Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Bottlerocket Advisories #1829

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Add Bottlerocket Advisories #1829

wants to merge 1 commit into from

Conversation

kunalsz
Copy link

@kunalsz kunalsz commented Mar 22, 2025

In reference to the issue #1828

Changes made:

  • Added Pipeline for bottlerocket

@kunalsz
Copy link
Author

kunalsz commented Mar 22, 2025

@pombredanne While running ./manage.py import bottlerocket_importer , I get the following error

ERROR 2025-03-22 14:57:51.653 Error while processing AdvisoryData(aliases=['CVE-2024-49960', 'BRSA-th6e2wrokkoq'], summary='In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount', affected_packages=[AffectedPackage(package=PackageURL(type='bottle-rocket', namespace=None, name='kernel-5.10', version=None, qualifiers={}, subpath=None), affected_version_range=<class 'NotImplementedError'>, fixed_version=SemverVersion(string='5.10.234'))], references=[Reference(reference_id='CVE-2024-49960', reference_type='', url='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49960', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='important', scoring_elements='', published_at=None)]), Reference(reference_id='BRSA-th6e2wrokkoq', reference_type='', url='https://github.com/bottlerocket-os/bottlerocket-kernel-kit/blob/develop/advisories/1.2.1/BRSA-th6e2wrokkoq.toml', severities=[VulnerabilitySeverity(system=ScoringSystem(identifier='generic_textual', name='Generic textual severity rating', url='', notes='Severity for generic scoring systems. Contains generic textual values like High, Low etc'), value='important', scoring_elements='', published_at=None)])], date_published=datetime.datetime(2025, 3, 7, 1, 0, 15, tzinfo=datetime.timezone.utc), weaknesses=[], url=None) with aliases ['CVE-2024-49960', 'BRSA-th6e2wrokkoq']: DataError('value too long for type character varying(32)\n') 
 Traceback (most recent call last):
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/models/query.py", line 916, in get_or_create
    return self.get(**kwargs), False
           ^^^^^^^^^^^^^^^^^^
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/models/query.py", line 637, in get
    raise self.model.DoesNotExist(
vulnerabilities.models.Advisory.DoesNotExist: Advisory matching query does not exist.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/backends/utils.py", line 89, in _execute
    return self.cursor.execute(sql, params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
psycopg2.errors.StringDataRightTruncation: value too long for type character varying(32)


The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/kali/Desktop/gsoc/vulnerablecode/vulnerabilities/pipes/advisory.py", line 33, in insert_advisory
    obj, _ = Advisory.objects.get_or_create(
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/models/manager.py", line 87, in manager_method
    return getattr(self.get_queryset(), name)(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/models/query.py", line 923, in get_or_create
    return self.create(**params), True
           ^^^^^^^^^^^^^^^^^^^^^
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/models/query.py", line 658, in create
    obj.save(force_insert=True, using=self.db)
  File "/home/kali/Desktop/gsoc/vulnerablecode/vulnerabilities/models.py", line 1364, in save
    super().save(*args, **kwargs)
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/models/base.py", line 814, in save
    self.save_base(
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/models/base.py", line 877, in save_base
    updated = self._save_table(
              ^^^^^^^^^^^^^^^^^
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/models/base.py", line 1020, in _save_table
    results = self._do_insert(
              ^^^^^^^^^^^^^^^^
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/models/base.py", line 1061, in _do_insert
    return manager._insert(
           ^^^^^^^^^^^^^^^^
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/models/manager.py", line 87, in manager_method
    return getattr(self.get_queryset(), name)(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/models/query.py", line 1805, in _insert
    return query.get_compiler(using=using).execute_sql(returning_fields)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/models/sql/compiler.py", line 1822, in execute_sql
    cursor.execute(sql, params)
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/backends/utils.py", line 102, in execute
    return super().execute(sql, params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/backends/utils.py", line 67, in execute
    return self._execute_with_wrappers(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/backends/utils.py", line 80, in _execute_with_wrappers
    return executor(sql, params, many, context)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/backends/utils.py", line 84, in _execute
    with self.db.wrap_database_errors:
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/utils.py", line 91, in __exit__
    raise dj_exc_value.with_traceback(traceback) from exc_value
  File "/home/kali/Desktop/gsoc/vulnerablecode/venv/lib/python3.11/site-packages/django/db/backends/utils.py", line 89, in _execute
    return self.cursor.execute(sql, params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
django.db.utils.DataError: value too long for type character varying(32)

This is similar to the error I am getting in #1825

@kunalsz kunalsz changed the title Added Bottlerocket Advisory Pipeline Add Bottlerocket Advisories Mar 26, 2025
@pombredanne
Copy link
Member

@kunalsz can you find a small reproducible test that show the root cause of the issue?

@kunalsz
Copy link
Author

kunalsz commented Apr 3, 2025

@pombredanne the issue is resolved now, this PR is in draft I am still working on it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kunalsz @pombredanne