Merge pull request #962 from jwigert/grype-report-wo-description

Parse grype report without description
jenkinsci · Oct 19, 2023 · 98134ef · 98134ef
2 parents c05022d + a63caf7
commit 98134ef
Show file tree

Hide file tree

Showing 3 changed files with 3,704 additions and 1 deletion.
diff --git a/src/main/java/edu/hm/hafner/analysis/parser/GrypeParser.java b/src/main/java/edu/hm/hafner/analysis/parser/GrypeParser.java
@@ -49,7 +49,7 @@ private Issue getIssue(final IssueBuilder issueBuilder, final JSONObject match)
                 .setCategory(vuln.getString(SEVERITY_TAG))
                 .setSeverity(Severity.guessFromString(vuln.getString(SEVERITY_TAG)))
                 .setType(vuln.getString(ID_TAG))
-                .setMessage(vuln.getString(DESCRIPTION_TAG))
+                .setMessage(vuln.optString(DESCRIPTION_TAG, "Unknown"))
                 .setOriginName("Grype")
                 .setPathName(fileName)
                 .setDescription(p().with(a()

diff --git a/src/test/java/edu/hm/hafner/analysis/parser/GrypeParserTest.java b/src/test/java/edu/hm/hafner/analysis/parser/GrypeParserTest.java
@@ -5,6 +5,7 @@
 import edu.hm.hafner.analysis.Report;
 import edu.hm.hafner.analysis.Severity;
 import edu.hm.hafner.analysis.assertions.SoftAssertions;
+import org.junit.jupiter.api.Test;
 import static j2html.TagCreator.a;
 import static j2html.TagCreator.p;
 
@@ -40,6 +41,34 @@ protected void assertThatIssuesArePresent(final Report report, final SoftAsserti
                         .withText("https://nvd.nist.gov/vuln/detail/CVE-2016-8745")).render());
     }
 
+    @Test
+    void assertThatVulnerabilityWithoutDescriptionCanBeParsed() {
+        var report = parse("grype-report-wo-description.json");
+
+        try (var softly = new SoftAssertions()) {
+            softly.assertThat(report).hasSize(20).hasDuplicatesSize(13);
+            softly.assertThat(report.get(0))
+                    .hasFileName("/usr/local/bin/environment-to-ini")
+                    .hasSeverity(Severity.ERROR)
+                    .hasCategory("Critical")
+                    .hasType("GHSA-pg38-r834-g45j")
+                    .hasMessage("Improper Privilege Management in Gitea")
+                    .hasDescription(p().with(a()
+                            .withHref("https://github.com/advisories/GHSA-pg38-r834-g45j")
+                            .withText("https://github.com/advisories/GHSA-pg38-r834-g45j")).render());
+
+            softly.assertThat(report.get(13))
+                    .hasFileName("/lib/apk/db/installed")
+                    .hasSeverity(Severity.WARNING_HIGH)
+                    .hasCategory("High")
+                    .hasType("CVE-2023-38039")
+                    .hasMessage("Unknown")
+                    .hasDescription(p().with(a()
+                            .withHref("http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38039")
+                            .withText("http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38039")).render());
+        }
+    }
+
     @Override
     protected IssueParser createParser() {
         return new GrypeParser();