fix: [bug description] ValueError raised whilst using NVD API2 #4675
Labels
bug
Something isn't working
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
│ xxxxxxx/lib/python3.10/site-packages/cve_bin_tool/data_sources/nvd_source.py:315 in format_data_api2 │
│ │
│ 312 │ │ │ │
│ 313 │ │ │ # score should be numeric │
│ 314 │ │ │ try: │
│ 315 │ │ │ │ cve["score"] = float(cve["score"]) │
│ 316 │ │ │ except ValueError: │
│ 317 │ │ │ │ self.logger.debug(f"Score for {cve['id']} is invalid: {cve['score']}") │
│ 318 │ │ │ │ cve["score"] = "invalid" │
╰──────────────────────────────────────────────────────────────────────────────────────────────────╯
ValueError: could not convert string to float: 'unknown'
To reproduce
Update the CVE database to latest version
cve-bin-tool -u now -n api2 .update
Expected behaviour:
CVE is processed even if no CVSS score allocated
Actual behaviour:
ValueError raised and database update fails
Version/platform info
Version of CVE-bin-tool( e.g. output of
cve-bin-tool --version): 3.4Installed from pypi or github? Github
Anything else?
Whilst ValueError should handle the condition, suggest adding a guard statement
if cve["score"] != "unknown":before the try/except statement.Seems to work with
-n json-mirrorThe text was updated successfully, but these errors were encountered: