Skip to content

Commit

Permalink
fix(rules): Adjust to the new vulnerability API
Browse files Browse the repository at this point in the history
See [1].

[1]: oss-review-toolkit/ort#9091

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
  • Loading branch information
sschuberth committed Sep 18, 2024
1 parent e74d2ed commit 366b3db
Showing 1 changed file with 4 additions and 8 deletions.
12 changes: 4 additions & 8 deletions evaluator.rules.kts
Original file line number Diff line number Diff line change
Expand Up @@ -1540,24 +1540,20 @@ fun RuleSet.vulnerabilityInDependencyRule() = packageRule("VULNERABILITY_IN_DEPE
}

fun RuleSet.vulnerabilityWithHighSeverityInDependencyRule() = packageRule("HIGH_SEVERITY_VULNERABILITY_IN_DEPENDENCY") {
val maxAcceptedSeverity = "5.0"
val scoreThreshold = 5.0f

require {
-isProject()
-isExcluded()
+AnyOf(
hasVulnerability(maxAcceptedSeverity, "CVSS2") { value, threshold ->
value.toFloat() >= threshold.toFloat()
},
hasVulnerability(maxAcceptedSeverity, "CVSS3") { value, threshold ->
value.toFloat() >= threshold.toFloat()
}
hasVulnerability(scoreThreshold, "CVSS2"),
hasVulnerability(scoreThreshold, "CVSS3")
)
}

error(
"The package '${pkg.metadata.id.toCoordinates()}' has a vulnerability score greater than or equal to " +
"$maxAcceptedSeverity.",
"$scoreThreshold.",
howToFixDefault()
)
}
Expand Down

0 comments on commit 366b3db

Please sign in to comment.