fix: improve comment propagation from lib4vex (#4423)

Lib4vex produces a "comment" field but we were trying to load a "comments" (plural) one and thus not getting any comments parsed by the library. This changes our grab from lib4vex to match what it's producing, and changes the necessary tests that will suddenly be getting the correct data. Signed-off-by: Terri Oda <terri.oda@intel.com>
intel · Sep 10, 2024 · 0ba0090 · 0ba0090
1 parent 1cb692c
commit 0ba0090
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/cve_bin_tool/vex_manager/parse.py b/cve_bin_tool/vex_manager/parse.py
@@ -113,7 +113,7 @@ def __process_vulnerabilities(self, vulnerabilities) -> None:
             remarks = self.analysis_state[self.vextype][vuln.get("status")]
             justification = vuln.get("justification")
             response = vuln.get("remediation")
-            comments = vuln.get("comments")
+            comments = vuln.get("comment")
             severity = vuln.get("severity")  # Severity is not available in Lib4VEX
             # Decode the bom reference for cyclonedx and purl for csaf and openvex
             product_info = None

diff --git a/test/test_vex.py b/test/test_vex.py
@@ -173,7 +173,7 @@ class TestVexParse:
             },
             "CVE-1234-1005": {
                 "remarks": Remarks.NotAffected,
-                "comments": "",
+                "comments": "Detail field populated.",
                 "response": [],
             },
             "paths": {},
@@ -187,7 +187,7 @@ class TestVexParse:
         ): {
             "CVE-1234-1007": {
                 "remarks": Remarks.Mitigated,
-                "comments": "",
+                "comments": "Data field populated.",
                 "response": [],
             },
             "CVE-1234-1008": {
@@ -212,7 +212,7 @@ class TestVexParse:
             },
             "CVE-1234-1005": {
                 "remarks": Remarks.NotAffected,
-                "comments": "",
+                "comments": "NotAffected: Detail field populated.",
                 "response": "will_not_fix",
                 "justification": "code_not_reachable",
             },
@@ -226,7 +226,7 @@ class TestVexParse:
         ): {
             "CVE-1234-1007": {
                 "remarks": Remarks.Mitigated,
-                "comments": "",
+                "comments": "Data field populated.",
                 "response": [],
             },
             "CVE-1234-1008": {