fix: handle CWE name suffixed with 'noinfo'

@daviskirk suggestion Co-authored-by: Davis Kirkendall <1049817+daviskirk@users.noreply.github.com>
sonatype-nexus-community · May 25, 2023 · edfe36c · edfe36c
1 parent 7aad2e2
commit edfe36c
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/.github/CONTRIBUTORS.md b/.github/CONTRIBUTORS.md
@@ -1,3 +1,4 @@
 # Community Contributors
 
-- Jacob A. - https://github.com/jwa5426
+- Jacob A. - https://github.com/jwa5426
+- Jimmy D. - https://github.com/JimmyDore
diff --git a/jake/command/oss.py b/jake/command/oss.py
@@ -148,14 +148,20 @@ def handle_args(self) -> int:
                                     vector=oic_vulnerability.cvss_vector
                                 )
                             )
+                        cwes = None
+                        if oic_vulnerability.cwe:
+                            try:
+                                cwes = [int(oic_vulnerability.cwe[4:])]
+                            except ValueError:
+                                pass    # ignore cases where conversion to int fails
 
                         vulnerability: Vulnerability = Vulnerability(
                             bom_ref=oic_vulnerability.id,
                             id=oic_vulnerability.id,
                             source=VulnerabilitySource(
                                 name='OSS Index', url=XsUri(oic_vulnerability.reference)
                             ),
-                            cwes=[int(oic_vulnerability.cwe[4:])] if oic_vulnerability.cwe else None,
+                            cwes=cwes,
                             description=oic_vulnerability.title,
                             detail=oic_vulnerability.description,
                             ratings=ratings,