@@ -35,7 +35,6 @@ def get_findings(self, json_output, test):
3535 for vuln in tree ["package_vulnerability_summary" ]["vulnerabilities" ][severity ]:
3636 description = "name: " + str (vuln ["name" ]) + "\n \n "
3737 description += "resourceUri: " + str (vuln ["resourceUri" ]) + "\n "
38- description += "fixAvailable: " + str (vuln ["vulnerability" ]["fixAvailable" ]) + "\n "
3938 description += "packageIssue: " + str (vuln ["vulnerability" ]["packageIssue" ]) + "\n "
4039 description += "CVE: " + str (vuln ["vulnerability" ]["shortDescription" ]) + "\n "
4140 reference = ""
@@ -45,13 +44,23 @@ def get_findings(self, json_output, test):
4544 title = vuln ["noteName" ],
4645 test = test ,
4746 description = description ,
48- severity = severity . lower (). capitalize ( ),
47+ severity = self . severity_mapper ( severity ),
4948 references = reference ,
5049 component_name = "affectedCPEUri: " + vuln ["vulnerability" ]["packageIssue" ][0 ]["affectedCpeUri" ] + " affectedPackage: " + vuln ["vulnerability" ]["packageIssue" ][0 ]["affectedPackage" ],
5150 component_version = vuln ["vulnerability" ]["packageIssue" ][0 ]["affectedVersion" ]["fullName" ],
5251 static_finding = True ,
5352 dynamic_finding = False ,
54- cvssv3_score = vuln ["vulnerability" ]["cvssScore" ],
5553 )
54+ if vuln ["vulnerability" ].get ("fixAvailable" ):
55+ finding .fix_available = vuln ["vulnerability" ].get ("fixAvailable" )
56+ if vuln ["vulnerability" ].get ("cvssScore" ):
57+ finding .cvssv3_score = vuln ["vulnerability" ].get ("cvssScore" )
5658 findings .append (finding )
5759 return findings
60+
61+ def severity_mapper (self , severity ):
62+ if severity .lower ().capitalize () in {"Critical" , "High" , "Medium" , "Low" , "Info" }:
63+ return severity .lower ().capitalize ()
64+ if severity == "Minimal" :
65+ return "Low"
66+ return "Info"
0 commit comments