Handle case where risk invalid

agent/api_manager/osv_service_api.py

@@ -139,6 +139,10 @@ def construct_vuln(
         recommendation = (
             f"We recommend updating `{package_name}` to the latest available version."
         )
+        risk_ratings = ["CRITICAL", "HIGH", "MEDIUM", "LOW", "POTENTIALLY"]
+        if vuln.risk.upper() not in risk_ratings:
+            vuln.risk = "POTENTIALLY"
+        risk_rating = agent_report_vulnerability_mixin.RiskRating[vuln.risk.upper()]
         yield osv_output_handler.Vulnerability(
             entry=kb.Entry(
                 title=f"Use of Outdated Vulnerable Component: "
@@ -156,7 +160,7 @@ def construct_vuln(
                 recommendation=recommendation,
             ),
             technical_detail=f"{vuln.description} \n#### CVEs:\n {', '.join(vuln.cves)}",
-            risk_rating=agent_report_vulnerability_mixin.RiskRating[vuln.risk.upper()],
+            risk_rating=risk_rating,
         )
 
 

tests/conftest.py

@@ -217,3 +217,12 @@ def osv_api_output_risk_missing() -> dict[str, Any]:
     data = pathlib.Path(file_path).read_text(encoding="utf-8")
     json_data: dict[str, Any] = json.loads(data)
     return json_data
+
+
+@pytest.fixture(name="osv_api_output_risk_invalid")
+def osv_api_output_risk_invalid() -> dict[str, Any]:
+    """Read and return the OSV API output from a file as a dict."""
+    file_path = f"{pathlib.Path(__file__).parent.parent}/tests/files/osv_api_output_risk_invalid.json"
+    data = pathlib.Path(file_path).read_text(encoding="utf-8")
+    json_data: dict[str, Any] = json.loads(data)
+    return json_data