fix: correct logic for determining which Vulnerability has the highes…

…t CVS score Signed-off-by: Paul Horton <phorton@sonatype.com>
sonatype-nexus-community · Sep 15, 2021 · 37e5aed · 37e5aed
1 parent 3efafa9
commit 37e5aed
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/ossindex/model.py b/ossindex/model.py
@@ -172,10 +172,11 @@ def get_vulnerabilities(self) -> List[Vulnerability]:
     def get_max_cvss_score(self) -> float:
         max_cvss_score = 0.0
         if self.has_known_vulnerabilities():
-            max_cvss_score = reduce(
-                lambda a, b: a.get_cvss_score() if a.get_cvss_score() > b.get_cvss_score() else b.get_cvss_score(),
+            max_scoring_vulnerability: Vulnerability = reduce(
+                lambda a, b: a if a.get_cvss_score() > b.get_cvss_score() else b,
                 self._vulnerabilities
             )
+            max_cvss_score = max_scoring_vulnerability.get_cvss_score()
         return max_cvss_score
 
     def has_known_vulnerabilities(self) -> bool:

diff --git a/tests/test_model.py b/tests/test_model.py
@@ -69,5 +69,5 @@ def test_max_cvss_score_2(self):
             coordinates='test@1.0.0', description='Test', oss_index_reference_url='https://test.com',
             vulnerabilities=vulns
         )
-        self.assertEqual(len(oic.get_vulnerabilities()), 3)
-        self.assertEqual(oic.get_max_cvss_score(), 9.5)
+        self.assertEqual(len(oic.get_vulnerabilities()), 2)
+        self.assertEqual(oic.get_max_cvss_score(), 9.z)