.py b/cve_bin_tool/output_engine/__init__.py index eeccc3ba75..98f19f246f 100644 --- a/cve_bin_tool/output_engine/__init__.py +++ b/cve_bin_tool/output_engine/__init__.py @@ -621,7 +621,7 @@ def output_pdf( class OutputEngine: """ - Class represention of OutputEngine + Class representation of OutputEngine Attributes: all_cve_data (dict[ProductInfo, CVEData]) scanned_dir (str) @@ -693,6 +693,7 @@ def __init__( vex_product_info: dict[str, str] = {}, offline: bool = False, organized_arguements: dict = None, + no_scan: bool = False, ): """Constructor for OutputEngine class.""" self.logger = logger or LOGGER.getChild(self.__class__.__name__) @@ -726,6 +727,7 @@ def __init__( self.vex_type = vex_type self.vex_product_info = vex_product_info self.vex_filename = vex_filename + self.no_scan = no_scan def output_cves(self, outfile, output_type="console"): """Output a list of CVEs @@ -812,6 +814,7 @@ def output_cves(self, outfile, output_type="console"): self.offline, None, outfile, + self.no_scan, ) if isinstance(self.append, str): diff --git a/cve_bin_tool/output_engine/console.py b/cve_bin_tool/output_engine/console.py index fc28153d96..88fdbff08a 100644 --- a/cve_bin_tool/output_engine/console.py +++ b/cve_bin_tool/output_engine/console.py @@ -32,16 +32,16 @@ def output_console(*args: Any): """wrapper function for _output_console to enable output to a file""" ls_args = list(args) - output_file = ls_args[-1] - ls_args.pop() + no_scan = ls_args[-1] + output_file = ls_args[-2] + ls_args = ls_args[:-2] if output_file: with open(output_file, "w", encoding="utf-8") as f: console = Console(theme=cve_theme, file=f) - ls_args.append(console) - _output_console_nowrap(*ls_args) + _output_console_nowrap(*ls_args, console, no_scan) else: - _output_console_nowrap(*ls_args) + _output_console_nowrap(*ls_args, None, no_scan) def _output_console_nowrap( @@ -57,9 +57,11 @@ def _output_console_nowrap( offline: bool = False, width: int = None, console: Console = Console(theme=cve_theme), + no_scan: bool = False, ): """Output list of CVEs in a tabular format with color support""" - + if console is None: + console = Console(theme=cve_theme) console._width = width now = datetime.now().strftime("%Y-%m-%d %H:%M:%S") time_of_last_update = time_of_last_update.strftime("%Y-%m-%d %H:%M:%S") @@ -76,6 +78,19 @@ def _output_console_nowrap( ) ) + # Show no-scan mode message if applicable + if no_scan: + console.print( + Panel( + "[yellow]⚠️ NO-SCAN MODE[/yellow]\n" + "CVE scanning was disabled. This report shows only the products and versions " + "that were detected, without any vulnerability analysis.", + title="[yellow]No-Scan Mode Active[/yellow]", + border_style="yellow", + ) + ) + console.print() + remarks_colors = { Remarks.Mitigated: "green", Remarks.Confirmed: "red", @@ -85,30 +100,35 @@ def _output_console_nowrap( Remarks.NotAffected: "white", } - # Create table instance for CVE Summary - table = Table() - # Add Head Columns to the Table - table.add_column("Severity") - table.add_column("Count") - summary = get_cve_summary(all_cve_data, exploits) - summary_color = { - "CRITICAL": "red", - "HIGH": "blue", - "MEDIUM": "yellow", - "LOW": "green", - "UNKNOWN": "white", - } + if not no_scan: + # Create table instance for CVE Summary + table = Table() + # Add Head Columns to the Table + table.add_column("Severity") + table.add_column("Count") + summary = get_cve_summary(all_cve_data, exploits) + summary_color = { + "CRITICAL": "red", + "HIGH": "blue", + "MEDIUM": "yellow", + "LOW": "green", + "UNKNOWN": "white", + } + + for