Fix: Change severity versions from generic textual to cvssv3.1 in cur…

…l importer.

Signed-off-by: ambuj <[email protected]>

vulnerabilities/importers/curl.py

@@ -98,7 +98,7 @@ def parse_advisory_data(raw_data) -> AdvisoryData:
         ...     ]
         ... }
         >>> parse_advisory_data(raw_data)
-        AdvisoryData(aliases=['CVE-2024-2379'], summary='QUIC certificate check bypass with wolfSSL', affected_packages=[AffectedPackage(package=PackageURL(type='generic', namespace='curl.se', name='curl', version=None, qualifiers={}, subpath=None), affected_version_range=GenericVersionRange(constraints=(VersionConstraint(comparator='=', version=SemverVersion(string='8.6.0')),)), fixed_version=SemverVersion(string='8.7.0'))], references=[Reference(reference_id='', url='https://curl.se/docs/CVE-2024-2379.html', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='')]), Reference(reference_id='', url='https://hackerone.com/reports/2410774', severities=[])], date_published=datetime.datetime(2024, 3, 27, 8, 0, tzinfo=datetime.timezone.utc), weaknesses=[297], url='https://curl.se/docs/CVE-2024-2379.json')
+        AdvisoryData(aliases=['CVE-2024-2379'], summary='QUIC certificate check bypass with wolfSSL', affected_packages=[AffectedPackage(package=PackageURL(type='generic', namespace='curl.se', name='curl', version=None, qualifiers={}, subpath=None), affected_version_range=GenericVersionRange(constraints=(VersionConstraint(comparator='=', version=SemverVersion(string='8.6.0')),)), fixed_version=SemverVersion(string='8.7.0'))], references=[Reference(reference_id='', url='https://curl.se/docs/CVE-2024-2379.html', severities=[VulnerabilitySeverity(system=Cvssv3ScoringSystem(identifier='cvssv3.1', name='CVSSv3.1 Base Score', url='https://www.first.org/cvss/v3-1/', notes='CVSSv3.1 base score and vector'), value='Low', scoring_elements='')]), Reference(reference_id='', url='https://hackerone.com/reports/2410774', severities=[])], date_published=datetime.datetime(2024, 3, 27, 8, 0, tzinfo=datetime.timezone.utc), weaknesses=[297], url='https://curl.se/docs/CVE-2024-2379.json')
     """
 
     affected = get_item(raw_data, "affected")[0] if len(get_item(raw_data, "affected")) > 0 else []
@@ -120,7 +120,7 @@ def parse_advisory_data(raw_data) -> AdvisoryData:
 
     database_specific = raw_data.get("database_specific") or {}
     severity = VulnerabilitySeverity(
-        system=SCORING_SYSTEMS["generic_textual"], value=database_specific.get("severity", "")
+        system=SCORING_SYSTEMS["cvssv3.1"], value=database_specific.get("severity", "")
     )
 
     references = []

vulnerabilities/tests/test_data/curl/expected_curl_advisory_output1.json

@@ -23,7 +23,7 @@
         "url": "https://curl.se/docs/CVE-2024-2379.html",
         "severities": [
             {
-                "system": "generic_textual",
+                "system": "cvssv3.1",
                 "value": "Low",
                 "scoring_elements": ""
               }

vulnerabilities/tests/test_data/curl/expected_curl_advisory_output2.json

@@ -14,7 +14,7 @@
             "url": "https://curl.se/docs/CVE-2024-0853.html", 
             "severities": [
                 {
-                    "system": "generic_textual", 
+                    "system": "cvssv3.1", 
                     "value": "Low", 
                     "scoring_elements": ""
                 }

vulnerabilities/tests/test_data/curl/expected_curl_advisory_output3.json

@@ -21,7 +21,7 @@
             "url": "https://curl.se/docs/CVE-2023-46218.html", 
             "severities": [
                 {
-                    "system": "generic_textual", 
+                    "system": "cvssv3.1", 
                     "value": "Medium", 
                     "scoring_elements": ""
                 }