From cef4eb2b4ffdf16e13099adc0ad86c75099175f5 Mon Sep 17 00:00:00 2001 From: Yeison Vargas Date: Mon, 26 Sep 2022 18:47:39 -0500 Subject: [PATCH 1/3] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e20ad669..dc703520 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ For all commercial projects, Safely must be upgraded to use a [PyUp API](https:/ Safety can be integrated into your existing GitHub CI pipeline as an action. Just add the following as a step in your workflow YAML file after setting your `SAFETY_API_KEY` secret on GitHub under Settings -> Secrets -> Actions: ```yaml - - uses: pyupio/safety@v1 + - uses: pyupio/safety@2.2.0 with: api-key: ${{ secrets.SAFETY_API_KEY }} ``` From 2ad7a0614ed0da3d11c2288f20d1d026141b92e3 Mon Sep 17 00:00:00 2001 From: Yeison Vargas Date: Thu, 29 Sep 2022 17:02:42 -0500 Subject: [PATCH 2/3] Adding the proper validation for the SAFETY_COLOR env var --- safety/util.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/safety/util.py b/safety/util.py index 9d805bc0..5af070b3 100644 --- a/safety/util.py +++ b/safety/util.py @@ -326,7 +326,12 @@ def active_color_if_needed(ctx, param, value): color = os.environ.get("SAFETY_COLOR", None) if color is not None: - ctx.color = bool(color) + color = color.lower() + + if color == '1' or color == 'true': + ctx.color = True + elif color == '0' or color == 'false': + ctx.color = False return value From 56a4b48059bf6803cddab4957ce54aac7bd09671 Mon Sep 17 00:00:00 2001 From: Yeison Vargas Date: Thu, 29 Sep 2022 17:03:56 -0500 Subject: [PATCH 3/3] Handling None cases for CVE ids --- safety/output_utils.py | 3 ++- safety/safety.py | 21 ++++++++++++++------- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/safety/output_utils.py b/safety/output_utils.py index 73738f20..529860ff 100644 --- a/safety/output_utils.py +++ b/safety/output_utils.py @@ -176,7 +176,8 @@ def format_vulnerability(vulnerability, full_mode, only_text=False, columns=get_ to_print += expire_section - to_print += more_info_line + if cve: + to_print += more_info_line to_print = [{**common_format, **line} for line in to_print] diff --git a/safety/safety.py b/safety/safety.py index d65b0edf..67a2b414 100644 --- a/safety/safety.py +++ b/safety/safety.py @@ -249,7 +249,7 @@ def get_vulnerability_from(vuln_id, cve, data, specifier, db, name, pkg, ignore_ more_info_url = f"{base_domain}{data.get('more_info_path', '')}" severity = None - if cve and cve.cvssv2 or cve.cvssv3: + if cve and (cve.cvssv2 or cve.cvssv3): severity = Severity(source=cve.name, cvssv2=cve.cvssv2, cvssv3=cve.cvssv3) return Vulnerability( @@ -276,9 +276,15 @@ def get_vulnerability_from(vuln_id, cve, data, specifier, db, name, pkg, ignore_ def get_cve_from(data, db_full): - cve_id = data.get("cve", '').split(",")[0].strip() + cve_data = data.get("cve", '') + + if not cve_data: + return None + + cve_id = cve_data.split(",")[0].strip() cve_meta = db_full.get("$meta", {}).get("cve", {}).get(cve_id, {}) - return CVE(name=cve_id, cvssv2=cve_meta.get("cvssv2", None), cvssv3=cve_meta.get("cvssv3", None)) + return CVE(name=cve_id, cvssv2=cve_meta.get("cvssv2", None), + cvssv3=cve_meta.get("cvssv3", None)) def ignore_vuln_if_needed(vuln_id, cve, ignore_vulns, ignore_severity_rules): @@ -288,11 +294,12 @@ def ignore_vuln_if_needed(vuln_id, cve, ignore_vulns, ignore_severity_rules): severity = None - if cve.cvssv2 and cve.cvssv2.get("base_score", None): - severity = cve.cvssv2.get("base_score", None) + if cve: + if cve.cvssv2 and cve.cvssv2.get("base_score", None): + severity = cve.cvssv2.get("base_score", None) - if cve.cvssv3 and cve.cvssv3.get("base_score", None): - severity = cve.cvssv3.get("base_score", None) + if cve.cvssv3 and cve.cvssv3.get("base_score", None): + severity = cve.cvssv3.get("base_score", None) ignore_severity_below = float(ignore_severity_rules.get('ignore-cvss-severity-below', 0.0)) ignore_unknown_severity = bool(ignore_severity_rules.get('ignore-cvss-unknown-severity', False))