Merge pull request #414 from pyupio/develop

2.2.1 Patch
pyupio · Oct 4, 2022 · 01866b9 · 01866b9
2 parents 7455228 + 97916f6
commit 01866b9
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -15,7 +15,7 @@ For all commercial projects, Safely must be upgraded to use a [PyUp API](https:/
 Safety can be integrated into your existing GitHub CI pipeline as an action. Just add the following as a step in your workflow YAML file after setting your `SAFETY_API_KEY` secret on GitHub under Settings -> Secrets -> Actions:
 
 ```yaml
-      - uses: pyupio/safety@v1
+      - uses: pyupio/safety@2.2.0
         with:
           api-key: ${{ secrets.SAFETY_API_KEY }}
 ```

diff --git a/safety/output_utils.py b/safety/output_utils.py
@@ -176,7 +176,8 @@ def format_vulnerability(vulnerability, full_mode, only_text=False, columns=get_
 
         to_print += expire_section
 
-    to_print += more_info_line
+    if cve:
+        to_print += more_info_line
 
     to_print = [{**common_format, **line} for line in to_print]
 

diff --git a/safety/safety.py b/safety/safety.py
@@ -249,7 +249,7 @@ def get_vulnerability_from(vuln_id, cve, data, specifier, db, name, pkg, ignore_
     more_info_url = f"{base_domain}{data.get('more_info_path', '')}"
     severity = None
 
-    if cve and cve.cvssv2 or cve.cvssv3:
+    if cve and (cve.cvssv2 or cve.cvssv3):
         severity = Severity(source=cve.name, cvssv2=cve.cvssv2, cvssv3=cve.cvssv3)
 
     return Vulnerability(
@@ -276,9 +276,15 @@ def get_vulnerability_from(vuln_id, cve, data, specifier, db, name, pkg, ignore_
 
 
 def get_cve_from(data, db_full):
-    cve_id = data.get("cve", '').split(",")[0].strip()
+    cve_data = data.get("cve", '')
+
+    if not cve_data:
+        return None
+
+    cve_id = cve_data.split(",")[0].strip()
     cve_meta = db_full.get("$meta", {}).get("cve", {}).get(cve_id, {})
-    return CVE(name=cve_id, cvssv2=cve_meta.get("cvssv2", None), cvssv3=cve_meta.get("cvssv3", None))
+    return CVE(name=cve_id, cvssv2=cve_meta.get("cvssv2", None),
+               cvssv3=cve_meta.get("cvssv3", None))
 
 
 def ignore_vuln_if_needed(vuln_id, cve, ignore_vulns, ignore_severity_rules):
@@ -288,11 +294,12 @@ def ignore_vuln_if_needed(vuln_id, cve, ignore_vulns, ignore_severity_rules):
 
     severity = None
 
-    if cve.cvssv2 and cve.cvssv2.get("base_score", None):
-        severity = cve.cvssv2.get("base_score", None)
+    if cve:
+        if cve.cvssv2 and cve.cvssv2.get("base_score", None):
+            severity = cve.cvssv2.get("base_score", None)
 
-    if cve.cvssv3 and cve.cvssv3.get("base_score", None):
-        severity = cve.cvssv3.get("base_score", None)
+        if cve.cvssv3 and cve.cvssv3.get("base_score", None):
+            severity = cve.cvssv3.get("base_score", None)
 
     ignore_severity_below = float(ignore_severity_rules.get('ignore-cvss-severity-below', 0.0))
     ignore_unknown_severity = bool(ignore_severity_rules.get('ignore-cvss-unknown-severity', False))

diff --git a/safety/util.py b/safety/util.py
@@ -326,7 +326,12 @@ def active_color_if_needed(ctx, param, value):
     color = os.environ.get("SAFETY_COLOR", None)
 
     if color is not None:
-        ctx.color = bool(color)
+        color = color.lower()
+
+        if color == '1' or color == 'true':
+            ctx.color = True
+        elif color == '0' or color == 'false':
+            ctx.color = False
 
     return value