🎉 Add fix_available information to mend #12633 (#13142)

* 🎉 Add fix_available information to mend #12633

* fix

Author: manuel-sommer

dojo/tools/mend/parser.py

@@ -77,6 +77,7 @@ def _build_common_output(node, lib_name=None):
                 ransomware_used = node.get("malicious", None)
                 known_exploited = node.get("exploitable", None)
                 component_path = node["component"].get("path", None)
+                fix_available = False
                 if component_path:
                     locations.append(component_path)
                 if "topFix" in node:
@@ -91,6 +92,7 @@ def _build_common_output(node, lib_name=None):
                             + topfix_node.get("fixResolution", "")
                             + "\n"
                         )
+                        fix_available = True
                     except Exception:
                         logger.exception("Error handling topFix node.")
             elif "library" in node:
@@ -116,17 +118,20 @@ def _build_common_output(node, lib_name=None):
                 component_name = node["library"].get("artifactId")
                 component_version = node["library"].get("version")
                 cvss3_score = node.get("cvss3_score", None)
+                fix_available = False
                 if "topFix" in node:
                     try:
                         topfix_node = node.get("topFix")
                         mitigation = "**Resolution** ({}): {}\n".format(
                             topfix_node.get("date"),
                             topfix_node.get("fixResolution"),
                         )
+                        fix_available = True
                     except Exception:
                         logger.exception("Error handling topFix node.")
             else:
                 description = node.get("description", "Unknown")
+                fix_available = False
 
             cve = node.get("name")
             title = "CVE-None | " + lib_name if cve is None else cve + " | " + lib_name
@@ -208,6 +213,7 @@ def _build_common_output(node, lib_name=None):
                 impact=impact if impact is not None else None,
                 steps_to_reproduce="**Locations Found**: " + ", ".join(locations) if locations is not None else None,
                 kev_date=kev_date if kev_date is not None else None,
+                fix_available=fix_available,
             )
             # only overwrite default values if they are not None #12989
             if known_exploited is not None:

unittests/tools/test_mend_parser.py

@@ -21,6 +21,7 @@ def test_parse_file_with_one_vuln_has_one_findings(self):
             self.assertEqual("CVE-2019-9658", finding.unsaved_vulnerability_ids[0])
             self.assertEqual("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", finding.cvssv3)
             self.assertEqual(5.3, finding.cvssv3_score)
+            self.assertEqual(True, finding.fix_available)
 
     def test_parse_file_with_multiple_vuln_has_multiple_finding(self):
         with (get_unit_tests_scans_path("mend") / "okhttp_many_vuln.json").open(encoding="utf-8") as testfile:
@@ -44,6 +45,7 @@ def test_parse_file_with_one_sca_vuln_finding(self):
             finding = list(findings)[0]
             self.assertEqual("**Locations Found**: D:\\MendRepo\\test-product\\test-project\\test-project-subcomponent\\path\\to\\the\\Java\\commons-codec-1.6_donotuse.jar", finding.steps_to_reproduce)
             self.assertEqual("WS-2019-0379 | commons-codec-1.6.jar", finding.title)
+            self.assertEqual(True, finding.fix_available)
 
     def test_parse_file_with_no_vuln_has_no_findings_platform(self):
         with (get_unit_tests_scans_path("mend") / "mend-sca-platform-api3-no-findings.json").open(encoding="utf-8") as testfile: