fix: added check for epss_metric_id in cvedb (intel#4473)

weichslgartner · Sep 26, 2024 · b500699 · b500699
1 parent 8b3b32c
commit b500699
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/cve_bin_tool/cvedb.py b/cve_bin_tool/cvedb.py
@@ -31,6 +31,7 @@
     osv_source,
     purl2cpe_source,
 )
+from cve_bin_tool.data_sources.epss_source import Epss_Source
 from cve_bin_tool.error_handler import ERROR_CODES, CVEDBError, ErrorMode, SigningError
 from cve_bin_tool.fetch_json_db import Fetch_JSON_DB
 from cve_bin_tool.log import LOGGER
@@ -855,6 +856,14 @@ def store_epss_data(self, epss_data):
         """Insert Exploit Prediction Scoring System (EPSS) data into database."""
         insert_cve_metrics = self.INSERT_QUERIES["insert_cve_metrics"]
         cursor = self.db_open_and_get_cursor()
+        # check if epss_metric_id is the same in the db as in the epss_data
+        epss = Epss_Source()
+        epss.EPSS_id_finder(cursor)
+        if len(epss_data) > 0 and epss.epss_metric_id != epss_data[1]:
+            epss_data = [
+                (cve_id, epss.epss_metric_id, epss_score, epss_percentile)
+                for cve_id, metric_id, epss_score, epss_percentile in epss_data
+            ]
         cursor.executemany(insert_cve_metrics, epss_data)
         self.connection.commit()
         self.db_close()

diff --git a/cve_bin_tool/data_sources/epss_source.py b/cve_bin_tool/data_sources/epss_source.py
@@ -36,10 +36,10 @@ def __init__(self, error_mode=ErrorMode.TruncTrace):
         self.backup_cachedir = self.BACKUPCACHEDIR
         self.epss_path = str(Path(self.cachedir) / "epss")
         self.file_name = os.path.join(self.epss_path, "epss_scores-current.csv")
-        self.epss_metric_id = None
+        self.epss_metric_id = 1
         self.source_name = self.SOURCE
 
-    async def update_epss(self, cursor):
+    async def update_epss(self):
         """
         Updates the EPSS data by downloading and parsing the CSV file.
         Returns:
@@ -51,7 +51,6 @@ async def update_epss(self, cursor):
         """
         self.LOGGER.debug("Fetching EPSS data...")
 
-        self.EPSS_id_finder(cursor)
         await self.download_epss_data()
         self.epss_data = self.parse_epss_data()
         return self.epss_data