update

manuel-sommer · manuel-sommer · commit c7ab425de940 · 2025-08-29T14:20:34.000+02:00
diff --git a/dojo/tools/anchore_grype/parser.py b/dojo/tools/anchore_grype/parser.py
@@ -122,12 +122,15 @@ def get_findings(self, file, test):
 
             finding_mitigation = None
             fix_available = False
+            fix_version = None
             if vuln_fix_versions:
                 fix_available = True
                 finding_mitigation = "Upgrade to version:"
                 if len(vuln_fix_versions) == 1:
                     finding_mitigation += f" {vuln_fix_versions[0]}"
+                    fix_version = vuln_fix_versions[0]
                 else:
+                    fix_version = ", ".join(vuln_fix_versions)
                     for fix_version in vuln_fix_versions:
                         finding_mitigation += f"\n- {fix_version}"
 
@@ -203,6 +206,7 @@ def get_findings(self, file, test):
                     nb_occurences=1,
                     file_path=file_path,
                     fix_available=fix_available,
+                    fix_version=fix_version,
                 )
                 dupes[dupe_key].unsaved_vulnerability_ids = vulnerability_ids
 
diff --git a/unittests/tools/test_anchore_grype_parser.py b/unittests/tools/test_anchore_grype_parser.py
@@ -265,7 +265,22 @@ def test_grype_issue_9618(self):
             parser = AnchoreGrypeParser()
             findings = parser.get_findings(testfile, Test())
             self.assertEqual(35, len(findings))
+
+    def test_grype_fix_not_available(self):
+        with (get_unit_tests_scans_path("anchore_grype") / "fix_not_available.json").open(encoding="utf-8") as testfile:
+            parser = AnchoreGrypeParser()
+            findings = parser.get_findings(testfile, Test())
+            self.assertEqual(1, len(findings))
+            self.assertEqual(findings[0].fix_available, False)
+            self.assertEqual(findings[0].fix_version, None)
+
+    def test_grype_fix_available(self):
+        with (get_unit_tests_scans_path("anchore_grype") / "fix_available.json").open(encoding="utf-8") as testfile:
+            parser = AnchoreGrypeParser()
+            findings = parser.get_findings(testfile, Test())
+            self.assertEqual(1, len(findings))
             self.assertEqual(findings[0].fix_available, True)
+            self.assertEqual(findings[0].fix_version, "1.2.3")
 
     def test_grype_issue_9942(self):
         with (get_unit_tests_scans_path("anchore_grype") / "issue_9942.json").open(encoding="utf-8") as testfile:
