fix harbor according to issue #9014 (#9016)

dojo/tools/harbor_vulnerability/parser.py

@@ -27,14 +27,18 @@ def get_findings(self, filename, test):
         # When doing dictionary, we can detect duplications
         dupes = dict()
 
+        try:
+            vulnerability = data["vulnerabilities"]  # json output of https://pypi.org/project/harborapi/
+        except (KeyError):
+            pass
         # To be compatible with update in version
         try:
             vulnerability = data[next(iter(data.keys()))]["vulnerabilities"]
-        except (KeyError, StopIteration):
-            return list()
+        except (KeyError, StopIteration, TypeError):
+            pass
 
         # Early exit if empty
-        if vulnerability is None:
+        if 'vulnerability' not in locals() or vulnerability is None:
             return list()
 
         for item in vulnerability:

unittests/scans/harbor_vulnerability/harborapipip.json

@@ -0,0 +1,86 @@
+{
+  "generated_at": "2023-11-16T00:14:12.726598+00:00",
+  "artifact": null,
+  "scanner": {
+    "name": "Trivy",
+    "vendor": "Aqua Security",
+    "version": "v0.44.0"
+  },
+  "severity": "High",
+  "vulnerabilities": [
+    {
+      "id": "CVE-1999-123",
+      "package": "libs",
+      "version": "1.2.3.4.5.6",
+      "fix_version": "",
+      "severity": "Medium",
+      "description": "out-of-bounds write to the ram",
+      "links": [
+        "https://avd.aquasec.com/nvd/cve-1999-123"
+      ],
+      "preferred_cvss": {
+        "score_v3": 9.8,
+        "score_v2": null,
+        "vector_v3": "",
+        "vector_v2": ""
+      },
+      "cwe_ids": [
+        "CWE-787"
+      ],
+      "vendor_attributes": {
+        "CVSS": {
+          "nvd": {
+            "V2Score": 7.5,
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V3Score": 9.8,
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+          },
+          "redhat": {
+            "V3Score": 4,
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+          }
+        }
+      },
+      "artifact_digests": [
+        "sha256:1829318312389123819231839"
+      ]
+    },
+    {
+      "id": "CVE-1999-1234",
+      "package": "asdf",
+      "version": "1.2.3.4.5",
+      "fix_version": "",
+      "severity": "High",
+      "description": "Lorem ipsum.",
+      "links": [
+        "https://avd.aquasec.com/nvd/cve-1999-1234"
+      ],
+      "preferred_cvss": {
+        "score_v3": 7.5,
+        "score_v2": null,
+        "vector_v3": "",
+        "vector_v2": ""
+      },
+      "cwe_ids": [
+        "CWE-190"
+      ],
+      "vendor_attributes": {
+        "CVSS": {
+          "nvd": {
+            "V2Score": 5,
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V3Score": 7.5,
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+          },
+          "redhat": {
+            "V3Score": 6.2,
+            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+          }
+        }
+      },
+      "artifact_digests": [
+        "sha256:3db2f7b39ef243df9640a3844c95e5cd403447a0dcf8cb4f1cbb5e034971b29b"
+      ]
+    }
+  ]
+}

unittests/tools/test_harbor_vulnerability_parser.py

@@ -54,3 +54,14 @@ def test_parse_file_with_multiple_vuln_has_multiple_trivy_findings(self):
         finding = findings[0]
         self.assertEqual(finding.severity, 'High')
         self.assertEqual(finding.cwe, '125')
+
+    # Sample with harborapi pip
+    def test_parse_file_with_multiple_vuln_has_harborapi_pip_package(self):
+        testfile = open("unittests/scans/harbor_vulnerability/harborapipip.json")
+        parser = HarborVulnerabilityParser()
+        findings = parser.get_findings(testfile, Test())
+        self.assertEqual(2, len(findings))
+
+        finding = findings[0]
+        self.assertEqual(finding.severity, 'Medium')
+        self.assertEqual(finding.cwe, '787')