severity, count in summary.items(): + color = summary_color[severity.split("-")[0]] + cells = [ + Text.styled(severity, color), + Text.styled(str(count), color), + ] + table.add_row(*cells) + # Print the table to the console + console.print(table) - for severity, count in summary.items(): - color = summary_color[severity.split("-")[0]] - cells = [ - Text.styled(severity, color), - Text.styled(str(count), color), - ] - table.add_row(*cells) - # Print the table to the console - console.print(Panel("CVE SUMMARY", expand=False)) - console.print(table) + if no_scan: + console.print(Panel("(No CVE Scanning Performed)", expand=False)) + else: + console.print(Panel("CVE SUMMARY", expand=False)) # Create table instance for CPE Summary table = Table() @@ -117,25 +137,27 @@ def _output_console_nowrap( table.add_column("Product") table.add_column("Version") table.add_column("Latest Upstream Stable Version") - table.add_column("CRITICAL CVEs Count") - table.add_column("HIGH CVEs Count") - table.add_column("MEDIUM CVEs Count") - table.add_column("LOW CVEs Count") - table.add_column("UNKNOWN CVEs Count") - table.add_column("TOTAL CVEs Count") + if not no_scan: + table.add_column("CRITICAL CVEs Count") + table.add_column("HIGH CVEs Count") + table.add_column("MEDIUM CVEs Count") + table.add_column("LOW CVEs Count") + table.add_column("UNKNOWN CVEs Count") + table.add_column("TOTAL CVEs Count") if all_product_data is not None: for product_data in sorted(all_product_data, key=lambda item: item.product): color = None - summary = get_cve_summary( - {product_data: all_cve_data[product_data]}, exploits - ) + if not no_scan: + summary = get_cve_summary( + {product_data: all_cve_data[product_data]}, exploits + ) - # Display package with the color of the highest CVE - for severity, count in summary.items(): - if color is None and count > 0: - color = summary_color[severity.split("-")[0]] + # Display package with the color of the highest CVE + for severity, count in summary.items(): + if color is None and count > 0: + color = summary_color[severity.split("-")[0]] - if all_product_data[product_data] != 0: + if all_product_data[product_data] != 0 or no_scan: if offline: latest_stable_version = "UNKNOWN (offline mode)" else: @@ -143,25 +165,29 @@ def _output_console_nowrap( product_data ) cells = [ - Text.styled(product_data.vendor, color), - Text.styled(product_data.product, color), - Text.styled(product_data.version, color), - Text.styled(latest_stable_version, color), + Text.styled(product_data.vendor, color or "white"), + Text.styled(product_data.product, color or "white"), + Text.styled(product_data.version, color or "white"), + Text.styled(latest_stable_version, color or "white"), ] - for severity, count in summary.items(): - if count > 0: - color = summary_color[severity.split("-")[0]] - else: - color = "white" + if not no_scan: + for severity, count in summary.items(): + if count > 0: + color = summary_color[severity.split("-")[0]] + else: + color = "white" + cells += [ + Text.styled(str(count), color), + ] cells += [ - Text.styled(str(count), color), + Text.styled(str(all_product_data[product_data]), color), ] - cells += [ - Text.styled(str(all_product_data[product_data]), color), - ] table.add_row(*cells) # Print the table to the console - console.print(Panel("CPE SUMMARY", expand=False)) + if no_scan: + console.print(Panel("DETECTED PRODUCTS (No CVE Analysis)", expand=False)) + else: + console.print(Panel("CPE