Skip to content

Commit

Permalink
chore(osv): Give a variable a more fitting name
Browse files Browse the repository at this point in the history
In all practical cases, OSV's "score" field holds the CVSS vector string,
so rename the variable accordingly to avoid confusion with ORT's
"severity" string.

Signed-off-by: Sebastian Schuberth <[email protected]>
  • Loading branch information
sschuberth committed Dec 5, 2024
1 parent 6ebb731 commit 254809a
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions plugins/advisors/osv/src/main/kotlin/Osv.kt
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ private fun Vulnerability.toOrtVulnerability(): org.ossreviewtoolkit.model.vulne
it.type.name to it.score
}.ifEmpty {
listOf(null to null)
}.forEach { (scoringSystem, severity) ->
}.forEach { (scoringSystem, vector) ->
references.mapNotNullTo(ortReferences) { reference ->
val url = reference.url.trim().let { if (it.startsWith("://")) "https$it" else it }

Expand All @@ -169,15 +169,15 @@ private fun Vulnerability.toOrtVulnerability(): org.ossreviewtoolkit.model.vulne
val specificSeverity = databaseSpecific?.get("severity")

val baseScore = runCatching {
CvssVector.parseVector(severity)?.baseScore?.toFloat()
CvssVector.parseVector(vector)?.baseScore?.toFloat()
}.onFailure {
logger.debug { "Unable to parse CVSS vector '$severity': ${it.collectMessages()}." }
logger.debug { "Unable to parse CVSS vector '$vector': ${it.collectMessages()}." }
}.getOrNull()

val severityRating = (specificSeverity as? JsonPrimitive)?.contentOrNull
?: VulnerabilityReference.getQualitativeRating(scoringSystem, baseScore)?.name

VulnerabilityReference(it, scoringSystem, severityRating, baseScore, severity)
VulnerabilityReference(it, scoringSystem, severityRating, baseScore, vector)
}.getOrNull()
}
}
Expand Down

0 comments on commit 254809a

Please sign in to comment.