fix: skip invalid year files

terriko · web-flow · commit 13c5b5359848 · 2025-06-25T14:07:00.000-07:00
Very lazy attempt to avoid processing invalid year files. 

Signed-off-by: Terri Oda &lt;terri.oda@intel.com&gt;
diff --git a/cve_bin_tool/data_sources/nvd_source.py b/cve_bin_tool/data_sources/nvd_source.py
@@ -5,7 +5,8 @@
 
 import asyncio
 import datetime
-import glob
+
+# import glob
 import gzip
 import hashlib
 import json
@@ -583,17 +584,20 @@ async def cache_update(
         if len(gzip_data) == 0:
             self.LOGGER.debug(f"Missing data for {filename}")
             return
-        json_data = gzip.decompress(gzip_data)
-        gotsha = hashlib.sha256(json_data).hexdigest().upper()
-        async with FileIO(filepath, "wb") as filepath_handle:
-            await filepath_handle.write(gzip_data)
-        # Raise error if there was an issue with the sha
-        if gotsha != sha:
-            # Remove the file if there was an issue
-            # exit(100)
-            filepath.unlink()
-            with ErrorHandler(mode=self.error_mode, logger=self.LOGGER):
-                raise SHAMismatch(f"{url} (have: {gotsha}, want: {sha})")
+        try:
+            json_data = gzip.decompress(gzip_data)
+            gotsha = hashlib.sha256(json_data).hexdigest().upper()
+            async with FileIO(filepath, "wb") as filepath_handle:
+                await filepath_handle.write(gzip_data)
+            # Raise error if there was an issue with the sha
+            if gotsha != sha:
+                # Remove the file if there was an issue
+                # exit(100)
+                filepath.unlink()
+                with ErrorHandler(mode=self.error_mode, logger=self.LOGGER):
+                    raise SHAMismatch(f"{url} (have: {gotsha}, want: {sha})")
+        except Exception:
+            self.LOGGER.warning(f"Invalid data in {filename}, skipping")
 
     def load_nvd_year(self, year: int) -> dict[str, str | object]:
         """
@@ -617,7 +621,9 @@ def nvd_years(self) -> list[int]:
         """
         Return the years we have NVD data for.
         """
-        return sorted(
-            int(filename.split(".")[-3].split("-")[-1])
-            for filename in glob.glob(str(Path(self.cachedir) / "nvdcve-1.1-*.json.gz"))
-        )
+        #        return sorted(
+        #            int(filename.split(".")[-3].split("-")[-1])
+        #            for filename in glob.glob(str(Path(self.cachedir) / "nvdcve-1.1-*.json.gz"))
+        #        )
+        # FIXME: temporary workaround so we don't try to load bad year data
+        return list(range(2020, 2025))
