Skip to content

Commit

Permalink
implement suggestion from Mend engineers
Browse files Browse the repository at this point in the history
  • Loading branch information
@testaccount90009
testaccount90009 committed Dec 21, 2024
1 parent 7042699 commit 34ab714
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 55 deletions.
95 changes: 42 additions & 53 deletions dojo/tools/mend/parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@

logger = logging.getLogger(__name__)


class MendParser:

Check failure on line 11 in dojo/tools/mend/parser.py

View workflow job for this annotation

GitHub Actions / ruff-linting

Ruff (E302) 

dojo/tools/mend/parser.py:11:1: E302 Expected 2 blank lines, found 1
def get_scan_types(self):
return ["Mend Scan"]
Expand Down Expand Up @@ -41,51 +40,53 @@ def _build_common_output(node, lib_name=None):
mitigation = "N/A"
locations = []
if "component" in node:
description = (
"**Vulnerability Description**: "
+ node["vulnerability"].get("description", "No Description Available")
+ "\n\n"
+ "**Component Name**: "
+ node["component"].get("name", "")
+ "\n"
+ "**Component Type**: "
+ node["component"].get("componentType", "")
+ "\n"
+ "**Root Library**: "
+ str(node["component"].get("rootLibrary", ""))
+ "\n"
+ "**Library Type**: "
+ node["component"].get("libraryType", "")
+ "\n"
)
lib_name = node["component"].get("name")
component_name = node["component"].get("artifactId")
component_version = node["component"].get("version")
impact = (
"**Direct or Transitive Vulnerability**: "
+ node["component"].get("dependencyType", "")
+ "\n"
)
cvss3_score = node["vulnerability"].get("score", None)
component_path = node["component"].get("path", None)
if component_path:
locations.append(component_path)

if "topFix" in node:
try:
topfix_node = node.get("topFix")
mitigation = (
"**Resolution**: "
+ topfix_node.get("date", "")
# Iterate over all findingInfo nodes and process each ACTIVE status
for finding_info in node.get("findingInfo", []):
if finding_info.get("status") == "ACTIVE":
description = (
"**Vulnerability Description**: "
+ node["vulnerability"].get("description", "No Description Available")
+ "\n\n"
+ "**Component Name**: "
+ node["component"].get("name", "")
+ "\n"
+ "**Component Type**: "
+ node["component"].get("componentType", "")
+ "\n"
+ topfix_node.get("message", "")
+ "**Root Library**: "
+ str(node["component"].get("rootLibrary", ""))
+ "\n"
+ topfix_node.get("fixResolution", "")
+ "**Library Type**: "
+ node["component"].get("libraryType", "")
+ "\n"
)
except Exception:
logger.exception("Error handling topFix node.")
lib_name = node["component"].get("name")
component_name = node["component"].get("artifactId")
component_version = node["component"].get("version")
impact = (
"**Direct or Transitive Vulnerability**: "
+ node["component"].get("dependencyType", "")
+ "\n"
)
cvss3_score = node["vulnerability"].get("score", None)
component_path = node["component"].get("path", None)
if component_path:
locations.append(component_path)

if "topFix" in node:
try:
topfix_node = node.get("topFix")
mitigation = (
"**Resolution**: "
+ topfix_node.get("date", "")
+ "\n"
+ topfix_node.get("message", "")
+ "\n"
+ topfix_node.get("fixResolution", "")
+ "\n"
)
except Exception:
logger.exception("Error handling topFix node.")
elif "library" in node:
node.get("project")
description = (
Expand Down Expand Up @@ -139,18 +140,6 @@ def _build_common_output(node, lib_name=None):
)
cwe = 1035 # default OWASP a9 until the report actually has them

# comment out the below for now - working on adding this into the above conditional statements since format can be slightly different
# mitigation = "N/A"
# if "topFix" in node:
# try:
# topfix_node = node.get("topFix")
# mitigation = "**Resolution** ({}): {}\n".format(
# topfix_node.get("date"),
# topfix_node.get("fixResolution"),
# )
# except Exception:
# logger.exception("Error handling topFix node.")

filepaths = []
if "sourceFiles" in node:
try:
Expand Down
0 ...nd-sca-platform-api3-eleven-findings.json → ...-sca-platform-api3-multiple-findings.json
View file
File renamed without changes.
4 changes: 2 additions & 2 deletions unittests/tools/test_mend_parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ def test_parse_file_with_one_vuln_has_one_findings_platform(self):
self.assertEqual(3.1, finding.cvssv3_score)

def test_parse_file_with_multiple_vuln_has_multiple_finding_platform(self):
with open("unittests/scans/mend/mend-sca-platform-api3-eleven-findings.json", encoding="utf-8") as testfile:
with open("unittests/scans/mend/mend-sca-platform-api3-multiple-findings.json", encoding="utf-8") as testfile:
parser = MendParser()
findings = parser.get_findings(testfile, Test())
self.assertEqual(11, len(findings))
self.assertEqual(5, len(findings))

0 comments on commit 34ab714

Please sign in to comment.