Skip to content

Commit bc177ab

Browse files
valentijnscholtenvalentijnscholten
authored
twistlock json: safely get fields (#12701)
1 parent f17ed8f commit bc177ab

File tree

3 files changed

+12
-13
lines changed

3 files changed

+12
-13
lines changed

dojo/tools/twistlock/parser.py

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -149,31 +149,31 @@ def get_item(vulnerability, test):
149149

150150
# create the finding object
151151
finding = Finding(
152-
title=vulnerability["id"]
152+
title=vulnerability.get("id", "Unknown Vulnerability")
153153
+ ": "
154-
+ vulnerability["packageName"]
154+
+ vulnerability.get("packageName", "Unknown Package")
155155
+ " - "
156-
+ vulnerability["packageVersion"],
156+
+ str(vulnerability.get("packageVersion", "")),
157157
test=test,
158158
severity=severity,
159-
description=vulnerability["description"]
159+
description=vulnerability.get("description", "")
160160
+ "<p> Vulnerable Package: "
161-
+ vulnerability["packageName"]
161+
+ vulnerability.get("packageName", "")
162162
+ "</p><p> Current Version: "
163-
+ str(vulnerability["packageVersion"])
163+
+ str(vulnerability.get("packageVersion", ""))
164164
+ "</p>",
165-
mitigation=status.title(),
165+
mitigation=status.title() if isinstance(status, str) else "",
166166
references=vulnerability.get("link"),
167-
component_name=vulnerability["packageName"],
168-
component_version=vulnerability["packageVersion"],
167+
component_name=vulnerability.get("packageName", ""),
168+
component_version=vulnerability.get("packageVersion", ""),
169169
false_p=False,
170170
duplicate=False,
171171
out_of_scope=False,
172172
mitigated=None,
173173
severity_justification=f"{vector} (CVSS v3 base score: {cvss})\n\n{riskFactors}",
174174
impact=severity,
175175
)
176-
finding.unsaved_vulnerability_ids = [vulnerability["id"]]
176+
finding.unsaved_vulnerability_ids = [vulnerability["id"]] if "id" in vulnerability else None
177177
finding.description = finding.description.strip()
178178

179179
return finding

unittests/scans/twistlock/one_vuln_no_link.json renamed to unittests/scans/twistlock/one_vuln_no_link_no_description.json

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,6 @@
2121
{
2222
"id": "PRISMA-2021-0013",
2323
"status": "fixed in 1.1.1",
24-
"description": "marked package prior to 1.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS). The regex within src/rules.js file have multiple unused capture groups which could lead to a denial of service attack if user input is reachable. Origin: https://github.com/markedjs/marked/commit/bd4f8c464befad2b304d51e33e89e567326e62e0",
2524
"severity": "medium",
2625
"packageName": "marked",
2726
"packageVersion": "0.3.9",

unittests/tools/test_twistlock_parser.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,8 @@ def test_parse_file_with_one_vuln(self):
2020
self.assertEqual(1, len(findings[0].unsaved_vulnerability_ids))
2121
self.assertEqual("CVE-2013-7459", findings[0].unsaved_vulnerability_ids[0])
2222

23-
def test_parse_file_with_no_link(self):
24-
testfile = (get_unit_tests_scans_path("twistlock") / "one_vuln_no_link.json").open(encoding="utf-8")
23+
def test_parse_file_with_no_link_no_description(self):
24+
testfile = (get_unit_tests_scans_path("twistlock") / "one_vuln_no_link_no_description.json").open(encoding="utf-8")
2525
parser = TwistlockParser()
2626
findings = parser.get_findings(testfile, Test())
2727
testfile.close()

0 commit comments

Comments
 (0)