SUMMARY", expand=False)) console.print(table) cve_by_remarks: defaultdict[Remarks, list[dict[str, str]]] = defaultdict(list) @@ -209,54 +235,60 @@ def _output_console_nowrap( ) for remarks in sorted(cve_by_remarks): - color = remarks_colors[remarks] - console.print(Panel(f"[{color}] {remarks.name} CVEs [/{color}]", expand=False)) - # table instance - table = Table() - - # Add Head Columns to the Table - table.add_column("Vendor") - table.add_column("Product") - table.add_column("Version") - table.add_column("CVE Number") - table.add_column("Source") - table.add_column("Severity") - table.add_column("Score (CVSS Version)") - if metrics: - table.add_column("EPSS probability") - table.add_column("EPSS percentile") - if affected_versions != 0: - table.add_column("Affected Versions") - - for cve_data in cve_by_remarks[remarks]: - color = cve_data["severity"].split("-")[0].lower() - if cve_data["score"] == "unknown": - cvss_text = "unknown" - else: - cvss_text = ( - str(cve_data["score"]) + " (v" + str(cve_data["cvss_version"]) + ")" - ) - cells = [ - Text.styled(cve_data["vendor"], color), - Text.styled(cve_data["product"], color), - Text.styled(cve_data["version"], color), - linkify_cve(Text.styled(cve_data["cve_number"], color)), - Text.styled(cve_data["source"], color), - Text.styled(cve_data["severity"], color), - Text.styled(cvss_text, color), - ] + if not no_scan: + color = remarks_colors[remarks] + console.print( + Panel(f"[{color}] {remarks.name} CVEs [/{color}]", expand=False) + ) + # table instance + table = Table() + + # Add Head Columns to the Table + table.add_column("Vendor") + table.add_column("Product") + table.add_column("Version") + table.add_column("CVE Number") + table.add_column("Source") + table.add_column("Severity") + table.add_column("Score (CVSS Version)") if metrics: - cells.append(Text.styled(cve_data["epss_probability"], color)) - cells.append(Text.styled(cve_data["epss_percentile"], color)) + table.add_column("EPSS probability") + table.add_column("EPSS percentile") if affected_versions != 0: - cells.append(Text.styled(cve_data["affected_versions"], color)) - table.add_row(*cells) - # Print the table to the console - console.print(table) - for cve_data in cve_by_remarks[remarks]: - if "*" in cve_data["vendor"]: - console.print("* vendors guessed by the tool") - break + table.add_column("Affected Versions") + + for cve_data in cve_by_remarks[remarks]: + color = cve_data["severity"].split("-")[0].lower() + if cve_data["score"] == "unknown": + cvss_text = "unknown" + else: + cvss_text = ( + str(cve_data["score"]) + + " (v" + + str(cve_data["cvss_version"]) + + ")" + ) + cells = [ + Text.styled(cve_data["vendor"], color), + Text.styled(cve_data["product"], color), + Text.styled(cve_data["version"], color), + linkify_cve(Text.styled(cve_data["cve_number"], color)), + Text.styled(cve_data["source"], color), + Text.styled(cve_data["severity"], color), + Text.styled(cvss_text, color), + ] + if metrics: + cells.append(Text.styled(cve_data["epss_probability"], color)) + cells.append(Text.styled(cve_data["epss_percentile"], color)) + if affected_versions != 0: + cells.append(Text.styled(cve_data["affected_versions"], color)) + table.add_row(*cells) + # Print the table to the console + console.print(table) + for cve_data in cve_by_remarks[remarks]: + if "*" in cve_data["vendor"]: + console.print("* vendors guessed by the tool") + break # Show table of vulnerable products mapped to filename paths # As names can be long, these maybe replaced with a note which @@ -314,7 +346,7 @@ def validate_cell_length(cell_name, cell_type): i = i + 1 # List of scanned products with no identified vulnerabilities - if all_product_data is not None: + if all_product_data is not None and not no_scan: color = "green" console.print( Panel( @@ -348,7 +380,7 @@ def validate_cell_length(cell_name, cell_type): # Print the table to the console console.print(table) - if metrics: + if metrics and not no_scan: table = Table() # Add Head Columns to the Table table.add_column("CVE") @@ -392,4 +424,5 @@ def validate_cell_length(cell_name, cell_type): ] table.add_row(*cells) # Print the table to the console + console.print(table) From dcb6b6ee4202d0fc7b8dfbf44b005748f60a343f Mon Sep 17 00:00:00 2001 From: joydeep049 Date: Thu, 3 Jul 2025 15:24:15 +0530 Subject: [PATCH 2/4] fix: added no-scan to CVEScanner class Signed-off-by: joydeep049 --- cve_bin_tool/cli.py | 1 + 1 file changed, 1 insertion(+) diff --git a/cve_bin_tool/cli.py b/cve_bin_tool/cli.py index 7ba6e0dadc..0361359d9e 100644 --- a/cve_bin_tool/cli.py +++ b/cve_bin_tool/cli.py @@ -1092,6 +1092,7 @@ def main(argv=None): check_exploits=args["exploits"], exploits_list=cvedb_orig.get_exploits_list(), disabled_sources=disabled_sources, + no_scan=args["no_scan"], ) as cve_scanner: triage_data: TriageData total_files: int = 0 From 73d822560447caa4bb9e22ac8e1585053300cbd1 Mon Sep 17 00:00:00 2001 From: joydeep049 Date: Thu, 3 Jul 2025 16:16:38 +0530 Subject: [PATCH 3/4] fix: resolve failing tests Signed-off-by: joydeep049 --- dummy_vex_output | 256 +++++++++++++++++++++++++++++++++++++ test.sbom | 11 ++ test/test_output_engine.py | 19 ++- 3 files changed, 276 insertions(+), 10 deletions(-) create mode 100644 dummy_vex_output create mode 100644 test.sbom diff --git a/dummy_vex_output b/dummy_vex_output new file mode 100644 index 0000000000..4d49c97c9d --- /dev/null +++ b/dummy_vex_output @@ -0,0 +1,256 @@ +{ + "document": { + "category": "csaf_vex", + "csaf_version": "2.0", + "notes": [ + { + "category": "summary", + "title": "Technical Summary", + "text": "Auto generated CSAF document" + } + ], + "publisher": { + "category": "vendor", + "name": "TestVendor", + "namespace": "https://www.example.com", + "contact_details": "TestVendor" + }, + "title": "", + "tracking": { + "current_release_date": "2025-07-03T10:12:50Z", + "generator": { + "date": "2025-07-03T10:12:50Z", + "engine": { + "name": "csaf-tool", + "version": "0.3.2" + } + }, + "id": "TESTPRODUCT-1.0-VEX", + "initial_release_date": "2025-07-03T10:12:50Z", + "revision_history": [ + { + "date": "2025-07-03T10:12:50Z", + "number": "1", + "summary": "None" + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "branches": [ + { + "category": "vendor", + "name": "TestVendor", + "branches": [ + { + "category": "product_name", + "name": "TestProduct", + "branches": [ + { + "category": "product_version", + "name": "1.0", + "product": { + "name": "TestVendor TestProduct 1.0", + "product_id": "CSAFPID_0001", + "product_identification_helper": { + "sbom_urls": [ + "file:///home/joydeep/dev/cve-bin-tool" + ] + } + } + } + ] + } + ] + } + ] + }, + "vulnerabilities": [ + { + "cve": "CVE-1234-1004", + "notes": [ + { + "category": "description", + "title": "CVE description", + "text": "https://nvd.nist.gov/vuln/detail/CVE-1234-1004" + } + ], + "product_status": { + "under_investigation": [ + "CSAFPID_0001" + ] + }, + "threats": [ + { + "category": "impact", + "details": "", + "date": "2025-07-03T10:12:50Z", + "product_ids": [ + "CSAFPID_0001" + ] + } + ] + }, + { + "cve": "CVE-1234-1005", + "notes": [ + { + "category": "description", + "title": "CVE description", + "text": "https://nvd.nist.gov/vuln/detail/CVE-1234-1005" + } + ], + "product_status": { + "known_not_affected": [ + "CSAFPID_0001" + ] + }, + "flags": [ + { + "date": "2025-07-03T10:12:50Z", + "label": "component_not_present", + "product_ids": [ + "CSAFPID_0001" + ] + } + ], + "threats": [ + { + "category": "impact", + "details": "Detail field populated.", + "date": "2025-07-03T10:12:50Z", + "product_ids": [ + "CSAFPID_0001" + ] + } + ] + }, + { + "cve": "CVE-1234-1006", + "notes": [ + { + "category": "description", + "title": "CVE description", + "text": "https://nvd.nist.gov/vuln/detail/CVE-1234-1006" + } + ], + "product_status": { + "under_investigation": [ + "CSAFPID_0001" + ] + }, + "threats": [ + { + "category": "impact", + "details": "Data field populated.", + "date": "2025-07-03T10:12:50Z", + "product_ids": [ + "CSAFPID_0001" + ] + } + ] + }, + { + "cve": "CVE-1234-1007", + "notes": [ + { + "category": "description", + "title": "CVE description", + "text": "https://nvd.nist.gov/vuln/detail/CVE-1234-1007" + } + ], + "product_status": { + "fixed": [ + "CSAFPID_0001" + ] + }, + "threats": [ + { + "category": "impact", + "details": "Data field populated.", + "date": "2025-07-03T10:12:50Z", + "product_ids": [ + "CSAFPID_0001" + ] + } + ] + }, + { + "cve": "CVE-1234-1008", + "notes": [ + { + "category": "description", + "title": "CVE description", + "text": "https://nvd.nist.gov/vuln/detail/CVE-1234-1008" + } + ], + "product_status": { + "under_investigation": [ + "CSAFPID_0001" + ] + }, + "threats": [ + { + "category": "impact", + "details": "", + "date": "2025-07-03T10:12:50Z", + "product_ids": [ + "CSAFPID_0001" + ] + } + ] + }, + { + "cve": "CVE-1234-1009", + "notes": [ + { + "category": "description", + "title": "CVE description", + "text": "https://nvd.nist.gov/vuln/detail/CVE-1234-1009" + } + ], + "product_status": { + "under_investigation": [ + "CSAFPID_0001" + ] + }, + "threats": [ + { + "category": "impact", + "details": "", + "date": "2025-07-03T10:12:50Z", + "product_ids": [ + "CSAFPID_0001" + ] + } + ] + }, + { + "cve": "CVE-1234-1010", + "notes": [ + { + "category": "description", + "title": "CVE description", + "text": "https://nvd.nist.gov/vuln/detail/CVE-1234-1010" + } + ], + "product_status": { + "under_investigation": [ + "CSAFPID_0001" + ] + }, + "threats": [ + { + "category": "impact", + "details": "", + "date": "2025-07-03T10:12:50Z", + "product_ids": [ + "CSAFPID_0001" + ] + } + ] + } + ] +} diff --git a/test.sbom b/test.sbom new file mode 100644 index 0000000000..ef095776bf --- /dev/null +++ b/test.sbom @@ -0,0 +1,11 @@ +SPDXVersion: SPDX-2.3 +DataLicense: CC0-1.0 +SPDXID: SPDXRef-DOCUMENT +DocumentName: SBOM_CVEBINTOOL-CVE-SCAN +DocumentNamespace: http://spdx.org/spdxdocs/SBOM_CVEBINTOOL-CVE-SCAN-b6d76494-d9f1-4865-bd58-bad88edc8e07 +LicenseListVersion: 3.25 +Creator: Tool: cve-bin-tool-3.4.1 +Created: 2025-07-03T16:08:35Z +CreatorComment: This document has been automatically generated. +##### + diff --git a/test/test_output_engine.py b/test/test_output_engine.py index 74b7861a31..dd07caadab 100644 --- a/test/test_output_engine.py +++ b/test/test_output_engine.py @@ -20,7 +20,7 @@ from rich.console import Console from cve_bin_tool.output_engine import OutputEngine, output_csv, output_pdf -from cve_bin_tool.output_engine.console import output_console +from cve_bin_tool.output_engine.console import _output_console_nowrap, output_console