Open mcjaeger opened 3 years ago
Does it happen when add CPE ID to release?
@nam-np This log appears when cve-search start to work.
SW360 Version: 11.0.0 | Branch: UNKNOWN (182f456)
I used CPEs which contain backslashes for a release.
cpe:2.3:a:icu-project:international_components_for_unicode:61.2:*:*:*:*:c\/c\+\+:*:*
After start Schedule CVE service:
Detail CVE in local server:
Show log with some checkpoint:
2021-05-27 11:21:00 INFO CveSearchHandler:133 - Starting CveSearch update...
11111111111111 cpe:2.3:a:icu-project:international_components_for_unicode:61.2:*:*:*:*:c\/c\+\+:*:*
22222222222222 cpe:2.3:a:icu-project:international_components_for_unicode:61.2:*:*:*:*:c\/c\+\+:*:*
33333333333333 cpe:2.3:a:icu-project:international_components_for_unicode:61.2:*:*:*:*:c\/c\+\+:*:*
=============http://localhost:5000/api/cvefor/cpe%3A2.3%3Aa%3Aicu-project%3Ainternational_components_for_unicode%3A61.2%3A*%3A*%3A*%3A*%3Ac%5C%2Fc%5C%2B%5C%2B%3A*%3A*
2021-05-27 11:21:00 INFO CveSearchHandler:135 - CveSearch update finished with status:SUCCESS
2021-05-27 11:21:00 INFO CveSearchHandler:136 - The following vulnerability/ies could not be imported:[]
The following vulnerability/ies were updated:[]
The following vulnerability/ies were added:[]
2021-05-27 11:21:00 INFO ScheduleSyncTask:38 - Successfully finished ScheduleSyncTask name=cvesearchService id=e90a41d2-5417-49fc-8476-ce15c587cf2f.
Test CVE API with:
curl -X GET http://localhost:5000/api/cvefor/cpe%3A2.3%3Aa%3Aicu-project%3Ainternational_components_for_unicode%3A61.2%3A*%3A*%3A*%3A*%3Ac%5C%2Fc%5C%2B%5C%2B%3A*%3A*
will return CVE information.
And tested with Version: 13.3.0 | Branch: UNKNOWN (fc3c198) CPE ID:
cpe:2.3:a:icu-project:international_components_for_unicode:61.2:*:*:*:*:c\/c\+\+:*:*
Log:
2021-06-02 10:58:18 INFO Scheduler:60 - New task scheduled. Interval=60sec SW360Task{name='cvesearchService'id='46a5e555-13f0-4c32-b637-e7a9f143131a'scheduledExecutionTime='2021-06-02 10:58:00'}
2021-06-02 10:59:00 INFO CveSearchHandler:133 - Starting CveSearch update...
2021-06-02 10:59:01 INFO VulnerabilityDatabaseHandler:67 - Vulnerability id = 00b5094cf364eaf2cca333bcd800a844
2021-06-02 10:59:01 INFO CveSearchHandler:135 - CveSearch update finished with status:SUCCESS
2021-06-02 10:59:01 INFO CveSearchHandler:136 - The following vulnerability/ies could not be imported:[]
The following vulnerability/ies were updated:[]
The following vulnerability/ies were added:[CVE-2020-10531]
2021-06-02 10:59:01 INFO ScheduleSyncTask:38 - Successfully finished ScheduleSyncTask name=cvesearchService id=46a5e555-13f0-4c32-b637-e7a9f143131a.
CVE:
CVE server search:
namnp@namnp:~/cve-search$ python3 ./bin/search.py -p "cpe:2.3:a:icu-project:international_components_for_unicode:61.2:*:*:*:*:c\/c\+\+:*:*" | grep "CVE.*:.*CVE"
CVE : CVE-2020-10531
(Discussion In 2021 June 2th telco) We are going to close this issue.
OK, thanks.
using some CPEs which contain backslashes will result in an exception when processed, examples of valid CPE
results in an exception here:
and here:
tested with 11.1 but should be there in following versions as well.