File tree Expand file tree Collapse file tree
plugins/advisors/scanoss/src Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -97,10 +97,10 @@ class ScanOssFunTest : WordSpec({
9797 vulnerability.references.find {
9898 it.url.toString() == " https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
9999 } shouldNotBeNull {
100- scoringSystem should beNull()
101- severity shouldBe " MEDIUM "
102- score should beNull()
103- vector should beNull()
100+ scoringSystem shouldBe " EPSS "
101+ severity should beNull()
102+ score shouldBe 6 .5E- 4f
103+ vector shouldBe " 0.20002 "
104104 }
105105 }
106106 }
@@ -124,10 +124,10 @@ class ScanOssFunTest : WordSpec({
124124 vulnerability.references.find {
125125 it.url.toString() == " https://nvd.nist.gov/vuln/detail/CVE-2024-48948"
126126 } shouldNotBeNull {
127- scoringSystem should beNull()
128- severity shouldBe " MEDIUM "
129- score should beNull()
130- vector should beNull()
127+ scoringSystem shouldBe " EPSS "
128+ severity should beNull()
129+ score shouldBe 0.00162f
130+ vector shouldBe " 0.3665 "
131131 }
132132 }
133133 }
Original file line number Diff line number Diff line change @@ -121,19 +121,31 @@ private fun V2Vulnerability.toOrtVulnerability(): Vulnerability? {
121121 val vulnId = id ? : cve ? : return null
122122 val infoUrl = url?.let { URI (it) } ? : return null
123123
124+ val references = cvss.mapTo(mutableListOf ()) { info ->
125+ VulnerabilityReference (
126+ url = infoUrl,
127+ scoringSystem = info.cvss?.substringBefore(' /' , " " )?.ifEmpty { null },
128+ severity = info.cvss_severity,
129+ score = info.cvss_score,
130+ vector = info.cvss
131+ )
132+ }
133+
134+ epss?.also {
135+ references + = VulnerabilityReference (
136+ url = infoUrl,
137+ scoringSystem = " EPSS" ,
138+ severity = null ,
139+ score = it.probability,
140+ vector = it.percentile?.toString()
141+ )
142+ }
143+
124144 return Vulnerability (
125145 id = vulnId,
126146 summary = summary,
127147 // TODO: Get a more detailed description.
128- references = cvss.map { info ->
129- VulnerabilityReference (
130- url = infoUrl,
131- scoringSystem = info.cvss?.substringBefore(' /' , " " )?.ifEmpty { null },
132- severity = info.cvss_severity,
133- score = info.cvss_score,
134- vector = info.cvss
135- )
136- }.ifEmpty {
148+ references = references.ifEmpty {
137149 listOf (
138150 VulnerabilityReference (
139151 url = infoUrl,
You can’t perform that action at this time.
0 commit comments