from cve_bin_tool.output_engine.html import normalize_severity, output_html from cve_bin_tool.output_engine.json_output import output_json, output_json2 from cve_bin_tool.output_engine.util import format_output @@ -1151,10 +1151,9 @@ def test_output_console(self): exploits = False metrics = True console = Console(file=self.mock_file) - outfile = None all_product_data = None - output_console( + _output_console_nowrap( self.MOCK_OUTPUT, self.MOCK_ALL_CVE_VERSION_INFO, ".", @@ -1167,7 +1166,7 @@ def test_output_console(self): True, 120, console, - outfile, + False, ) expected_output = ( @@ -1202,10 +1201,9 @@ def test_output_console_affected_versions(self): exploits = False metrics = True console = Console(file=self.mock_file) - outfile = None all_product_data = None - output_console( + _output_console_nowrap( self.MOCK_ALL_CVE_DATA, self.MOCK_ALL_CVE_VERSION_INFO, ".", @@ -1218,7 +1216,7 @@ def test_output_console_affected_versions(self): True, 120, console, - outfile, + False, ) expected_output = ( @@ -1270,6 +1268,7 @@ def test_output_console_outfile(self): True, 120, outfile, + False, ) expected_output = ( @@ -1305,10 +1304,9 @@ def test_output_console_metrics_false(self): exploits = False metrics = False console = Console(file=self.mock_file) - outfile = None all_product_data = None - output_console( + _output_console_nowrap( self.MOCK_OUTPUT_2, self.MOCK_ALL_CVE_VERSION_INFO, ".", @@ -1321,7 +1319,7 @@ def test_output_console_metrics_false(self): True, 120, console, - outfile, + False, ) expected_output = ( @@ -1635,6 +1633,7 @@ def test_output_with_unset_fields(self): vex_product_info=vex_info, offline=False, organized_arguements={}, + no_scan=False, ) # Use an in-memory output file. dummy_out = io.StringIO() From cd8b2f92b6fd69f71ceffb49275b9c2b460c11cd Mon Sep 17 00:00:00 2001 From: joydeep049 Date: Thu, 10 Jul 2025 04:04:54 +0530 Subject: [PATCH 4/4] chore: remove unwanted files Signed-off-by: joydeep049 --- dummy_vex_output | 256 ----------------------------------------------- test.sbom | 11 -- 2 files changed, 267 deletions(-) delete mode 100644 dummy_vex_output delete mode 100644 test.sbom diff --git a/dummy_vex_output b/dummy_vex_output deleted file mode 100644 index 4d49c97c9d..0000000000 --- a/dummy_vex_output +++ /dev/null @@ -1,256 +0,0 @@ -{ - "document": { - "category": "csaf_vex", - "csaf_version": "2.0", - "notes": [ - { - "category": "summary", - "title": "Technical Summary", - "text": "Auto generated CSAF document" - } - ], - "publisher": { - "category": "vendor", - "name": "TestVendor", - "namespace": "https://www.example.com", - "contact_details": "TestVendor" - }, - "title": "", - "tracking": { - "current_release_date": "2025-07-03T10:12:50Z", - "generator": { - "date": "2025-07-03T10:12:50Z", - "engine": { - "name": "csaf-tool", - "version": "0.3.2" - } - }, - "id": "TESTPRODUCT-1.0-VEX", - "initial_release_date": "2025-07-03T10:12:50Z", - "revision_history": [ - { - "date": "2025-07-03T10:12:50Z", - "number": "1", - "summary": "None" - } - ], - "status": "final", - "version": "1" - } - }, - "product_tree": { - "branches": [ - { - "category": "vendor", - "name": "TestVendor", - "branches": [ - { - "category": "product_name", - "name": "TestProduct", - "branches": [ - { - "category": "product_version", - "name": "1.0", - "product": { - "name": "TestVendor TestProduct 1.0", - "product_id": "CSAFPID_0001", - "product_identification_helper": { - "sbom_urls": [ - "file:///home/joydeep/dev/cve-bin-tool" - ] - } - } - } - ] - } - ] - } - ] - }, - "vulnerabilities": [ - { - "cve": "CVE-1234-1004", - "notes": [ - { - "category": "description", - "title": "CVE description", - "text": "https://nvd.nist.gov/vuln/detail/CVE-1234-1004" - } - ], - "product_status": { - "under_investigation": [ - "CSAFPID_0001" - ] - }, - "threats": [ - { - "category": "impact", - "details": "", - "date": "2025-07-03T10:12:50Z", - "product_ids": [ - "CSAFPID_0001" - ] - } - ] - }, - { - "cve": "CVE-1234-1005", - "notes": [ - { - "category": "description", - "title": "CVE description", - "text": "https://nvd.nist.gov/vuln/detail/CVE-1234-1005" - } - ], - "product_status": { - "known_not_affected": [ - "CSAFPID_0001" - ] - }, - "flags": [ - { - "date": "2025-07-03T10:12:50Z", - "label": "component_not_present", - "product_ids": [ - "CSAFPID_0001" - ] - } - ], - "threats": [ - { - "category": "impact", - "details": "Detail field populated.", - "date": "2025-07-03T10:12:50Z", - "product_ids": [ - "CSAFPID_0001" - ] - } - ] - }, - { - "cve": "CVE-1234-1006", - "notes": [ - { - "category": "description", - "title": "CVE description", - "text": "https://nvd.nist.gov/vuln/detail/CVE-1234-1006" - } - ], - "product_status": { - "under_investigation": [ - "CSAFPID_0001" - ] - }, - "threats": [ - { - "category": "impact", - "details": "Data field populated.", - "date": "2025-07-03T10:12:50Z", - "product_ids": [ - "CSAFPID_0001" - ] - } - ] - }, - { - "cve": "CVE-1234-1007", - "notes": [ - { - "category": "description", - "title": "CVE description", - "text": "https://nvd.nist.gov/vuln/detail/CVE-1234-1007" - } - ], - "product_status": { - "fixed": [ - "CSAFPID_0001" - ] - }, - "threats": [ - { - "category": "impact", - "details": "Data field populated.", - "date": "2025-07-03T10:12:50Z", - "product_ids": [ - "CSAFPID_0001" - ] - } - ] - }, - { - "cve": "CVE-1234-1008", - "notes": [ - { - "category": "description", - "title": "CVE description", - "text": "https://nvd.nist.gov/vuln/detail/CVE-1234-1008" - } - ], - "product_status": { - "under_investigation": [ - "CSAFPID_0001" - ] - }, - "threats": [ - { - "category": "impact", - "details": "", - "date": "2025-07-03T10:12:50Z", - "product_ids": [ - "CSAFPID_0001" - ] - } - ] - }, - { - "cve": "CVE-1234-1009", - "notes": [ - { - "category": "description", - "title": "CVE description", - "text": "https://nvd.nist.gov/vuln/detail/CVE-1234-1009" - } - ], - "product_status": { - "under_investigation": [ - "CSAFPID_0001" - ] - }, - "threats": [ - { - "category": "impact", - "details": "", - "date": "2025-07-03T10:12:50Z", - "product_ids": [ - "CSAFPID_0001" - ] - } - ] - }, - { - "cve": "CVE-1234-1010", - "notes": [ - { - "category": "description", - "title": "CVE description", - "text": "https://nvd.nist.gov/vuln/detail/CVE-1234-1010" - } - ], - "product_status": { - "under_investigation": [ - "CSAFPID_0001" - ] - }, - "threats": [ - { - "category": "impact", - "details": "", - "date": "2025-07-03T10:12:50Z", - "product_ids": [ - "CSAFPID_0001" - ] - } - ] - } - ] -} diff --git a/test.sbom b/test.sbom deleted file mode 100644 index ef095776bf..0000000000 --- a/test.sbom +++ /dev/null @@ -1,11 +0,0 @@ -SPDXVersion: SPDX-2.3 -DataLicense: CC0-1.0 -SPDXID: SPDXRef-DOCUMENT -DocumentName: SBOM_CVEBINTOOL-CVE-SCAN -DocumentNamespace: http://spdx.org/spdxdocs/SBOM_CVEBINTOOL-CVE-SCAN-b6d76494-d9f1-4865-bd58-bad88edc8e07 -LicenseListVersion: 3.25 -Creator: Tool: cve-bin-tool-3.4.1 -Created: 2025-07-03T16:08:35Z -CreatorComment: This document has been automatically generated. -##### -