added calculation for highest vulnerability score

99493aac · Jan-Niclas Strüwer · f8674231 · 99493aac · 99493aac · 99493aac
Verified Commit 99493aac authored 1 year ago by Jan-Niclas Strüwer
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/OrtTask.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/OrtTask.kt
@@ -7,6 +7,29 @@ import kotlinx.serialization.json.*
 import java.io.IOException
 import java.nio.file.Path
+class OrtTask {
+}
+fun getHighestScore(results: Array<AdvisorResult>): Double {
+    var highestScore = 0.0
+    results.forEach { res ->
+        res.vulnerabilities?.forEach { vul ->
+            vul.references?.forEach { ref ->
+                if (ref != null) {
+                    if (ref.scoringSystem?.contains("cvss") == true) {
+                        val score = ref.severity?.toDouble() ?: 0.0
+                        if (highestScore < score) {
+                            highestScore = score
+                        }
+                    }
+                }
+            }
+        }
+    }
+    return highestScore
+}
 fun getOrtResultsFromFile(resultPath: Path): Array<AdvisorResult> {
    val resFile = resultPath.toFile()
@@ -14,6 +37,7 @@ fun getOrtResultsFromFile(resultPath: Path): Array<AdvisorResult> {
        val results = mutableListOf<AdvisorResult>()
        val resString = resFile.readText()
        val json = Json { ignoreUnknownKeys = true }
        val rawJson = json.decodeFromString<Ort>(resString)
        rawJson.advisor?.results?.advisorResults?.forEach { (key, value) ->
            if (value is JsonArray) {
@@ -26,8 +50,8 @@ fun getOrtResultsFromFile(resultPath: Path): Array<AdvisorResult> {
                            }
                            put("identifier", key)
                        }
                        val advisorResult = json.decodeFromJsonElement<AdvisorResult>(flat)
-                        println(advisorResult)
                        results.add(advisorResult)
                    }
                }

--- a/src/test/kotlin/de/fraunhofer/iem/dataprovider/ParseOrtAdvisorResult.kt
+++ b/src/test/kotlin/de/fraunhofer/iem/dataprovider/ParseOrtAdvisorResult.kt
 package de.fraunhofer.iem.dataprovider
+import de.fraunhofer.iem.dataprovider.taskManager.tasks.ort.getHighestScore
 import de.fraunhofer.iem.dataprovider.taskManager.tasks.ort.getOrtResultsFromFile
 import org.junit.jupiter.api.Test
 import java.nio.file.Paths
@@ -14,6 +15,8 @@ class ParseOrtAdvisorResult {
        assert(res[0].identifier == "first" && res[1].identifier == "second")
        assert(res[0].vulnerabilities?.get(0)?.id == "CVE-2021-45105")
        assert(res[0].vulnerabilities?.get(0)?.references?.get(0)?.severity == "6.6")
+        assert(getHighestScore(res) == 8.6)
    }

--- a/src/test/kotlin/de/fraunhofer/iem/dataprovider/ort-advisor-example-results.json
+++ b/src/test/kotlin/de/fraunhofer/iem/dataprovider/ort-advisor-example-results.json
@@ -112,7 +112,7 @@
                  {
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44832.json",
                    "scoring_system": "cvssv3",
-                    "severity": "6.6"
+                    "severity": "8.6"
                  },
                  {
                    "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf",