chore(fetch/jvn): logging when invalid CVE-ID is found (#242)

* feat(fetch/jvn): logging when invalid CVE-ID is found * chore(fetch/jvn): change log message * chore: fix lint error
vulsio · Jan 6, 2022 · 9ea45a2 · 9ea45a2
1 parent 473b08f
commit 9ea45a2
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 3 deletions.
diff --git a/db/db.go b/db/db.go
@@ -37,6 +37,7 @@ type DB interface {
 	CountJvn() (int, error)
 }
 
+// Option :
 type Option struct {
 	RedisTimeout time.Duration
 }

diff --git a/fetcher/jvn/jvn.go b/fetcher/jvn/jvn.go
@@ -414,9 +414,16 @@ func getCveIDs(item Item) []string {
 	for _, ref := range item.References {
 		switch ref.Source {
 		case "NVD", "CVE":
-			id := strings.TrimSpace(ref.ID)
-			if cveIDPattern.MatchString(id) {
-				cveIDsMap[id] = true
+			if cveIDPattern.MatchString(ref.ID) {
+				cveIDsMap[ref.ID] = true
+			} else {
+				id := strings.TrimSpace(ref.ID)
+				if cveIDPattern.MatchString(id) {
+					log.Warnf("CVE-ID with extra space. Please email JVNDB ([email protected]) to fix the rdf file with the following information. RDF data(Identifier: %s, Reference Source: %s, ID: %s)", item.Identifier, ref.Source, ref.ID)
+					cveIDsMap[id] = true
+				} else {
+					log.Warnf("Failed to get CVE-ID. Invalid CVE-ID. Please email JVNDB ([email protected]) to fix the rdf file with the following information. RDF data(Identifier: %s, Reference Source: %s, ID: %s)", item.Identifier, ref.Source, ref.ID)
+				}
 			}
 		}
 	}

diff --git a/fetcher/jvn/jvn_test.go b/fetcher/jvn/jvn_test.go
@@ -62,3 +62,47 @@ func TestDistributeCvesByYear(t *testing.T) {
 		}
 	}
 }
+
+func TestGetCveIDs(t *testing.T) {
+	var tests = []struct {
+		in       Item
+		expected []string
+	}{
+		{
+			in: Item{
+				Identifier: "success",
+				References: []references{{
+					Source: "NVD",
+					ID:     "CVE-0000-0001",
+				}},
+			},
+			expected: []string{"CVE-0000-0001"},
+		},
+		{
+			in: Item{
+				Identifier: "extra space",
+				References: []references{{
+					Source: "NVD",
+					ID:     "CVE-0000-0002 ",
+				}},
+			},
+			expected: []string{"CVE-0000-0002"},
+		},
+		{
+			in: Item{
+				Identifier: "invalid CVE-ID",
+				References: []references{{
+					Source: "NVD",
+					ID:     "CCVE-0000-0003",
+				}},
+			},
+			expected: []string{},
+		},
+	}
+
+	for i, tt := range tests {
+		if got := getCveIDs(tt.in); !reflect.DeepEqual(got, tt.expected) {
+			t.Errorf("[%d] expected: %v\n  actual: %v\n", i, tt.expected, got)
+		}
+	}
+}