Fix: Invalid CVE configurations data for node schema

mbrinkhoff · greenbonebot · commit a6287f1ef94d · 2025-07-30T11:32:27.000+02:00
diff --git a/pontos/models/__init__.py b/pontos/models/__init__.py
@@ -3,6 +3,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 #
 
+import logging
 from dataclasses import dataclass
 from datetime import date, datetime, timezone
 from inspect import isclass
@@ -20,6 +21,8 @@
     "dotted_attributes",
 )
 
+logger = logging.getLogger(__name__)
+
 
 class ModelError(PontosError):
     """
@@ -149,10 +152,18 @@ def from_dict(cls, data: Dict[str, Any]):
                     model_field_cls = type_hints.get(name)
                     value = _get_value(model_field_cls, value)  # type: ignore # pylint: disable=line-too-long # noqa: E501,PLW2901
             except (ValueError, TypeError) as e:
-                raise ModelError(
-                    f"Error while creating {cls.__name__} model. Could not set "
-                    f"value for property '{name}' from '{value}'."
-                ) from e
+                # NVD data error, monitor for fixed source data
+                # and remove this fix
+                if name == "configurations" and value == [{}]:
+                    value = []  # noqa: PLW2901
+                    logger.warning(
+                        "Empty node configuration for %s", data["id"]
+                    )
+                else:
+                    raise ModelError(
+                        f"Error while creating {cls.__name__} model. Could not set "  # pylint: disable=line-too-long # noqa: E501
+                        f"value for property '{name}' from '{value}'."
+                    ) from e
 
             if name in type_hints:
                 kwargs[name] = value
diff --git a/tests/nvd/models/test_cve.py b/tests/nvd/models/test_cve.py
@@ -151,6 +151,19 @@ def test_configuration(self):
         self.assertIsNone(cpe_match.version_end_including)
         self.assertIsNone(cpe_match.version_end_excluding)
 
+    def test_configuration_node_empty_object(self):
+        # Once this is fixed from NVD side, implement a test
+        # that checks assertRaises(ModelError)
+        cve = CVE.from_dict(
+            get_cve_data(
+                {
+                    "configurations": [{}],
+                }
+            )
+        )
+
+        self.assertEqual(len(cve.configurations), 0)
+
     def test_metrics_v2(self):
         cve = CVE.from_dict(
             get_cve_data(
