add TODO for parsers to check/fix

Author: valentijnscholten

dojo/fixtures/dojo_testdata.json

@@ -1146,6 +1146,7 @@
     "pk": 2,
     "model": "dojo.finding",
     "fields": {
+      "cvssv3": "happy little vector",
       "last_reviewed_by": null,
       "reviewers": [],
       "static_finding": false,

dojo/tools/aqua/parser.py

@@ -170,7 +170,7 @@ def get_item(self, resource, vuln, test):
             severity_justification += "\nAqua severity classification: {}".format(vuln.get("aqua_severity_classification"))
             severity_justification += "\nAqua scoring system: {}".format(vuln.get("aqua_scoring_system"))
             if "nvd_score_v3" in vuln:
-                cvssv3 = vuln.get("nvd_vectors_v3")
+                cvssv3 = vuln.get("nvd_vectors_v3")  # TODO: VECTOR
         if "aqua_score" in vuln:
             if score is None:
                 score = vuln.get("aqua_score")
@@ -193,7 +193,7 @@ def get_item(self, resource, vuln, test):
                 )
             severity_justification += "\nNVD v3 vectors: {}".format(vuln.get("nvd_vectors_v3"))
             # Add the CVSS3 to Finding
-            cvssv3 = vuln.get("nvd_vectors_v3")
+            cvssv3 = vuln.get("nvd_vectors_v3")  # TODO: VECTOR
         if "nvd_score" in vuln:
             if score is None:
                 score = vuln.get("nvd_score")

dojo/tools/blackduck_binary_analysis/parser.py

@@ -43,7 +43,7 @@ def ingest_findings(self, sorted_findings, test):
             cwe = 1357
             title = self.format_title(i)
             description = self.format_description(i)
-            cvss_v3 = True
+            cvss_v3 = True  # TODO: VECTOR
             if str(i.cvss_vector_v3) != "":
                 cvss_vectors = "{}{}".format(
                     "CVSS:3.1/",

dojo/tools/cyberwatch_galeax/parser.py

@@ -197,7 +197,7 @@ def build_findings_for_cve(self, cve_code, c_data, test):
         description = c_data["description"]
         impact = c_data["impact"]
         references = c_data["references"]
-        cvssv3 = c_data["cvssv3"]
+        cvssv3 = c_data["cvssv3"]  # TODO: VECTOR
         cvssv3_score = c_data["cvssv3_score"]
         products = c_data["products"]
 
@@ -515,7 +515,7 @@ def parse_cvss(self, cvss_v3_vector, json_data):
         if cvss_v3_vector:
             vectors = cvss.parser.parse_cvss_from_text(cvss_v3_vector)
             if vectors and isinstance(vectors[0], CVSS3):
-                cvssv3 = vectors[0].clean_vector()
+                cvssv3 = vectors[0].clean_vector()  # TODO: VECTOR
                 cvssv3_score = vectors[0].scores()[0]
                 severity = vectors[0].severities()[0]
                 return cvssv3, cvssv3_score, severity

dojo/tools/jfrog_xray_unified/parser.py

@@ -75,7 +75,7 @@ def get_item(vulnerability, test):
             vulnerability_id = worstCve["cve"]
         if "cvss_v3_vector" in worstCve:
             cvss_v3 = worstCve["cvss_v3_vector"]
-            cvssv3 = cvss_v3
+            cvssv3 = cvss_v3  # TODO: VECTOR
         if "cvss_v2_vector" in worstCve:
             cvss_v2 = worstCve["cvss_v2_vector"]
 

dojo/tools/npm_audit_7_plus/parser.py

@@ -166,7 +166,7 @@ def get_item(item_node, tree, test):
         cwe = int(cwe.split("-")[1])
         dojo_finding.cwe = cwe
 
-    if (cvssv3 is not None) and (len(cvssv3) > 0):
+    if (cvssv3 is not None) and (len(cvssv3) > 0):  # TODO: VECTOR
         dojo_finding.cvssv3 = cvssv3
 
     return dojo_finding

dojo/tools/qualys/csv_parser.py

@@ -202,7 +202,7 @@ def build_findings_from_dict(report_findings: [dict]) -> [Finding]:
         # Clean up the CVE data appropriately
         cve_list = _clean_cve_data(cve_data)
 
-        if "CVSS3 Base" in report_finding:
+        if "CVSS3 Base" in report_finding:  # TODO: VECTOR
             cvssv3 = _extract_cvss_vectors(
                         report_finding["CVSS3 Base"], report_finding["CVSS3 Temporal"],
                     )

dojo/tools/qualys/parser.py

@@ -352,7 +352,7 @@ def parse_finding(host, tree):
         finding.is_mitigated = temp["mitigated"]
         finding.active = temp["active"]
         if temp.get("CVSS_vector") is not None:
-            finding.cvssv3 = temp.get("CVSS_vector")
+            finding.cvssv3 = temp.get("CVSS_vector")  # TODO: VECTOR
         if temp.get("CVSS_value") is not None:
             finding.cvssv3_score = temp.get("CVSS_value")
         finding.verified = True

dojo/tools/sonatype/parser.py

@@ -63,7 +63,7 @@ def get_finding(security_issue, component, test):
         finding.cwe = security_issue["cwe"]
 
     if "cvssVector" in security_issue:
-        finding.cvssv3 = security_issue["cvssVector"]
+        finding.cvssv3 = security_issue["cvssVector"]  # TODO: VECTOR
 
     if "pathnames" in component:
         finding.file_path = " ".join(component["pathnames"])[:1000]

dojo/tools/trivy/parser.py

@@ -171,7 +171,7 @@ def get_result_items(self, test, results, service_name=None, artifact_name=""):
                         if cvssclass is not None:
                             if cvssclass.get("V3Score") is not None:
                                 severity = self.convert_cvss_score(cvssclass.get("V3Score"))
-                                cvssv3 = dict(cvssclass).get("V3Vector")
+                                cvssv3 = dict(cvssclass).get("V3Vector")  # TODO: VECTOR
                             elif cvssclass.get("V2Score") is not None:
                                 severity = self.convert_cvss_score(cvssclass.get("V2Score"))
                             else: