fix: handle CWE name suffixed with 'noinfo'

sonatype-nexus-community · May 3, 2023 · 3e4dfc5 · 3e4dfc5
1 parent 7aad2e2
commit 3e4dfc5
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/.github/CONTRIBUTORS.md b/.github/CONTRIBUTORS.md
@@ -1,3 +1,4 @@
 # Community Contributors
 
-- Jacob A. - https://github.com/jwa5426
+- Jacob A. - https://github.com/jwa5426
+- Jimmy D. - https://github.com/JimmyDore
diff --git a/jake/command/oss.py b/jake/command/oss.py
@@ -148,14 +148,16 @@ def handle_args(self) -> int:
                                     vector=oic_vulnerability.cvss_vector
                                 )
                             )
-
+                        cwes = None
+                        if oic_vulnerability.cwe and oic_vulnerability.cwe != "CWE-noinfo":
+                            cwes = [int(oic_vulnerability.cwe[4:])]
                         vulnerability: Vulnerability = Vulnerability(
                             bom_ref=oic_vulnerability.id,
                             id=oic_vulnerability.id,
                             source=VulnerabilitySource(
                                 name='OSS Index', url=XsUri(oic_vulnerability.reference)
                             ),
-                            cwes=[int(oic_vulnerability.cwe[4:])] if oic_vulnerability.cwe else None,
+                            cwes=cwes,
                             description=oic_vulnerability.title,
                             detail=oic_vulnerability.description,
                             ratings=ratings,