Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Usage of modified-files option throws AttributeError when creating an advisory record #373

Open
SimoneScalco opened this issue Jul 8, 2023 · 1 comment
Assignees
Labels

Comments

@SimoneScalco
Copy link

SimoneScalco commented Jul 8, 2023

It seems that the current implementation throws an attribute error when using the modified-files option in the input parameters.
As described in the argument parser, this option can be used to manually specify "names (or partial names) comma separated that the commits are supposed to modify".
So, for instance, for CVE-2021-40690 I tested the following command:

python cli/main.py CVE-2021-40690 --repository https://github.com/apache/santuario-xml-security-java --use-nvd --version-interval 2.2.2:2.2.3 --modified-files KeyInfo,KeyReferenceInfo,RetrievalMethod --use-backend=never --filter-extensions=java

It prints the following output:

Initialization   [OK]
Processing advisory   [ERROR]
Traceback (most recent call last):
  File "/opt/project-kb/prospector/cli/main.py", line 103, in <module>
    main(sys.argv)
  File "/opt/project-kb/prospector/cli/main.py", line 66, in main
    results, advisory_record = prospector(
  File "/opt/project-kb/prospector/stats/execution.py", line 49, in _wrapper
    with ExecutionTimer(collection.sub_collection(name)):
  File "/opt/project-kb/prospector/stats/execution.py", line 78, in __exit__
    raise exc_val
  File "/opt/project-kb/prospector/stats/execution.py", line 50, in _wrapper
    result = function(*args, **kwargs)
  File "/opt/project-kb/prospector/core/prospector.py", line 74, in prospector
    with ConsoleWriter("Processing advisory") as console:
  File "/opt/project-kb/prospector/cli/console.py", line 32, in __exit__
    raise exc_val
  File "/opt/project-kb/prospector/core/prospector.py", line 75, in prospector
    advisory_record = build_advisory_record(
  File "/opt/project-kb/prospector/datamodel/advisory.py", line 352, in build_advisory_record
    advisory_record.files.update(set(modified_files.split(",")))
AttributeError: 'set' object has no attribute 'split'

As clearly described by the error, the issue is in the datamodel/advisory.py file, more specifically this part of the code:

...
if modified_files and len(modified_files) > 0:
    advisory_record.files.update(set(modified_files.split(",")))
...

Since modified_files is already a set at that point of the code, the easy fix would be to change it to:

...
if modified_files and len(modified_files) > 0:
    advisory_record.files.update(modified_files)
...

Consequently, you may also want to edit the type annotations in build_advisory_record(...) and other parts of the code.

I'm not sure if this has already been noticed, so please let me know if it's an actual issue present also in the upcoming version. Also, let me know if you want me to create a PR.

@SimoneScalco SimoneScalco changed the title Usage of modified-files option throws exception when creating an advisory record Usage of modified-files option throws AttributeError when creating an advisory record Jul 8, 2023
@copernico copernico self-assigned this Jul 9, 2023
@copernico
Copy link
Contributor

Hi Simone, thanks for reporting this; yes, a PR would be greatly appreciated!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants