Skip to content

Commit

Permalink
attempt to fix conditional logic for only getting ACTIVE findingInfo …
Browse files Browse the repository at this point in the history 
…status
  • Loading branch information
@testaccount90009
testaccount90009 committed Dec 21, 2024
1 parent d4196e9 commit 5ad78cb
Showing 1 changed file with 45 additions and 44 deletions.
89 changes: 45 additions & 44 deletions dojo/tools/mend/parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,50 +40,51 @@ def _build_common_output(node, lib_name=None):
cvss3_score = None
mitigation = "N/A"
locations = []
if "component" in node and node.get("findingInfo", {}).get("status") == "ACTIVE":
description = (
"**Vulnerability Description**: "
+ node["vulnerability"].get("description", "No Description Available")
+ "\n\n"
+ "**Component Name**: "
+ node["component"].get("name", "")
+ "\n"
+ "**Component Type**: "
+ node["component"].get("componentType", "")
+ "\n"
+ "**Root Library**: "
+ str(node["component"].get("rootLibrary", ""))
+ "\n"
+ "**Library Type**: "
+ node["component"].get("libraryType", "")
+ "\n"
)
lib_name = node["component"].get("name")
component_name = node["component"].get("artifactId")
component_version = node["component"].get("version")
impact = (
"**Direct or Transitive Vulnerability**: "
+ node["component"].get("dependencyType", "")
+ "\n"
)
cvss3_score = node["vulnerability"].get("score", None)
component_path = node["component"].get("path", None)
if component_path:
locations.append(component_path)
if "topFix" in node:
try:
topfix_node = node.get("topFix")
mitigation = (
"**Resolution**: "
+ topfix_node.get("date", "")
+ "\n"
+ topfix_node.get("message", "")
+ "\n"
+ topfix_node.get("fixResolution", "")
+ "\n"
)
except Exception:
logger.exception("Error handling topFix node.")
if "component" in node:
if node.get("findingInfo", {}).get("status") == "ACTIVE":
description = (
"**Vulnerability Description**: "
+ node["vulnerability"].get("description", "No Description Available")
+ "\n\n"
+ "**Component Name**: "
+ node["component"].get("name", "")
+ "\n"
+ "**Component Type**: "
+ node["component"].get("componentType", "")
+ "\n"
+ "**Root Library**: "
+ str(node["component"].get("rootLibrary", ""))
+ "\n"
+ "**Library Type**: "
+ node["component"].get("libraryType", "")
+ "\n"
)
lib_name = node["component"].get("name")
component_name = node["component"].get("artifactId")
component_version = node["component"].get("version")
impact = (
"**Direct or Transitive Vulnerability**: "
+ node["component"].get("dependencyType", "")
+ "\n"
)
cvss3_score = node["vulnerability"].get("score", None)
component_path = node["component"].get("path", None)
if component_path:
locations.append(component_path)
if "topFix" in node:
try:
topfix_node = node.get("topFix")
mitigation = (
"**Resolution**: "
+ topfix_node.get("date", "")
+ "\n"
+ topfix_node.get("message", "")
+ "\n"
+ topfix_node.get("fixResolution", "")
+ "\n"
)
except Exception:
logger.exception("Error handling topFix node.")
elif "library" in node:
node.get("project")
description = (
Expand Down

0 comments on commit 5ad78cb

Please sign in to comment.