From fcd4c0c8deb857c8532cb36f54e5f38331a19689 Mon Sep 17 00:00:00 2001
From: ambuj <kulshreshthaak.12@gmail.com>
Date: Tue, 4 Jun 2024 01:29:49 +0530
Subject: [PATCH] Fix: Change severity versions from generic textual to
 cvssv3.1 in curl importer. Signed-off-by: ambuj <kulshreshthaak.12@gmail.com>

---
 vulnerabilities/importers/curl.py                             | 4 ++--
 .../tests/test_data/curl/expected_curl_advisory_output1.json  | 2 +-
 .../tests/test_data/curl/expected_curl_advisory_output2.json  | 2 +-
 .../tests/test_data/curl/expected_curl_advisory_output3.json  | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/vulnerabilities/importers/curl.py b/vulnerabilities/importers/curl.py
index b17062a22..f2beb39af 100644
--- a/vulnerabilities/importers/curl.py
+++ b/vulnerabilities/importers/curl.py
@@ -98,7 +98,7 @@ def parse_advisory_data(raw_data) -> AdvisoryData:
         ...     ]
         ... }
         >>> parse_advisory_data(raw_data)
-        AdvisoryData(aliases=['CVE-2024-2379'], summary='QUIC certificate check bypass with wolfSSL', affected_packages=[AffectedPackage(package=PackageURL(type='generic', namespace='curl.se', name='curl', version=None, qualifiers={}, subpath=None), affected_version_range=GenericVersionRange(constraints=(VersionConstraint(comparator='=', version=SemverVersion(string='8.6.0')),)), fixed_version=SemverVersion(string='8.7.0'))], references=[Reference(reference_id='', url='https://curl.se/docs/CVE-2024-2379.html', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='Low', scoring_elements='')]), Reference(reference_id='', url='https://hackerone.com/reports/2410774', severities=[])], date_published=datetime.datetime(2024, 3, 27, 8, 0, tzinfo=datetime.timezone.utc), weaknesses=[297], url='https://curl.se/docs/CVE-2024-2379.json')
+        AdvisoryData(aliases=['CVE-2024-2379'], summary='QUIC certificate check bypass with wolfSSL', affected_packages=[AffectedPackage(package=PackageURL(type='generic', namespace='curl.se', name='curl', version=None, qualifiers={}, subpath=None), affected_version_range=GenericVersionRange(constraints=(VersionConstraint(comparator='=', version=SemverVersion(string='8.6.0')),)), fixed_version=SemverVersion(string='8.7.0'))], references=[Reference(reference_id='', url='https://curl.se/docs/CVE-2024-2379.html', severities=[VulnerabilitySeverity(system=Cvssv3ScoringSystem(identifier='cvssv3.1', name='CVSSv3.1 Base Score', url='https://www.first.org/cvss/v3-1/', notes='CVSSv3.1 base score and vector'), value='Low', scoring_elements='')]), Reference(reference_id='', url='https://hackerone.com/reports/2410774', severities=[])], date_published=datetime.datetime(2024, 3, 27, 8, 0, tzinfo=datetime.timezone.utc), weaknesses=[297], url='https://curl.se/docs/CVE-2024-2379.json')
     """
 
     affected = get_item(raw_data, "affected")[0] if len(get_item(raw_data, "affected")) > 0 else []
@@ -120,7 +120,7 @@ def parse_advisory_data(raw_data) -> AdvisoryData:
 
     database_specific = raw_data.get("database_specific") or {}
     severity = VulnerabilitySeverity(
-        system=SCORING_SYSTEMS["generic_textual"], value=database_specific.get("severity", "")
+        system=SCORING_SYSTEMS["cvssv3.1"], value=database_specific.get("severity", "")
     )
 
     references = []
diff --git a/vulnerabilities/tests/test_data/curl/expected_curl_advisory_output1.json b/vulnerabilities/tests/test_data/curl/expected_curl_advisory_output1.json
index 235fdb3cc..5f4449af8 100644
--- a/vulnerabilities/tests/test_data/curl/expected_curl_advisory_output1.json
+++ b/vulnerabilities/tests/test_data/curl/expected_curl_advisory_output1.json
@@ -23,7 +23,7 @@
         "url": "https://curl.se/docs/CVE-2024-2379.html",
         "severities": [
             {
-                "system": "generic_textual",
+                "system": "cvssv3.1",
                 "value": "Low",
                 "scoring_elements": ""
               }
diff --git a/vulnerabilities/tests/test_data/curl/expected_curl_advisory_output2.json b/vulnerabilities/tests/test_data/curl/expected_curl_advisory_output2.json
index a9a5b7d37..8affc8084 100644
--- a/vulnerabilities/tests/test_data/curl/expected_curl_advisory_output2.json
+++ b/vulnerabilities/tests/test_data/curl/expected_curl_advisory_output2.json
@@ -14,7 +14,7 @@
             "url": "https://curl.se/docs/CVE-2024-0853.html", 
             "severities": [
                 {
-                    "system": "generic_textual", 
+                    "system": "cvssv3.1", 
                     "value": "Low", 
                     "scoring_elements": ""
                 }
diff --git a/vulnerabilities/tests/test_data/curl/expected_curl_advisory_output3.json b/vulnerabilities/tests/test_data/curl/expected_curl_advisory_output3.json
index 45ef0735d..df8808575 100644
--- a/vulnerabilities/tests/test_data/curl/expected_curl_advisory_output3.json
+++ b/vulnerabilities/tests/test_data/curl/expected_curl_advisory_output3.json
@@ -21,7 +21,7 @@
             "url": "https://curl.se/docs/CVE-2023-46218.html", 
             "severities": [
                 {
-                    "system": "generic_textual", 
+                    "system": "cvssv3.1", 
                     "value": "Medium", 
                     "scoring_elements": ""
                 }