Fix: Allow empty CPE match for CVE configuration nodes

It seems despite violating their spec some CVE configuration nodes don't contain a CPE match.
greenbone · Oct 16, 2023 · 470cf35 · 470cf35
1 parent 066169b
commit 470cf35
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/pontos/nvd/models/cve.py b/pontos/nvd/models/cve.py
@@ -227,13 +227,14 @@ class Node(Model):
     A CVE configuration node
 
     Attributes:
-        operator:
-        cpe_match:
+        operator: Operator (and/or) for this node
+        cpe_match: The CPE match for the node. Despite a cpe match is required
+            int NISTs API spec the data seems to contain nodes without matches.
         negate:
     """
 
     operator: Operator
-    cpe_match: List[CPEMatch]
+    cpe_match: Optional[List[CPEMatch]] = None
     negate: Optional[bool] = None