Fix issue #1302 (#1303)

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
aboutcode-org · Sep 18, 2023 · ee60902 · ee60902
1 parent 4e46cc3
commit ee60902
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 17 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -8,6 +8,7 @@ Next Release
 - We fixed a text-overflow issue in the Essentials tab of the Vulnerability details template.
 - We added clickable links to the Essentials tab of the Vulnerability details template that enable
   the user to navigate to the Fixed by packages tab and the Affected packages tab.
+- We fixed severity range issue for handling unknown scores.
 
 
 Version v33.4.0

diff --git a/vulnerabilities/tests/test_utils.py b/vulnerabilities/tests/test_utils.py
@@ -15,6 +15,7 @@
 from vulnerabilities.package_managers import PackageVersion
 from vulnerabilities.utils import AffectedPackage
 from vulnerabilities.utils import get_item
+from vulnerabilities.utils import get_severity_range
 from vulnerabilities.utils import nearest_patched_package
 from vulnerabilities.utils import resolve_version_range
 from vulnerabilities.utils import split_markdown_front_matter
@@ -145,3 +146,8 @@ def test_resolve_version_range_without_ignorable_versions():
             "10.0.0",
         ],
     )
+
+
+def test_get_severity_range():
+    assert get_severity_range({""}) is None
+    assert get_severity_range({}) is None
diff --git a/vulnerabilities/utils.py b/vulnerabilities/utils.py
@@ -512,20 +512,29 @@ def get_severity_range(severity_list):
     '0.1 - 6.9'
     >>> get_severity_range({'9.5','critical'})
     '9.0 - 10.0'
-    """
-    if len(severity_list) > 1:
-        score_map = {
-            "low": [0.1, 3],
-            "moderate": [4.0, 6.9],
-            "medium": [4.0, 6.9],
-            "high": [7.0, 8.9],
-            "critical": [9.0, 10.0],
-        }
-
-        score_list = []
-        for score in severity_list:
-            try:
-                score_list.append(float(score))
-            except ValueError:
-                score_list.extend(score_map[score.lower()])
-        return f"{min(score_list)} - {max(score_list)}"
+    >>> get_severity_range({'9.5','critical','unknown'})
+    '9.0 - 10.0'
+    >>> get_severity_range({})
+    """
+    if len(severity_list) < 1:
+        return
+    score_map = {
+        "low": [0.1, 3],
+        "moderate": [4.0, 6.9],
+        "medium": [4.0, 6.9],
+        "high": [7.0, 8.9],
+        "important": [7.0, 8.9],
+        "critical": [9.0, 10.0],
+    }
+
+    score_list = []
+    for score in severity_list:
+        try:
+            score_list.append(float(score))
+        except ValueError:
+            score_range = score_map.get(score.lower()) or []
+            if score_range:
+                score_list.extend(score_range)
+    if not score_list:
+        return
+    return f"{min(score_list)} - {max(score_list)}"