(fix) change in protecode for cvss from float to string (#4167)

* fixes change in protecode for cvss from float to string * Fixes protecode json files with new string format for cvss Co-authored-by: Vyacheslav Starostin <vyacheslav.starostin@sap.com>
2025-10-30 23:57:50 +02:00 · 2022-12-19 18:49:59 +01:00
parent 8f761ef15b
commit 4ae97a8a73
9 changed files with 32 additions and 30 deletions
--- a/cmd/protecodeExecuteScan_test.go
+++ b/cmd/protecodeExecuteScan_test.go
@@ -338,7 +338,7 @@ func TestExecuteProtecodeScan(t *testing.T) {
 			assert.Equal(t, 1125, influxData.protecode_data.fields.historical_vulnerabilities)
 			assert.Equal(t, 0, influxData.protecode_data.fields.triaged_vulnerabilities)
 			assert.Equal(t, 1, influxData.protecode_data.fields.excluded_vulnerabilities)
-			assert.Equal(t, 142, influxData.protecode_data.fields.major_vulnerabilities)
+			assert.Equal(t, 129, influxData.protecode_data.fields.major_vulnerabilities)
 			assert.Equal(t, 226, influxData.protecode_data.fields.vulnerabilities)
 		})
 	}
--- a/pkg/protecode/analysis.go
+++ b/pkg/protecode/analysis.go
@@ -33,7 +33,8 @@ func isSevere(vulnerability Vulnerability) bool {
 		return true
 	}
 	// CVSS v3 not set, fallback to CVSS v2
-	if cvss3 == 0 && vulnerability.Vuln.Cvss >= vulnerabilitySeverityThreshold {
+	parsedCvss, _ := strconv.ParseFloat(vulnerability.Vuln.Cvss, 64)
+	if cvss3 == 0 && parsedCvss >= vulnerabilitySeverityThreshold {
 		return true
 	}
 	return false
--- a/pkg/protecode/analysis_test.go
+++ b/pkg/protecode/analysis_test.go
@@ -14,7 +14,7 @@ func TestIsSevere(t *testing.T) {
 			Triage: []Triage{},
 			Vuln: Vuln{
 				Cve:        "Cve2",
-				Cvss:       8.0,
+				Cvss:       "8.0",
 				Cvss3Score: "7.3",
 			},
 		}
@@ -28,7 +28,7 @@ func TestIsSevere(t *testing.T) {
 			Triage: []Triage{},
 			Vuln: Vuln{
 				Cve:        "Cve2",
-				Cvss:       8.0,
+				Cvss:       "8.0",
 				Cvss3Score: "0.0",
 			},
 		}
@@ -42,7 +42,7 @@ func TestIsSevere(t *testing.T) {
 			Triage: []Triage{},
 			Vuln: Vuln{
 				Cve:        "Cve2",
-				Cvss:       4.0,
+				Cvss:       "4.0",
 				Cvss3Score: "4.0",
 			},
 		}
@@ -56,7 +56,7 @@ func TestIsSevere(t *testing.T) {
 			Triage: []Triage{},
 			Vuln: Vuln{
 				Cve:        "Cve2",
-				Cvss:       4.0,
+				Cvss:       "4.0",
 				Cvss3Score: "0.0",
 			},
 		}
@@ -70,7 +70,7 @@ func TestIsSevere(t *testing.T) {
 			Triage: []Triage{},
 			Vuln: Vuln{
 				Cve:        "Cve2",
-				Cvss:       4.0,
+				Cvss:       "4.0",
 				Cvss3Score: "",
 			},
 		}
@@ -80,13 +80,13 @@ func TestIsSevere(t *testing.T) {
 }

 func TestHasSevereVulnerabilities(t *testing.T) {
-	severeV3 := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve1", Cvss: 4.0, Cvss3Score: "8.0"}}
-	severeV2 := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve2", Cvss: 8.0, Cvss3Score: "0.0"}}
-	nonSevere1 := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve3", Cvss: 4.0, Cvss3Score: "4.0"}}
-	nonSevere2 := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve4", Cvss: 4.0, Cvss3Score: "4.0"}}
-	excluded := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve5", Cvss: 8.0, Cvss3Score: "8.0"}}
-	triaged := Vulnerability{Exact: true, Triage: []Triage{{ID: 1}}, Vuln: Vuln{Cve: "Cve6", Cvss: 8.0, Cvss3Score: "8.0"}}
-	historic := Vulnerability{Exact: false, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve7", Cvss: 8.0, Cvss3Score: "8.0"}}
+	severeV3 := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve1", Cvss: "4.0", Cvss3Score: "8.0"}}
+	severeV2 := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve2", Cvss: "8.0", Cvss3Score: "0.0"}}
+	nonSevere1 := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve3", Cvss: "4.0", Cvss3Score: "4.0"}}
+	nonSevere2 := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve4", Cvss: "4.0", Cvss3Score: "4.0"}}
+	excluded := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve5", Cvss: "8.0", Cvss3Score: "8.0"}}
+	triaged := Vulnerability{Exact: true, Triage: []Triage{{ID: 1}}, Vuln: Vuln{Cve: "Cve6", Cvss: "8.0", Cvss3Score: "8.0"}}
+	historic := Vulnerability{Exact: false, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve7", Cvss: "8.0", Cvss3Score: "8.0"}}

 	t.Run("with severe v3 vulnerabilities", func(t *testing.T) {
 		// init
--- a/pkg/protecode/protecode.go
+++ b/pkg/protecode/protecode.go
@@ -56,11 +56,11 @@ type Vulnerability struct {
 	Triage []Triage `json:"triage,omitempty"`
 }

