Add two CVE IDs to the severity override list (#622)

* Add two CVE IDs to the severity override list Signed-off-by: Josh Bressers <[email protected]> * Add CVE-2023-4863 Signed-off-by: Josh Bressers <[email protected]> --------- Signed-off-by: Josh Bressers <[email protected]>
anchore · Jul 9, 2024 · e333b31 · e333b31
1 parent 8dfe39e
commit e333b31
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/src/vunnel/providers/debian/parser.py b/src/vunnel/providers/debian/parser.py
@@ -355,9 +355,10 @@ def _normalize_json(self, ns_cve_dsalist=None):  # noqa: PLR0912,PLR0915,C901
 
                             # HACK: when we can represent per-package severity or have a good mechanism
                             # for overriding upstream data, we should take this out.
-                            if vid == "CVE-2023-44487":
+                            severity_override = {"CVE-2020-35525", "CVE-2020-35527", "CVE-2023-4863", "CVE-2023-44487"}
+                            if vid in severity_override:
                                 self.logger.info(
-                                    "clearing severity on CVE-2023-44487, see https://github.com/anchore/grype-db/issues/108#issuecomment-1796301073",
+                                    f"clearing severity on {vid}, see https://github.com/anchore/grype-db/issues/108#issuecomment-1796301073",
                                 )
                                 vuln_record["Vulnerability"]["Severity"] = "Unknown"