func convertOccurrence()

in pkg/vul/convert/trivy/trivy.go [129:194]

• 53 lines of code
• 5 McCabe index (conditional complexity)

func convertOccurrence(s *utils.Source, v *gabs.Container, noteID string, packageType string) *g.Occurrence {
	cve := v.Search("VulnerabilityID").Data().(string)
	noteName := fmt.Sprintf("projects/%s/notes/%s", s.Project, noteID)

	if v.Search("CVSS", "nvd").Data() == nil {
		return nil
	}
	nvd := v.Search("CVSS", "nvd")

	// Create Occurrence
	o := g.Occurrence{
		ResourceUri: fmt.Sprintf("https://%s", s.URI),
		NoteName:    noteName,
		Details: &g.Occurrence_Vulnerability{
			Vulnerability: &g.VulnerabilityOccurrence{
				ShortDescription: cve,
				RelatedUrls: []*g.RelatedUrl{
					{
						Label: "Registry",
						Url:   s.URI,
					},
					{
						Label: "PrimaryURL",
						Url:   v.Search("PrimaryURL").Data().(string),
					},
				},
				CvssScore: utils.ToFloat32(v.Search("CVSS", "nvd", "V2Score").Data()),
				Severity:  utils.ToGrafeasSeverity(v.Search("Severity").Data().(string)),
				// TODO: What is the difference between severity and effective severity?
				EffectiveSeverity: utils.ToGrafeasSeverity(v.Search("Severity").Data().(string)),
			}},
	}

	// PackageIssues
	o.GetVulnerability().PackageIssue = append(
		o.GetVulnerability().PackageIssue,
		getBasePackageIssue(v, packageType))

	// CVSSv2
	if nvd.Search("V2Vector").Data() != nil {
		o.GetVulnerability().LongDescription = nvd.Search("V2Vector").Data().(string)
		o.GetVulnerability().CvssVersion = g.CVSSVersion_CVSS_VERSION_2
		o.GetVulnerability().CvssScore = utils.ToFloat32(nvd.Search("V2Score").Data())
	}

	// CVSSv3, will override v2 values
	if nvd.Search("V3Vector").Data() != nil {
		o.GetVulnerability().LongDescription = nvd.Search("V3Vector").Data().(string)
		o.GetVulnerability().CvssVersion = g.CVSSVersion_CVSS_VERSION_3
		o.GetVulnerability().CvssScore = utils.ToFloat32(nvd.Search("V3Score").Data())
		o.GetVulnerability().Cvssv3 = utils.ToCVSS(
			utils.ToFloat32(nvd.Search("V3Score").Data()),
			nvd.Search("V3Vector").Data().(string),
		)
	}

	// References
	for _, r := range v.Search("References").Children() {
		o.GetVulnerability().RelatedUrls = append(o.GetVulnerability().RelatedUrls, &g.RelatedUrl{
			Url:   r.Data().(string),
			Label: "Url",
		})
	}

	return &o
}