🎉 Add fix_available information to aqua parser #12633 (#13106)

manuel-sommer · web-flow · commit 44cbfecc25e8 · 2025-09-04T14:07:55.000-05:00
diff --git a/dojo/tools/aqua/parser.py b/dojo/tools/aqua/parser.py
@@ -147,7 +147,10 @@ def get_item(self, resource, vuln, test):
         resource_name = resource.get("name", resource.get("path"))
         resource_version = resource.get("version", "No version")
         vulnerability_id = vuln.get("name", "No CVE")
-        fix_version = vuln.get("fix_version", "None")
+        fix_available = False
+        fix_version = vuln.get("fix_version", None)
+        if fix_version is not None:
+            fix_available = True
         description = vuln.get("description", "No description.") + "\n"
         if resource.get("path"):
             description += "**Path:** " + resource.get("path") + "\n"
@@ -222,6 +225,7 @@ def get_item(self, resource, vuln, test):
             component_name=resource.get("name"),
             component_version=resource.get("version"),
             impact=severity,
+            fix_available=fix_available,
         )
 
         cvss_data = parse_cvss_data(cvssv3)
@@ -244,7 +248,10 @@ def get_item_v2(self, item, test):
         severity = self.severity_of(float(item["score"]))
         description = item.get("description")
         solution = item.get("solution")
-        fix_version = item.get("fix_version")
+        fix_available = False
+        fix_version = item.get("fix_version", None)
+        if fix_version is not None:
+            fix_available = True
         if solution:
             mitigation = solution
         elif fix_version:
@@ -260,6 +267,7 @@ def get_item_v2(self, item, test):
             severity=severity,
             impact=severity,
             mitigation=mitigation,
+            fix_available=fix_available,
         )
         finding.unsaved_vulnerability_ids = [vulnerability_id]
         return finding
diff --git a/unittests/tools/test_aqua_parser.py b/unittests/tools/test_aqua_parser.py
@@ -23,6 +23,7 @@ def test_aqua_parser_has_one_finding(self):
             self.assertEqual("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", finding.cvssv3)
             self.assertEqual("musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.", finding.description)
             self.assertEqual("1.1.20-r5", finding.mitigation)
+            self.assertEqual(True, finding.fix_available)
             self.assertEqual("\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14697", finding.references)
             self.assertEqual("musl", finding.component_name)
             self.assertEqual("1.1.20-r4", finding.component_version)
@@ -55,6 +56,7 @@ def test_aqua_parser_v2_has_one_finding(self):
             self.assertEqual("Medium", finding.severity)
             self.assertEqual("CURL before 7.68.0 lacks proper input validation, which allows users to create a `FILE:` URL that can make the client access a remote file using SMB (Windows-only issue).", finding.description)
             self.assertEqual("Upgrade to curl 7.68.0", finding.mitigation)
+            self.assertEqual(True, finding.fix_available)
             self.assertEqual(1, len(finding.unsaved_vulnerability_ids))
             self.assertEqual("CVE-2019-15601", finding.unsaved_vulnerability_ids[0])
 
