Fix join for locations and steps_to_reproduce

DefectDojo · Dec 11, 2024 · d4ac0e2 · d4ac0e2
1 parent ff0725c
commit d4ac0e2
Showing 1 changed file with 8 additions and 11 deletions.
diff --git a/dojo/tools/mend/parser.py b/dojo/tools/mend/parser.py
@@ -70,6 +70,7 @@ def _build_common_output(node, lib_name=None):
                 component_path = node["component"].get("path", None)
                 if component_path:
                     locations.append(component_path)
+                steps_to_reproduce = locations
 
                 if "topFix" in node:
                     try:
@@ -173,16 +174,12 @@ def _build_common_output(node, lib_name=None):
                     logger.exception(
                         "Error handling local paths for vulnerability.",
                     )
-            if locations:
-                if len(", ".join(locations)) > 3999:
-                    locations = [loc[:3999] for loc in locations]
-                    locations_str = ", ".join(locations)[:3999]
-                else:
-                    locations_str = ", ".join(locations)
-
-                steps_to_reproduce = "**Locations Found**: " + locations_str
+            if locations and len(", ".join(locations)) > 3999:
+                locations = [loc[:3999] for loc in locations]
+                locations = ", ".join(locations)[:3999]
+                steps_to_reproduce = "**Locations Found**: " + locations if locations is not None else None
             else:
-                steps_to_reproduce = None
+                steps_to_reproduce = ", ".join(locations)
 
             filepaths = filepaths
 
@@ -201,7 +198,7 @@ def _build_common_output(node, lib_name=None):
                 cvssv3=cvss3_vector,
                 cvssv3_score=float(cvss3_score) if cvss3_score is not None else None,
                 impact=impact,
-                steps_to_reproduce=steps_to_reproduce,
+                steps_to_reproduce=steps_to_reproduce if steps_to_reproduce is not None else None
             )
             if cve:
                 new_finding.unsaved_vulnerability_ids = [cve]
@@ -266,4 +263,4 @@ def create_finding_key(f: Finding) -> str:
             if dupe_key not in dupes:
                 dupes[dupe_key] = finding
 
-        return list(dupes.values())
+        return list(dupes.values())