Merge pull request #412 from pyupio/fix/common-fixes

Common fixes for next release
pyupio · Sep 29, 2022 · 97916f6 · 97916f6
2 parents 394ef07 + 56a4b48
commit 97916f6
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 9 deletions.
diff --git a/safety/output_utils.py b/safety/output_utils.py
@@ -176,7 +176,8 @@ def format_vulnerability(vulnerability, full_mode, only_text=False, columns=get_
 
         to_print += expire_section
 
-    to_print += more_info_line
+    if cve:
+        to_print += more_info_line
 
     to_print = [{**common_format, **line} for line in to_print]
 

diff --git a/safety/safety.py b/safety/safety.py
@@ -249,7 +249,7 @@ def get_vulnerability_from(vuln_id, cve, data, specifier, db, name, pkg, ignore_
     more_info_url = f"{base_domain}{data.get('more_info_path', '')}"
     severity = None
 
-    if cve and cve.cvssv2 or cve.cvssv3:
+    if cve and (cve.cvssv2 or cve.cvssv3):
         severity = Severity(source=cve.name, cvssv2=cve.cvssv2, cvssv3=cve.cvssv3)
 
     return Vulnerability(
@@ -276,9 +276,15 @@ def get_vulnerability_from(vuln_id, cve, data, specifier, db, name, pkg, ignore_
 
 
 def get_cve_from(data, db_full):
-    cve_id = data.get("cve", '').split(",")[0].strip()
+    cve_data = data.get("cve", '')
+
+    if not cve_data:
+        return None
+
+    cve_id = cve_data.split(",")[0].strip()
     cve_meta = db_full.get("$meta", {}).get("cve", {}).get(cve_id, {})
-    return CVE(name=cve_id, cvssv2=cve_meta.get("cvssv2", None), cvssv3=cve_meta.get("cvssv3", None))
+    return CVE(name=cve_id, cvssv2=cve_meta.get("cvssv2", None),
+               cvssv3=cve_meta.get("cvssv3", None))
 
 
 def ignore_vuln_if_needed(vuln_id, cve, ignore_vulns, ignore_severity_rules):
@@ -288,11 +294,12 @@ def ignore_vuln_if_needed(vuln_id, cve, ignore_vulns, ignore_severity_rules):
 
     severity = None
 
-    if cve.cvssv2 and cve.cvssv2.get("base_score", None):
-        severity = cve.cvssv2.get("base_score", None)
+    if cve:
+        if cve.cvssv2 and cve.cvssv2.get("base_score", None):
+            severity = cve.cvssv2.get("base_score", None)
 
-    if cve.cvssv3 and cve.cvssv3.get("base_score", None):
-        severity = cve.cvssv3.get("base_score", None)
+        if cve.cvssv3 and cve.cvssv3.get("base_score", None):
+            severity = cve.cvssv3.get("base_score", None)
 
     ignore_severity_below = float(ignore_severity_rules.get('ignore-cvss-severity-below', 0.0))
     ignore_unknown_severity = bool(ignore_severity_rules.get('ignore-cvss-unknown-severity', False))

diff --git a/safety/util.py b/safety/util.py
@@ -326,7 +326,12 @@ def active_color_if_needed(ctx, param, value):
     color = os.environ.get("SAFETY_COLOR", None)
 
     if color is not None:
-        ctx.color = bool(color)
+        color = color.lower()
+
+        if color == '1' or color == 'true':
+            ctx.color = True
+        elif color == '0' or color == 'false':
+            ctx.color = False
 
     return value