func convertNote()

in pkg/vul/convert/snyk/snyk.go [64:122]

• 49 lines of code
• 6 McCabe index (conditional complexity)

func convertNote(s *utils.Source, v *gabs.Container) *g.Note {
	cve := v.Search("identifiers", "CVE").Index(0).Data().(string)

	// Get cvss3 details from NVD
	var cvss3 *gabs.Container
	for _, detail := range v.Search("cvssDetails").Children() {
		if utils.ToString(detail.Search("assigner").Data()) == "NVD" {
			cvss3 = detail
		}
	}
	if cvss3 == nil {
		return nil
	}

	// create note
	n := g.Note{
		ShortDescription: cve,
		LongDescription:  utils.ToString(v.Search("CVSSv3").Data()),
		RelatedUrl: []*g.RelatedUrl{
			{
				Label: "Registry",
				Url:   s.URI,
			},
		},
		Type: &g.Note_Vulnerability{
			Vulnerability: &g.VulnerabilityNote{
				CvssVersion: g.CVSSVersion_CVSS_VERSION_3,
				CvssScore:   utils.ToFloat32(cvss3.Search("cvssV3BaseScore").Data()),
				// Details in Notes are not populated since we will never see the full list
				Details: []*g.VulnerabilityNote_Detail{
					{
						AffectedCpeUri:  "N/A",
						AffectedPackage: "N/A",
					},
				},
				Severity:         utils.ToGrafeasSeverity(v.Search("nvdSeverity").Data().(string)),
				SourceUpdateTime: utils.ToGRPCTime(cvss3.Search("modificationTime").Data()),
			},
		},
	} // end note

	// CVSSv3
	if cvss3.Search("cvssV3Vector").Data() != nil {
		n.GetVulnerability().CvssV3 = utils.ToCVSSv3(
			utils.ToFloat32(cvss3.Search("cvssV3BaseScore").Data()),
			cvss3.Search("cvssV3Vector").Data().(string),
		)
	}

	// References
	for _, r := range v.Search("references").Children() {
		n.RelatedUrl = append(n.RelatedUrl, &g.RelatedUrl{
			Url:   r.Search("url").Data().(string),
			Label: r.Search("title").Data().(string),
		})
	}

	return &n
}