Update as recommended

RedHatProductSecurity · Nov 28, 2023 · e76e3fe · e76e3fe
1 parent 9c83078
commit e76e3fe
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 8 deletions.
diff --git a/collectors/nvd/collectors.py b/collectors/nvd/collectors.py
@@ -143,12 +143,17 @@ def get_references(data: CVE) -> list:
             result.append(
                 {
                     "cve_ids": [vulnerability.id],
-                    "cvss_scores": [
-                        get_cvss_metric(vulnerability, "cvssMetricV2"),
-                        # get CVSS 3.1 or CVSS 3.0 if 3.1 is not present
-                        get_cvss_metric(vulnerability, "cvssMetricV31")
-                        or get_cvss_metric(vulnerability, "cvssMetricV30"),
-                    ],
+                    "cvss_scores": list(
+                        filter(
+                            lambda x: x is not None,
+                            [
+                                get_cvss_metric(vulnerability, "cvssMetricV2"),
+                                # get CVSS 3.1 or CVSS 3.0 if 3.1 is not present
+                                get_cvss_metric(vulnerability, "cvssMetricV31")
+                                or get_cvss_metric(vulnerability, "cvssMetricV30"),
+                            ],
+                        )
+                    ),
                     "cwe_id": get_cwes(vulnerability),
                     "description": get_description(vulnerability.descriptions),
                     "references": get_references(vulnerability),

diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -10,7 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Limit Celery worker to maximum amount of tasks (OSIDB-1540)
 - Command for manual sync of Flaws now also accepts CVEs (OSIDB-1544)
 - Add new SOURCE option into FlawReferenceType (OSIDB-1556)
-- Add new NVD option into FlawSource (OSIDB-1546)
+- Add new NVD option into FlawSource
 
 ### Fixed
 - Fix incorrect type bool of is_up2date field in

diff --git a/osidb/models.py b/osidb/models.py
@@ -1583,7 +1583,7 @@ def _create_flaw(self, cve_id: Union[str, None]) -> Flaw:
                 else:
                     main_model[field.model].update({key: value})
             except FieldDoesNotExist:
-                # only "cve_ids" should end up here
+                # anything that does not match the fields in Flaw will be ignored
                 pass
 
         shared_acl = {"acl_read": self.acl_read, "acl_write": self.acl_write}