From 7a935fe2cda9f2f4ee4aefa20090e06d35d42e2a Mon Sep 17 00:00:00 2001 From: testaccount90009 <122134756+testaccount90009@users.noreply.github.com> Date: Fri, 20 Dec 2024 22:15:38 -0800 Subject: [PATCH] Update parser.py --- dojo/tools/mend/parser.py | 92 +++++++++++++++++++-------------------- 1 file changed, 44 insertions(+), 48 deletions(-) diff --git a/dojo/tools/mend/parser.py b/dojo/tools/mend/parser.py index f525cf3a3a..fa39f6f0cf 100644 --- a/dojo/tools/mend/parser.py +++ b/dojo/tools/mend/parser.py @@ -40,54 +40,50 @@ def _build_common_output(node, lib_name=None): cvss3_score = None mitigation = "N/A" locations = [] - if "component" in node: - # Iterate over all findingInfo nodes and process each ACTIVE status - for finding_info in node.get("findingInfo", []): - if finding_info.get("status") == "ACTIVE": - description = ( - "**Vulnerability Description**: " - + node["vulnerability"].get("description", "No Description Available") - + "\n\n" - + "**Component Name**: " - + node["component"].get("name", "") - + "\n" - + "**Component Type**: " - + node["component"].get("componentType", "") - + "\n" - + "**Root Library**: " - + str(node["component"].get("rootLibrary", "")) - + "\n" - + "**Library Type**: " - + node["component"].get("libraryType", "") - + "\n" - ) - lib_name = node["component"].get("name") - component_name = node["component"].get("artifactId") - component_version = node["component"].get("version") - impact = ( - "**Direct or Transitive Vulnerability**: " - + node["component"].get("dependencyType", "") - + "\n" - ) - cvss3_score = node["vulnerability"].get("score", None) - component_path = node["component"].get("path", None) - if component_path: - locations.append(component_path) - - if "topFix" in node: - try: - topfix_node = node.get("topFix") - mitigation = ( - "**Resolution**: " - + topfix_node.get("date", "") - + "\n" - + topfix_node.get("message", "") - + "\n" - + topfix_node.get("fixResolution", "") - + "\n" - ) - except Exception: - logger.exception("Error handling topFix node.") + if "component" in node and if finding_info.get("status") == "ACTIVE": + description = ( + "**Vulnerability Description**: " + + node["vulnerability"].get("description", "No Description Available") + + "\n\n" + + "**Component Name**: " + + node["component"].get("name", "") + + "\n" + + "**Component Type**: " + + node["component"].get("componentType", "") + + "\n" + + "**Root Library**: " + + str(node["component"].get("rootLibrary", "")) + + "\n" + + "**Library Type**: " + + node["component"].get("libraryType", "") + + "\n" + ) + lib_name = node["component"].get("name") + component_name = node["component"].get("artifactId") + component_version = node["component"].get("version") + impact = ( + "**Direct or Transitive Vulnerability**: " + + node["component"].get("dependencyType", "") + + "\n" + ) + cvss3_score = node["vulnerability"].get("score", None) + component_path = node["component"].get("path", None) + if component_path: + locations.append(component_path) + if "topFix" in node: + try: + topfix_node = node.get("topFix") + mitigation = ( + "**Resolution**: " + + topfix_node.get("date", "") + + "\n" + + topfix_node.get("message", "") + + "\n" + + topfix_node.get("fixResolution", "") + + "\n" + ) + except Exception: + logger.exception("Error handling topFix node.") elif "library" in node: node.get("project") description = (