fix snyk score

mchmarny · Apr 3, 2023 · 56fdc73 · 56fdc73
1 parent 032d8eb
commit 56fdc73
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 2 deletions.
diff --git a/.version b/.version
@@ -1 +1 @@
-v0.3.7
+v0.3.8
diff --git a/internal/converter/snyk/snyk.go b/internal/converter/snyk/snyk.go
@@ -45,9 +45,13 @@ func mapVulnerability(v *gabs.Container) *data.Vulnerability {
 		Package:  parser.ToString(v.Search("name").Data()),
 		Version:  parser.ToString(v.Search("version").Data()),
 		Severity: strings.ToLower(parser.ToString(v.Search("severity").Data())),
-		Score:    parser.ToFloat32(c.Search("cvssScore").Data()),
+		Score:    parser.ToFloat32(v.Search("cvssScore").Data()),
 		IsFixed:  parser.ToBool(v.Search("isUpgradable").Data()),
 	}
 
+	if item.Score == 0 {
+		item.Score = parser.ToFloat32(c.Search("baseScore").Data())
+	}
+
 	return item
 }
diff --git a/internal/converter/snyk/snyk_test.go b/internal/converter/snyk/snyk_test.go
@@ -15,11 +15,16 @@ func TestSnykConverter(t *testing.T) {
 	assert.NotNil(t, list)
 	assert.Greater(t, len(list), 0)
 
+	noScoreCounter := 0
 	for _, v := range list {
 		assert.NotEmpty(t, v.ID)
 		assert.NotEmpty(t, v.Package, v.ID)
 		assert.NotEmpty(t, v.Severity, v.ID)
 		assert.NotEmpty(t, v.Version, v.ID)
 		assert.GreaterOrEqual(t, v.Score, float32(0), v.ID) // some matches won't have score
+		if v.Score == 0 {
+			noScoreCounter++
+		}
 	}
+	assert.NotEqual(t, noScoreCounter, len(list))
 }