swich CSAF type from csaf_vex to csaf_security_advisory

ossf · Nov 19, 2024 · a1a0a9e · a1a0a9e
1 parent 00aefbd
commit a1a0a9e
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 10 deletions.
diff --git a/tools/redhat/redhat_osv/csaf.py b/tools/redhat/redhat_osv/csaf.py
@@ -163,9 +163,9 @@ def __init__(self, csaf_content: str):
         }
 
         # Only support csaf_vex 2.0
-        if self.csaf != {"type": "csaf_vex", "csaf_version": "2.0"}:
+        if self.csaf != {"type": "csaf_security_advisory", "csaf_version": "2.0"}:
             raise ValueError(
-                f"Can only handle csaf_vex 2.0 documents. Got: {self.csaf}")
+                f"Can only handle csaf_security_advisory 2.0 documents. Got: {self.csaf}")
 
         self.cpes, self.purls = build_product_maps(csaf_data["product_tree"])
 

diff --git a/tools/redhat/testdata/CSAF/rhsa-2003_315.json b/tools/redhat/testdata/CSAF/rhsa-2003_315.json
@@ -4,7 +4,7 @@
       "namespace": "https://access.redhat.com/security/updates/classification/",
       "text": "Low"
     },
-    "category": "csaf_vex",
+    "category": "csaf_security_advisory",
     "csaf_version": "2.0",
     "distribution": {
       "text": "Copyright © Red Hat, Inc. All rights reserved.",
@@ -673,4 +673,4 @@
       "title": "security flaw"
     }
   ]
-}
+}
diff --git a/tools/redhat/testdata/CSAF/rhsa-2015_0008.json b/tools/redhat/testdata/CSAF/rhsa-2015_0008.json
@@ -4,7 +4,7 @@
       "namespace": "https://access.redhat.com/security/updates/classification/",
       "text": "Low"
     },
-    "category": "csaf_vex",
+    "category": "csaf_security_advisory",
     "csaf_version": "2.0",
     "distribution": {
       "text": "Copyright © Red Hat, Inc. All rights reserved.",
@@ -7526,4 +7526,4 @@
       "title": "libvirt: dumpxml: information leak with migratable flag"
     }
   ]
-}
+}
diff --git a/tools/redhat/testdata/CSAF/rhsa-2024_4546.json b/tools/redhat/testdata/CSAF/rhsa-2024_4546.json
@@ -4,7 +4,7 @@
       "namespace": "https://access.redhat.com/security/updates/classification/",
       "text": "Important"
     },
-    "category": "csaf_vex",
+    "category": "csaf_security_advisory",
     "csaf_version": "2.0",
     "distribution": {
       "text": "Copyright © Red Hat, Inc. All rights reserved.",
@@ -567,4 +567,4 @@
       "title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
     }
   ]
-}
+}
diff --git a/tools/redhat/testdata/CSAF/rhsa-2024_6220.json b/tools/redhat/testdata/CSAF/rhsa-2024_6220.json
@@ -4,7 +4,7 @@
       "namespace": "https://access.redhat.com/security/updates/classification/",
       "text": "Important"
     },
-    "category": "csaf_vex",
+    "category": "csaf_security_advisory",
     "csaf_version": "2.0",
     "distribution": {
       "text": "Copyright © Red Hat, Inc. All rights reserved.",
@@ -6792,4 +6792,4 @@
       "title": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools"
     }
   ]
-}
+}