Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid value for cve at insecure_full.json #2323

Closed
sbs2001 opened this issue Sep 24, 2020 · 3 comments
Closed

Invalid value for cve at insecure_full.json #2323

sbs2001 opened this issue Sep 24, 2020 · 3 comments

Comments

@sbs2001
Copy link

sbs2001 commented Sep 24, 2020

safety-db/data/insecure_full.json

Line 2640 in c4f4673

"cve": "\"\"",

The value for cve there should probably be null .
@sbs2001 sbs2001 mentioned this issue Sep 24, 2020
Closed
@harlekeyn
Copy link

Thanks, fixed.
Note that this would not update to our free database until October 1st.

@sbs2001
Copy link
Author

sbs2001 commented Sep 25, 2020

FYI we have code/tests to detect such issues https://github.com/nexB/vulnerablecode/blob/e65ac68177dd41eaae9a79914712bac00058e0aa/vulnerabilities/importers/safety_db.py#L51

If you are interested I could file a PR to include a schema test as a part of CI.

@harlekeyn
Copy link

harlekeyn commented Sep 25, 2020
edited
Loading

Thanks for that link. We're actually about to include some server-side code that will sanitize the CVE value on our end.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sbs2001 @harlekeyn