From c3eea39e01d128a87065aaab6a2d264fe65bf847 Mon Sep 17 00:00:00 2001
From: Weston Steimel <weston.steimel@anchore.com>
Date: Thu, 23 Nov 2023 14:15:35 +0000
Subject: [PATCH] chore(rhel): improved handling CVSS V3 parsing

Prior to this change, every single record without a CVSS V3 score will
emit a ValueError on info log level.  This refactors so that parsing
errors will only be logged when there is some unexpected exception
encountered when constructing the `RHELCVSS3` object and that will be at
debug level rather than info.

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
---
 src/vunnel/providers/rhel/parser.py | 33 ++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 10 deletions(-)

diff --git a/src/vunnel/providers/rhel/parser.py b/src/vunnel/providers/rhel/parser.py
index d5666dff..00d26c14 100644
--- a/src/vunnel/providers/rhel/parser.py
+++ b/src/vunnel/providers/rhel/parser.py
@@ -645,6 +645,28 @@ def _parse_package_state(self, cve_id: str, fixed: list[FixedIn], content) -> li
 
         return affected + out_of_support
 
+    def _parse_cvss3(self, cvss3: dict | None) -> RHELCVSS3 | None:
+        if not cvss3:
+            return None
+
+        vector = cvss3.get("cvss3_scoring_vector", None)
+        base_score = cvss3.get("cvss3_base_score", None)
+
+        if not vector or not base_score:
+            return None
+
+        try:
+            return RHELCVSS3(
+                vector,
+                base_score,
+                cvss3.get("status", None),
+            )
+
+        except Exception:
+            self.logger.debug("unable to make cvss3, defaulting to None", exc_info=True)
+
+        return None
+
     def _parse_cve(self, cve_id, content):  # noqa: C901, PLR0912, PLR0915
         # logger.debug('Parsing {}'.format(cve_id))
 
@@ -679,16 +701,7 @@ def _parse_cve(self, cve_id, content):  # noqa: C901, PLR0912, PLR0915
             else:
                 description = ""  # leaving this empty to be compatible with some old client side logic that expects it
 
-            try:
-                cvssv3 = content.get("cvss3", {})
-                cvssv3_obj = RHELCVSS3(
-                    cvssv3.get("cvss3_scoring_vector", None),
-                    cvssv3.get("cvss3_base_score", None),
-                    cvssv3.get("status", None),
-                )
-            except Exception:
-                self.logger.info("unable to make cvss3, defaulting to None", exc_info=True)
-                cvssv3_obj = None
+            cvssv3_obj = self._parse_cvss3(content.get("cvss3", None))
 
             for item in nfins:  # process not fixed in packages first as that trumps fixes
                 if item.platform not in platform_artifacts: