Merge pull request #55 from becitsthere/main

NVSHAS-8937: Add critical severity in cve db
neuvector · Jun 5, 2024 · 0aeb876 · 0aeb876
2 parents 0bfe206 + 53b7a8e
commit 0aeb876
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/updater/fetchers/apps/ghsa.go b/updater/fetchers/apps/ghsa.go
@@ -143,7 +143,9 @@ func loadGHSAData(ghsaFile, app, prefix string, lowercase bool) error {
 			}
 
 			severity := strings.ToLower(r.Advisory.Severity)
-			if severity == "high" || severity == "critical" {
+			if severity == "critical" {
+				v.Severity = common.Critical
+			} else if severity == "high" {
 				v.Severity = common.High
 			} else if severity == "moderate" {
 				v.Severity = common.Medium

diff --git a/updater/fetchers/apps/openshift.go b/updater/fetchers/apps/openshift.go
@@ -13,7 +13,7 @@ func openshiftUpdate() error {
 		Description: "A flaw has been detected in kubernetes which allows privilege escalation and access to sensitive information in OpenShift products and services.  This issue has been assigned CVE-2018-1002105 and has a security impact of Critical.",
 		Link:        "https://access.redhat.com/security/vulnerabilities/3716411",
 		Score:       9.8,
-		Severity:    common.High,
+		Severity:    common.Critical,
 		AffectedVer: []common.AppModuleVersion{
 			common.AppModuleVersion{OpCode: "lt", Version: "3.2.1.34-2,3.2"},
 			common.AppModuleVersion{OpCode: "orlt", Version: "3.11.43-1,3.11"},

diff --git a/updater/updater.go b/updater/updater.go
@@ -249,7 +249,9 @@ func enrichDistroMeta(meta *common.NVDMetadata, v *common.Vulnerability, cve *co
 func fixSeverityScore(feedSeverity common.Priority, maxCVSSv2, maxCVSSv3 *common.CVSS) common.Priority {
 	// For NVSHAS-4709, always set the severity by CVSS scores
 	var severity common.Priority
-	if maxCVSSv3.Score >= 7 || maxCVSSv2.Score >= 7 {
+	if maxCVSSv3.Score >= 9 || maxCVSSv2.Score >= 9 {
+		severity = common.Critical
+	} else if maxCVSSv3.Score >= 7 || maxCVSSv2.Score >= 7 {
 		severity = common.High
 	} else if maxCVSSv3.Score >= 4 || maxCVSSv2.Score >= 4 {
 		severity = common.Medium
@@ -261,6 +263,8 @@ func fixSeverityScore(feedSeverity common.Priority, maxCVSSv2, maxCVSSv3 *common
 
 	if maxCVSSv3.Score == 0 {
 		switch severity {
+		case common.Critical:
+			maxCVSSv3.Score = 9
 		case common.High:
 			maxCVSSv3.Score = 7
 		case common.Medium:
@@ -271,6 +275,8 @@ func fixSeverityScore(feedSeverity common.Priority, maxCVSSv2, maxCVSSv3 *common
 	}
 	if maxCVSSv2.Score == 0 {
 		switch severity {
+		case common.Critical:
+			maxCVSSv2.Score = 9
 		case common.High:
 			maxCVSSv2.Score = 7
 		case common.Medium: