@@ -40,6 +40,22 @@ def get_location(data, node):
4040 def get_version (data , node ):
4141 return data ["Requires" ]["Modules" ][str (node )]["Version" ]
4242
43+ @staticmethod
44+ def get_fix_info (affected_ranges ):
45+ for r in affected_ranges :
46+ for event in r .get ("events" , []):
47+ if "fixed" in event :
48+ return True , event ["fixed" ]
49+ return False , ""
50+
51+ @staticmethod
52+ def get_introduced_version (affected_ranges ):
53+ for r in affected_ranges :
54+ for event in r .get ("events" , []):
55+ if "introduced" in event :
56+ return event ["introduced" ]
57+ return ""
58+
4359 def get_finding_trace_info (self , data , osv_id ):
4460 # Browse the findings to look for matching OSV-id. If the OSV-id is matching, extract traces.
4561 trace_info_strs = []
@@ -202,8 +218,12 @@ def get_findings(self, scan_file, test):
202218 else :
203219 title = f"{ osv_data ['id' ]} - { affected_package ['name' ]} "
204220
205- affected_version = self .get_affected_version ( data , osv_data [ "id" ] )
221+ fix_available , fix_version = self .get_fix_info ( affected_ranges )
206222
223+ affected_version = (
224+ self .get_affected_version (data , osv_data ["id" ])
225+ or self .get_introduced_version (affected_ranges )
226+ )
207227 severity = elem ["osv" ].get ("severity" , SEVERITY )
208228
209229 d = {
@@ -215,6 +235,8 @@ def get_findings(self, scan_file, test):
215235 "description" : description ,
216236 "impact" : impact ,
217237 "references" : references ,
238+ "fix_available" : fix_available ,
239+ "fix_version" : fix_version ,
218240 "file_path" : path ,
219241 "url" : db_specific_url ,
220242 "unique_id_from_tool" : osv_id ,
0 commit comments