feat: Update queries #3172
feat: Update queries #3172
Conversation
| @@ -118,5 +118,5 @@ def parse_epss_data(self, file_path=None): | |||
| # Parse the data from the remaining rows | |||
| for row in reader: | |||
| cve_id, epss_score, epss_percentile = row[:3] | |||
| parsed_data.append((cve_id, "EPSS", epss_score, epss_percentile)) | |||
| parsed_data.append((cve_id, 1, epss_score, epss_percentile)) | |||
There was a problem hiding this comment.
@Rexbeast2 You should find the value of the EPSS metric by searching for the EPSS string in the metrics table rather than assume it is '1'
cve_bin_tool/cvedb.py
Outdated
| cursor.execute(query, [cve.get("CVSS_version")]) | ||
| # Fetch all the results of the query and use 'map' to extract only the 'metrics_name' from the result | ||
| metric = list(map(lambda x: x[0], cursor.fetchall())) | ||
| # Since the query is expected to return a single result, extract the first item from the list and store it in 'metric' |
There was a problem hiding this comment.
We should probably add some debug to check this assumption
cve_bin_tool/cvedb.py
Outdated
|
|
||
| for cve in severity_data: | ||
| # Check no None values | ||
| if not bool(cve.get("score")): |
There was a problem hiding this comment.
Won't cve["score"] = cve.get("score","unknown") work?
There was a problem hiding this comment.
Well, for this. I tried to keep it as similar as possible to populate_severity.
There was a problem hiding this comment.
Reminder: because I enabled branch protection I won't be able to merge this until all tests are passing. It looks like you'll need to update this branch to get the last one I had to disable to get main passing again. (Plus it looks like Anthony's got other feedback that needs incorporation.)
|
@terriko As far as I can see, the test cases are failing due to |
test_csv2cve isn't failing on main, and the way it's failing makes it look like it's not finding some data (it looks like the assert is expecting to find more than 60 of something, and instead it's finding 1). If I had to guess, you're accidentally clobbering some data that it needs to return correct results. Probably something in the |
There was a problem hiding this comment.
Looks like you've got a merge conflict to resolve now that I've merged #3147 . I'll leave that to you, I also put in some inline comments about docstrings that you might as well do at the same time. We haven't been super consistent about docstrings across the project but you've got a couple of places where you've already written the string as a comment so we might as well just format it as a docstring! If you're bored while you're waiting for tests on this to run you could go back and look at your previously added functions for some easy refactoring commits.
cve_bin_tool/cvedb.py
Outdated
| @@ -552,6 +554,56 @@ def populate_affected(self, affected_data, cursor, data_source): | |||
| except Exception as e: | |||
| LOGGER.info(f"Unable to insert data for {data_source} - {e}") | |||
|
|
|||
| def metric_finder(self, cursor, cve): | |||
| # SQL query to retrieve the metrics_name based on the metrics_id | |||
There was a problem hiding this comment.
This comment is helpful; maybe we could turn it into a docstring so it can be parsed and used as such?
| # SQL query to retrieve the metrics_name based on the metrics_id | |
| ''' SQL query to retrieve the metrics_name based on the metrics_id ''' |
Short explainer on docstrings in case you're not familiar with them: https://www.programiz.com/python-programming/docstrings
More generally: cvedb is lacking in a lot of docstrings but it would be nice to have them in new functions if you remember. I'll flag a few more new functions in this PR for you. Sorry I didn't think to do it with earlier PRs!
| ) | ||
| return metric | ||
|
|
||
| def populate_cve_metrics(self, severity_data, cursor): |
There was a problem hiding this comment.
Good place for a docstring!
| @@ -567,6 +619,12 @@ def populate_metrics(self): | |||
| self.connection.commit() | |||
| self.db_close() | |||
|
|
|||
| def populate_epss(self): | |||
There was a problem hiding this comment.
Another good place for a docstring. I feel like this short function is mostly self-evident to people who know the acronyms but could be difficult for someone who doesn't. So this is a nice opportunity to expand the acronym and have a really short explainer about what it's for. Something like "Add Exploit Prediction Scoring System (EPSS) data to help users evaluate risks"
| @@ -99,6 +101,14 @@ async def download_epss_data(self): | |||
| except aiohttp.ClientError as e: | |||
| self.LOGGER.error(f"An error occurred during downloading epss {e}") | |||
|
|
|||
| def EPSS_id_finder(self, cursor): | |||
There was a problem hiding this comment.
Another good place for a docstring.
Codecov Report
@@ Coverage Diff @@
## main #3172 +/- ##
==========================================
- Coverage 81.28% 80.50% -0.79%
==========================================
Files 716 716
Lines 11126 11163 +37
Branches 1495 1497 +2
==========================================
- Hits 9044 8987 -57
- Misses 1693 1776 +83
- Partials 389 400 +11
Flags with carried forward coverage won't be shown. Click here to find out more.
... and 20 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
cve_bin_tool/cvedb.py
Outdated
| """ | ||
| EPSS uses metrics table to get the EPSS metric id. | ||
| It can't be ran before creation of metrics table. | ||
| """ |
There was a problem hiding this comment.
This one actually doesn't need to be a string, it can be a comment. Docstrings are a special case of a string appearing immediately after a def function definition (at least for functions) but anything else inside the function can probably be a comment.
| """ | |
| EPSS uses metrics table to get the EPSS metric id. | |
| It can't be ran before creation of metrics table. | |
| """ | |
| # EPSS uses metrics table to get the EPSS metric id. | |
| # It can't be ran before creation of metrics table. |
cve_bin_tool/cvedb.py
Outdated
| """Adds data into CVE metrics table""" | ||
|
|
||
| def populate_cve_metrics(self, severity_data, cursor): |
There was a problem hiding this comment.
| """Adds data into CVE metrics table""" | |
| def populate_cve_metrics(self, severity_data, cursor): | |
| def populate_cve_metrics(self, severity_data, cursor): | |
| """ Adds data into CVE metrics table """ |
Docstring goes after def here
cve_bin_tool/cvedb.py
Outdated
| """Adding data to metric table.""" | ||
|
|
||
| def populate_metrics(self): |
There was a problem hiding this comment.
| """Adding data to metric table.""" | |
| def populate_metrics(self): | |
| def populate_metrics(self): | |
| """ Adding data to metric table. """ |
Same deal. Beware, I'm doing suggestions from the web interface so my indentation may be incorrect if you try to just merge these in.
cve_bin_tool/cvedb.py
Outdated
| """Add EPSS data into the database""" | ||
|
|
||
| def populate_epss(self): |
There was a problem hiding this comment.
| """Add EPSS data into the database""" | |
| def populate_epss(self): | |
| def populate_epss(self): | |
| """ Add EPSS data into the database """ |
Same thing
| """Search for metric id in EPSS table""" | ||
|
|
||
| def EPSS_id_finder(self, cursor): |
There was a problem hiding this comment.
| """Search for metric id in EPSS table""" | |
| def EPSS_id_finder(self, cursor): | |
| def EPSS_id_finder(self, cursor): | |
| """Search for metric id in EPSS table""" |
| """Parse epss data from the file path given and return the parse data""" | ||
|
|
||
| def parse_epss_data(self, file_path=None): |
There was a problem hiding this comment.
| """Parse epss data from the file path given and return the parse data""" | |
| def parse_epss_data(self, file_path=None): | |
| def parse_epss_data(self, file_path=None): | |
| """ Parse epss data from the file path given and return the parse data """ |
This PR is to be only considered after closing #3147.