cvss3_score might not be a float
When running curl "https://security.alpinelinux.org/branch/3.11-main/maintainer-issues" -H "Accept: application/ld+json"
, I got:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>500 Internal Server Error</title>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>
The stack trace was posted in the #alpine-devel channel:
[2022-05-05 18:15:29,513] ERROR in app: Exception on /branch/3.11-main/maintainer-issues [GET]
Traceback (most recent call last):
File "/home/python/.local/lib/python3.8/site-packages/flask/app.py", line 2070, in wsgi_app
response = self.full_dispatch_request()
File "/home/python/.local/lib/python3.8/site-packages/flask/app.py", line 1515, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/home/python/.local/lib/python3.8/site-packages/flask/app.py", line 1513, in full_dispatch_request
rv = self.dispatch_request()
File "/home/python/.local/lib/python3.8/site-packages/flask/app.py", line 1499, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
File "/home/python/.local/lib/python3.8/site-packages/flask_accept/__init__.py", line 28, in __call__
return self.accept_handlers[mimetype](*args, **kwargs)
File "/home/python/secfixes-tracker/./secfixes_tracker/views.py", line 105, in show_maintainer_issues_json_ld
return show_collection_json_ld(pkgvers)
File "/home/python/secfixes-tracker/./secfixes_tracker/views.py", line 20, in show_collection_json_ld
'items': [vuln.to_json_ld() for pkgver in pkgvers for vuln in pkgver.vulnerabilities()]
File "/home/python/secfixes-tracker/./secfixes_tracker/views.py", line 20, in <listcomp>
'items': [vuln.to_json_ld() for pkgver in pkgvers for vuln in pkgver.vulnerabilities()]
File "/home/python/secfixes-tracker/./secfixes_tracker/models.py", line 53, in to_json_ld
'score': float(self.cvss3_score),
TypeError: float() argument must be a string or a number, not 'NoneType'
which gives the error here:
https://gitlab.alpinelinux.org/ariadne/secfixes-tracker/-/blob/master/secfixes_tracker/models.py#L53
It seems that self.cvss3_score
can set to "None":
https://gitlab.alpinelinux.org/ariadne/secfixes-tracker/-/blob/master/secfixes_tracker/models.py#L25
That is what the stacktrace shows.