dojo/importers/importer/importer.py - Change "None" string to "Info" …

…from cvss module when a CVSS vector string should evaluate to "Info" (#9453) * dojo/importers/importer/importer.py - Change "None" string to "Info" from cvss module when a CVSS vector string evaluates to "Info" * dojo/importers/importer/importer.py - Change "None" string to "Info" from cvss module when a CVSS vector string evaluates to "Info" #flake8_fix
DefectDojo · Feb 6, 2024 · 80f32bb · 80f32bb
1 parent 1c33819
commit 80f32bb
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/dojo/importers/importer/importer.py b/dojo/importers/importer/importer.py
@@ -76,7 +76,24 @@ def process_parsed_findings(self, test, parsed_findings, scan_type, user, active
 
         for item in items:
             # FIXME hack to remove when all parsers have unit tests for this attribute
-            if item.severity.lower().startswith('info') and item.severity != 'Info':
+            # Importing the cvss module via:
+            # `from cvss import CVSS3`
+            # _and_ given a CVSS vector string such as:
+            # cvss_vector_str = 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N',
+            # the following severity calculation returns the
+            # string values of, "None" instead of the expected string values
+            # of "Info":
+            # ```
+            # cvss_obj = CVSS3(cvss_vector_str)
+            # severities = cvss_obj.severities()
+            # print(severities)
+            # ('None', 'None', 'None')
+            # print(severities[0])
+            # 'None'
+            # print(type(severities[0]))
+            # <class 'str'>
+            # ```
+            if (item.severity.lower().startswith('info') or item.severity.lower() == 'none') and item.severity != 'Info':
                 item.severity = 'Info'
 
             item.numerical_severity = Finding.get_numerical_severity(item.severity)