fix(alpine): update vulnerability reference links (#426)

The old mitre website is no longer updated, so this updates the alpine
provider to refer to the updated website.

Signed-off-by: Weston Steimel <[email protected]>

src/vunnel/providers/alpine/parser.py

@@ -11,7 +11,7 @@
 import yaml
 
 from vunnel.utils import http
-from vunnel.utils.vulnerability import vulnerability_element
+from vunnel.utils.vulnerability import build_reference_links, vulnerability_element
 
 if TYPE_CHECKING:
     import requests
@@ -188,7 +188,7 @@ def _load(self):
             self.logger.exception("Failed to load alpine sec db data")
             raise
 
-    def _normalize(self, release, dbtype_data_dict):  # noqa: C901
+    def _normalize(self, release, dbtype_data_dict):  # noqa: C901, PLR0912
         """
         Normalize all the sec db entries into vulnerability payload records
         :param release:
@@ -224,29 +224,15 @@ def _normalize(self, release, dbtype_data_dict):  # noqa: C901
                                 # create a new record
                                 vuln_dict[vid] = copy.deepcopy(vulnerability_element)
                                 vuln_record = vuln_dict[vid]
+                                reference_links = build_reference_links(vid)
 
                                 # populate the static information about the new vuln record
                                 vuln_record["Vulnerability"]["Name"] = str(vid)
                                 vuln_record["Vulnerability"]["NamespaceName"] = namespace + ":" + str(release)
-                                vuln_record["Vulnerability"]["Link"] = "http://cve.mitre.org/cgi-bin/cvename.cgi?name=" + str(vid)
-                                vuln_record["Vulnerability"]["Severity"] = "Unknown"
 
-                                # lookup nvd record only when creating the vulnerability, no point looking it up every time
-                                # nvd_severity = None
-                                # try:
-                                #    nvd_severity = nvd.get_severity(
-                                #        vid
-                                #    )
-                                # except Exception:
-                                #    self.logger.exception(
-                                #        "Ignoring error processing nvdv2 record"
-                                #    )
-
-                                # use nvd severity
-                                # if nvd_severity:
-                                #    vuln_record["Vulnerability"][
-                                #        "Severity"
-                                #    ] = nvd_severity
+                                if reference_links:
+                                    vuln_record["Vulnerability"]["Link"] = reference_links[0]
+                                vuln_record["Vulnerability"]["Severity"] = "Unknown"
                             else:
                                 vuln_record = vuln_dict[vid]
 

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2018-1071.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2018-1071","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zsh","Version":"5.4.2-r1"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1071","Description":"","Metadata":{},"Name":"CVE-2018-1071","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2018-1071","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zsh","Version":"5.4.2-r1"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2018-1071","Description":"","Metadata":{},"Name":"CVE-2018-1071","CVSS":[]}}}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2018-1083.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2018-1083","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zsh","Version":"5.4.2-r1"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1083","Description":"","Metadata":{},"Name":"CVE-2018-1083","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2018-1083","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zsh","Version":"5.4.2-r1"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2018-1083","Description":"","Metadata":{},"Name":"CVE-2018-1083","CVSS":[]}}}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2018-25032.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2018-25032","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zlib","Version":"1.2.12-r0"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032","Description":"","Metadata":{},"Name":"CVE-2018-25032","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2018-25032","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zlib","Version":"1.2.12-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2018-25032","Description":"","Metadata":{},"Name":"CVE-2018-25032","CVSS":[]}}}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2019-11922.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2019-11922","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zstd","Version":"1.3.8-r0"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11922","Description":"","Metadata":{},"Name":"CVE-2019-11922","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2019-11922","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zstd","Version":"1.3.8-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2019-11922","Description":"","Metadata":{},"Name":"CVE-2019-11922","CVSS":[]}}}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2019-13132.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2019-13132","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zeromq","Version":"4.3.2-r0"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13132","Description":"","Metadata":{},"Name":"CVE-2019-13132","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2019-13132","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zeromq","Version":"4.3.2-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2019-13132","Description":"","Metadata":{},"Name":"CVE-2019-13132","CVSS":[]}}}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2019-20044.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2019-20044","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zsh","Version":"5.8-r0"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20044","Description":"","Metadata":{},"Name":"CVE-2019-20044","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2019-20044","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zsh","Version":"5.8-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2019-20044","Description":"","Metadata":{},"Name":"CVE-2019-20044","CVSS":[]}}}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2019-6250.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2019-6250","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zeromq","Version":"4.3.1-r0"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6250","Description":"","Metadata":{},"Name":"CVE-2019-6250","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2019-6250","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zeromq","Version":"4.3.1-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2019-6250","Description":"","Metadata":{},"Name":"CVE-2019-6250","CVSS":[]}}}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2019-9210.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2019-9210","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"advancecomp","Version":"2.1-r2"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9210","Description":"","Metadata":{},"Name":"CVE-2019-9210","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2019-9210","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"advancecomp","Version":"2.1-r2"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2019-9210","Description":"","Metadata":{},"Name":"CVE-2019-9210","CVSS":[]}}}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2020-14929.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2020-14929","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"alpine","Version":"2.23-r0"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14929","Description":"","Metadata":{},"Name":"CVE-2020-14929","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2020-14929","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"alpine","Version":"2.23-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2020-14929","Description":"","Metadata":{},"Name":"CVE-2020-14929","CVSS":[]}}}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2020-15166.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2020-15166","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zeromq","Version":"4.3.3-r0"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15166","Description":"","Metadata":{},"Name":"CVE-2020-15166","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2020-15166","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zeromq","Version":"4.3.3-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2020-15166","Description":"","Metadata":{},"Name":"CVE-2020-15166","CVSS":[]}}}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2021-24031.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2021-24031","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zstd","Version":"1.4.1-r0"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24031","Description":"","Metadata":{},"Name":"CVE-2021-24031","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2021-24031","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zstd","Version":"1.4.1-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2021-24031","Description":"","Metadata":{},"Name":"CVE-2021-24031","CVSS":[]}}}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2021-24032.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2021-24032","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zstd","Version":"1.4.9-r0"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24032","Description":"","Metadata":{},"Name":"CVE-2021-24032","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2021-24032","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zstd","Version":"1.4.9-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2021-24032","Description":"","Metadata":{},"Name":"CVE-2021-24032","CVSS":[]}}}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2021-38370.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2021-38370","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"alpine","Version":"2.25-r0"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38370","Description":"","Metadata":{},"Name":"CVE-2021-38370","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2021-38370","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"alpine","Version":"2.25-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2021-38370","Description":"","Metadata":{},"Name":"CVE-2021-38370","CVSS":[]}}}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2021-45444.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2021-45444","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zsh","Version":"5.8.1-r0"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45444","Description":"","Metadata":{},"Name":"CVE-2021-45444","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2021-45444","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zsh","Version":"5.8.1-r0"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2021-45444","Description":"","Metadata":{},"Name":"CVE-2021-45444","CVSS":[]}}}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2022-1271.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2022-1271","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"xz","Version":"5.2.5-r1"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271","Description":"","Metadata":{},"Name":"CVE-2022-1271","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2022-1271","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"xz","Version":"5.2.5-r1"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2022-1271","Description":"","Metadata":{},"Name":"CVE-2022-1271","CVSS":[]}}}

tests/unit/providers/alpine/test-fixtures/snapshots/3.15/cve-2022-37434.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2022-37434","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zlib","Version":"1.2.12-r2"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434","Description":"","Metadata":{},"Name":"CVE-2022-37434","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"3.15/cve-2022-37434","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"alpine:3.15","FixedIn":[{"VersionFormat":"apk","NamespaceName":"alpine:3.15","Name":"zlib","Version":"1.2.12-r2"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2022-37434","Description":"","Metadata":{},"Name":"CVE-2022-37434","CVSS":[]}}}