Add missing CVEs to aliases field for MNDT files

ziadhany · ziadhany · commit d7807e9107ee · 2025-12-31T15:59:52.000+02:00
Signed-off-by: ziad hany &lt;ziadhany2016@gmail.com&gt;
diff --git a/vulnerabilities/pipelines/v2_importers/fireeye_importer_v2.py b/vulnerabilities/pipelines/v2_importers/fireeye_importer_v2.py
@@ -10,7 +10,6 @@
 import re
 from pathlib import Path
 from typing import Iterable
-from typing import List
 
 from fetchcode.vcs import fetch_via_vcs
 
@@ -23,6 +22,7 @@
 from vulnerabilities.utils import create_weaknesses_list
 from vulnerabilities.utils import cwe_regex
 from vulnerabilities.utils import dedupe
+from vulnerabilities.utils import find_all_cve
 from vulnerabilities.utils import get_advisory_url
 
 logger = logging.getLogger(__name__)
@@ -99,12 +99,19 @@ def parse_advisory_data(raw_data, file_path, base_path) -> AdvisoryData:
     summary = md_dict.get(database_id[1::]) or []
     description = md_dict.get("## Description") or []
     impact = md_dict.get("## Impact")
-    cve_ids = md_dict.get("## CVE Reference") or []
+    cve_refs = md_dict.get("## CVE Reference") or []
+    cve_ids = md_dict.get("## CVE ID") or []
+    cleaned_cve_ids = []
+    for line in cve_ids:
+        found_cves = find_all_cve(line)
+        cleaned_cve_ids.extend(found_cves)
+
     references = md_dict.get("## References") or []
     cwe_data = md_dict.get("## Common Weakness Enumeration") or []
 
     advisory_id = file_path.stem
-    aliases = dedupe([cve_id.strip() for cve_id in cve_ids])
+    aliases = dedupe([cve.strip() for cve in cleaned_cve_ids + cve_refs])
+    aliases = [aliase for aliase in aliases if aliase != advisory_id]
     advisory_url = get_advisory_url(
         file=file_path,
         base_path=base_path,
diff --git a/vulnerabilities/tests/test_data/fireeye_v2/MNDT-2025-0009-expected.json b/vulnerabilities/tests/test_data/fireeye_v2/MNDT-2025-0009-expected.json
@@ -1,7 +1,7 @@
 [
   {
     "advisory_id": "MNDT-2025-0009",
-    "aliases": [],
+    "aliases": ["CVE-2025-64740"],
     "summary": "Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.",
     "affected_packages": [],
     "references_v2": [

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`[`
`2`	`2`	`{`
`3`	`3`	`"advisory_id": "MNDT-2025-0009",`
`4`		`- "aliases": [],`
	`4`	`+ "aliases": ["CVE-2025-64740"],`
`5`	`5`	`"summary": "Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.",`
`6`	`6`	`"affected_packages": [],`
`7`	`7`	`"references_v2": [`