From 34c9ed032ad37192e219b095925dbe1a55d22fe2 Mon Sep 17 00:00:00 2001
From: Manuel Sommer <sommermanuel@gmx.de>
Date: Wed, 27 Mar 2024 14:48:27 +0100
Subject: [PATCH] osv_scanner: migrate from cve to unsaved_vulnerability_ids

---
 dojo/tools/osv_scanner/parser.py           | 6 ++++--
 unittests/tools/test_osv_scanner_parser.py | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/dojo/tools/osv_scanner/parser.py b/dojo/tools/osv_scanner/parser.py
index 4d6fff7ab43..52830a43304 100644
--- a/dojo/tools/osv_scanner/parser.py
+++ b/dojo/tools/osv_scanner/parser.py
@@ -37,7 +37,7 @@ def get_findings(self, file, test):
                 package_version = package["package"]["version"]
                 package_ecosystem = package["package"]["ecosystem"]
                 for vulnerability in package["vulnerabilities"]:
-                    vulnerabilityid = vulnerability["id"]
+                    vulnerabilityid = vulnerability.get("id", "")
                     vulnerabilitysummary = vulnerability.get("summary", "")
                     vulnerabilitydetails = vulnerability["details"]
                     vulnerabilitypackagepurl = vulnerability["affected"][0].get("package", "")
@@ -65,9 +65,11 @@ def get_findings(self, file, test):
                         component_name=package_name,
                         component_version=package_version,
                         cwe=cwe,
-                        cve=vulnerabilityid,
                         file_path=source_path,
                         references=reference,
                     )
+                    if vulnerabilityid != "":
+                        finding.unsaved_vulnerability_ids = list()
+                        finding.unsaved_vulnerability_ids.append(vulnerabilityid)
                     findings.append(finding)
         return findings
diff --git a/unittests/tools/test_osv_scanner_parser.py b/unittests/tools/test_osv_scanner_parser.py
index af7dac0050e..bde834cc17e 100644
--- a/unittests/tools/test_osv_scanner_parser.py
+++ b/unittests/tools/test_osv_scanner_parser.py
@@ -19,7 +19,8 @@ def test_some_findings(self):
             finding = findings[0]
             self.assertEqual(finding.cwe, "CWE-506")
             self.assertEqual(finding.title, "MAL-2023-1035_flot-axis")
-            self.assertEqual(finding.cve, "MAL-2023-1035")
+            self.assertEqual(finding.cve, None)
+            self.assertEqual(finding.unsaved_vulnerability_ids[0], "MAL-2023-1035")
             self.assertEqual(finding.severity, "Low")
 
     def test_many_findings(self):
@@ -29,7 +30,8 @@ def test_many_findings(self):
             self.assertEqual(66, len(findings))
             finding = findings[0]
             self.assertEqual(finding.title, "GHSA-25mq-v84q-4j7r_guzzlehttp/guzzle")
-            self.assertEqual(finding.cve, "GHSA-25mq-v84q-4j7r")
+            self.assertEqual(finding.cve, None)
+            self.assertEqual(finding.unsaved_vulnerability_ids[0], "GHSA-25mq-v84q-4j7r")
             self.assertEqual(finding.severity, "High")
             finding = findings[3]
             self.assertEqual(finding.static_finding, True)