-// Vuln holds the inforamtion about the vulnerability
+// Vuln holds the information about the vulnerability
 type Vuln struct {
-	Cve        string  `json:"cve,omitempty"`
-	Cvss       float64 `json:"cvss,omitempty"`
-	Cvss3Score string  `json:"cvss3_score,omitempty"`
+	Cve        string `json:"cve,omitempty"`
+	Cvss       string `json:"cvss,omitempty"`
+	Cvss3Score string `json:"cvss3_score,omitempty"`
 }

 // Triage holds the triaging information
@@ -289,7 +289,8 @@ func isSevereCVSS3(vulnerability Vulnerability) bool {
 func isSevereCVSS2(vulnerability Vulnerability) bool {
 	threshold := 7.0
 	cvss3, _ := strconv.ParseFloat(vulnerability.Vuln.Cvss3Score, 64)
-	return cvss3 == 0 && vulnerability.Vuln.Cvss >= threshold
+	parsedCvss, _ := strconv.ParseFloat(vulnerability.Vuln.Cvss, 64)
+	return cvss3 == 0 && parsedCvss >= threshold
 }

 // DeleteScan deletes if configured the scan on the protecode server
--- a/pkg/protecode/protecode_test.go
+++ b/pkg/protecode/protecode_test.go
@@ -49,15 +49,15 @@ func TestParseResultSuccess(t *testing.T) {
 		Status:    statusBusy,
 		Components: []Component{
 			{Vulns: []Vulnerability{
-				{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve1", Cvss: 7.2, Cvss3Score: "0.0"}},
-				{Exact: true, Triage: []Triage{{ID: 1}}, Vuln: Vuln{Cve: "Cve2", Cvss: 2.2, Cvss3Score: "2.3"}},
-				{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve2b", Cvss: 0.0, Cvss3Score: "0.0"}},
+				{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve1", Cvss: "7.2", Cvss3Score: "0.0"}},
+				{Exact: true, Triage: []Triage{{ID: 1}}, Vuln: Vuln{Cve: "Cve2", Cvss: "2.2", Cvss3Score: "2.3"}},
+				{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve2b", Cvss: "0.0", Cvss3Score: "0.0"}},
 			},
 			},
 			{Vulns: []Vulnerability{
-				{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve3", Cvss: 3.2, Cvss3Score: "7.3"}},
-				{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve4", Cvss: 8.0, Cvss3Score: "8.0"}},
-				{Exact: false, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve4b", Cvss: 8.0, Cvss3Score: "8.0"}},
+				{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve3", Cvss: "3.2", Cvss3Score: "7.3"}},
+				{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve4", Cvss: "8.0", Cvss3Score: "8.0"}},
+				{Exact: false, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve4b", Cvss: "8.0", Cvss3Score: "8.0"}},
 			},
 			},
 		},
--- a/pkg/protecode/report_test.go
+++ b/pkg/protecode/report_test.go
@@ -12,7 +12,7 @@ import (
 func TestWriteReport(t *testing.T) {
 	files := mock.FilesMock{}

-	expected := "{\"target\":\"REPORTFILENAME\",\"mandatory\":true,\"productID\":\"4711\",\"serverUrl\":\"DUMMYURL\",\"count\":\"0\",\"cvss2GreaterOrEqualSeven\":\"4\",\"cvss3GreaterOrEqualSeven\":\"3\",\"excludedVulnerabilities\":\"2\",\"triagedVulnerabilities\":\"0\",\"historicalVulnerabilities\":\"1\",\"Vulnerabilities\":[{\"cve\":\"Vulnerability\",\"cvss\":2.5,\"cvss3_score\":\"5.5\"}]}"
+	expected := "{\"target\":\"REPORTFILENAME\",\"mandatory\":true,\"productID\":\"4711\",\"serverUrl\":\"DUMMYURL\",\"count\":\"0\",\"cvss2GreaterOrEqualSeven\":\"4\",\"cvss3GreaterOrEqualSeven\":\"3\",\"excludedVulnerabilities\":\"2\",\"triagedVulnerabilities\":\"0\",\"historicalVulnerabilities\":\"1\",\"Vulnerabilities\":[{\"cve\":\"Vulnerability\",\"cvss\":\"2.5\",\"cvss3_score\":\"5.5\"}]}"

 	var parsedResult map[string]int = make(map[string]int)
 	parsedResult["historical_vulnerabilities"] = 1
@@ -21,7 +21,7 @@ func TestWriteReport(t *testing.T) {
 	parsedResult["cvss2GreaterOrEqualSeven"] = 4
 	parsedResult["vulnerabilities"] = 5

-	err := WriteReport(ReportData{ServerURL: "DUMMYURL", FailOnSevereVulnerabilities: false, ExcludeCVEs: "", Target: "REPORTFILENAME", ProductID: fmt.Sprintf("%v", 4711), Vulnerabilities: []Vuln{{"Vulnerability", 2.5, "5.5"}}}, ".", "report.json", parsedResult, &files)
+	err := WriteReport(ReportData{ServerURL: "DUMMYURL", FailOnSevereVulnerabilities: false, ExcludeCVEs: "", Target: "REPORTFILENAME", ProductID: fmt.Sprintf("%v", 4711), Vulnerabilities: []Vuln{{"Vulnerability", "2.5", "5.5"}}}, ".", "report.json", parsedResult, &files)

 	if assert.NoError(t, err) {
 		content, err := files.FileRead("report.json")
--- a/pkg/protecode/testdata/protecode_result_no_violations.json
+++ b/pkg/protecode/testdata/protecode_result_no_violations.json
--- a/pkg/protecode/testdata/protecode_result_triaging.json
+++ b/pkg/protecode/testdata/protecode_result_triaging.json
--- a/pkg/protecode/testdata/protecode_result_violations.json
+++ b/pkg/protecode/testdata/protecode_result_violations.json