Correct CVSS calculation by accessing findings key properly #2511
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixed an issue where the average CVSS score calculation was incorrect due to improper access to the findings key within the JSON structure. The calculation logic was bypassing the findings key and therefore failing to extract valid CVSS scores.
|
Thanks for the PR, I will review this and get back. |
There was a problem hiding this comment.
Pull Request Overview
This pull request fixes the bug in the average CVSS score calculation by ensuring the correct extraction of the CVSS scores from the JSON structure.
- Modified the CVSS calculation by passing the 'findings' key from code_analysis to get_avg_cvss
- Updated both dynamic context functions (for APK and source code analysis) to reflect the fix
|
|
||
| def generate_dynamic_context(request, app_dic, checksum, context, api): | ||
| """Generate Dynamic Context.""" | ||
| context['appsec'] = get_android_dashboard(context, True) |
There was a problem hiding this comment.
The updated call correctly accesses the 'findings' key to retrieve the necessary CVSS scores. Consider adding a brief inline comment to document the expected JSON structure for future maintenance.
Suggested change
| context['appsec'] = get_android_dashboard(context, True) | |
| context['appsec'] = get_android_dashboard(context, True) | |
| # The 'code_analysis' key in the context is expected to contain a 'findings' key, | |
| # which holds a list of CVSS scores used to calculate the average CVSS. |
Copilot uses AI. Check for mistakes.
Comment on lines
+368
to
369
| context['average_cvss'] = get_avg_cvss(context['code_analysis']['findings']) | ||
| template = 'static_analysis/android_source_analysis.html' |
There was a problem hiding this comment.
This change properly extracts the CVSS scores from the 'findings' key. A short inline note explaining why the 'findings' key is used could aid future maintainers.
Suggested change
| context['average_cvss'] = get_avg_cvss(context['code_analysis']['findings']) | |
| template = 'static_analysis/android_source_analysis.html' | |
| # The 'findings' key in 'context['code_analysis']' contains the results of the code analysis, | |
| # including CVSS scores. It is used here to calculate the average CVSS score. | |
| findings = context['code_analysis'].get('findings', None) | |
| context['average_cvss'] = get_avg_cvss(findings) if findings else None |
Copilot uses AI. Check for mistakes.
ajinabraham
approved these changes
Apr 24, 2025
J1-MI
pushed a commit
to J1-MI/OMT_Semi_project2_MobSF
that referenced
this pull request
Sep 9, 2025
Fixed an issue where the average CVSS score calculation was incorrect due to improper access to the findings key within the JSON structure. The calculation logic was bypassing the findings key and therefore failing to extract valid CVSS scores. Co-authored-by: Ajin Abraham <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixed an issue where the average CVSS score calculation was incorrect due to improper access to the findings key within the JSON structure. The calculation logic was bypassing the findings key and therefore failing to extract valid CVSS scores.
Describe the Pull Request
Checklist for PR
tox -e lint,testStaticAnalyzer/tests.py)Additional Comments (if any)