fixup! refactor(advisor)!: Change advisor semantics to maintain scoring vectors

sschuberth · sschuberth · commit cb36eb62eb6d · 2024-09-06T16:20:24.000+02:00
diff --git a/model/src/test/kotlin/AdvisorResultTest.kt b/model/src/test/kotlin/AdvisorResultTest.kt
@@ -286,6 +286,9 @@ private const val DEFAULT_SCORING_SYSTEM = "cvssv3.1_qr"
 /** The default severity assigned to vulnerabilities. */
 private const val DEFAULT_SEVERITY = "MODERATE"
 
+/** The default score assigned to vulnerabilities. */
+private const val DEFAULT_SCORE = 5.0
+
 /** Test package identifiers. */
 private val langId = Identifier("Maven", "org.apache.commons", "commons-lang3", "3.8")
 private val queryId = Identifier("NPM", "", "jQuery", "2.1.4")
@@ -298,12 +301,13 @@ private fun createVulnerability(
     id: String,
     uriPrefix: String = DEFAULT_URI_PREFIX,
     scoringSystem: String = DEFAULT_SCORING_SYSTEM,
-    severity: String = DEFAULT_SEVERITY
+    severity: String = DEFAULT_SEVERITY,
+    score: Double = DEFAULT_SCORE
 ): Vulnerability =
     Vulnerability(
         id = id,
         references = listOf(
-            VulnerabilityReference(URI("$uriPrefix$id"), scoringSystem, severity)
+            VulnerabilityReference(URI("$uriPrefix$id"), scoringSystem, severity, score)
         )
     )
 
diff --git a/plugins/advisors/nexus-iq/src/main/kotlin/NexusIq.kt b/plugins/advisors/nexus-iq/src/main/kotlin/NexusIq.kt
@@ -156,7 +156,7 @@ class NexusIq(override val descriptor: PluginDescriptor, private val config: Nex
         val references = mutableListOf<VulnerabilityReference>()
 
         val browseUrl = URI("${config.browseUrl}/assets/index.html#/vulnerabilities/$reference")
-        val nexusIqReference = VulnerabilityReference(browseUrl, scoringSystem(), severity = null, severity.toDouble())
+        val nexusIqReference = VulnerabilityReference(browseUrl, scoringSystem(), threatCategory, severity.toDouble())
 
         references += nexusIqReference
         url.takeIf { it != browseUrl }?.let { references += nexusIqReference.copy(url = it) }
diff --git a/plugins/advisors/oss-index/src/test/kotlin/OssIndexTest.kt b/plugins/advisors/oss-index/src/test/kotlin/OssIndexTest.kt
@@ -97,13 +97,13 @@ class OssIndexTest : WordSpec({
                                         "&utm_content=5.0"
                                 ),
                                 scoringSystem = "CVSS:3.0",
-                                severity = "MEDIUM",
+                                severity = "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                                 score = 5.5
                             ),
                             VulnerabilityReference(
                                 url = URI("https://nvd.nist.gov/vuln/detail/CVE-2020-15250"),
                                 scoringSystem = "CVSS:3.0",
-                                severity = "MEDIUM",
+                                severity = "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                                 score = 5.5
                             )
                         )
