fix(black-duck): Gracefully handle duplicate URIs in references

Signed-off-by: Frank Viernau <[email protected]>
oss-review-toolkit · Jan 28, 2025 · 0936bc2 · 0936bc2
1 parent dd4b637
commit 0936bc2
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 57 deletions.
diff --git a/plugins/advisors/black-duck/src/funTest/assets/BDSA-2024-5272-parsed.yml b/plugins/advisors/black-duck/src/funTest/assets/BDSA-2024-5272-parsed.yml
diff --git a/plugins/advisors/black-duck/src/main/kotlin/BlackDuck.kt b/plugins/advisors/black-duck/src/main/kotlin/BlackDuck.kt
@@ -198,7 +198,7 @@ class BlackDuck(
 }
 
 internal fun VulnerabilityView.toOrtVulnerability(): Vulnerability {
-    val referenceUris = listOf(meta.href.uri(), *meta.links.map { it.href.uri() }.toTypedArray())
+    val referenceUris = setOf(meta.href.uri(), *meta.links.map { it.href.uri() }.toTypedArray())
 
     val references = referenceUris.map { uri ->
         val cvssVector = cvss3?.vector ?: cvss2?.vector

diff --git a/plugins/advisors/black-duck/src/test/assets/BDSA-2024-5272-parsed.yml b/plugins/advisors/black-duck/src/test/assets/BDSA-2024-5272-parsed.yml
@@ -44,11 +44,6 @@ references:
   severity: "MEDIUM"
   score: 4.8
   vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"
-- url: "https://gitlab.com/libtiff/libtiff/-/issues/624"
-  scoring_system: "CVSS:3.1"
-  severity: "MEDIUM"
-  score: 4.8
-  vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"
 - url: "https://gitlab.com/libtiff/libtiff/-/tags/v4.7.0rc1"
   scoring_system: "CVSS:3.1"
   severity: "MEDIUM"