From 37e5aed6424594f6efff136c7037d1e5db28ccd5 Mon Sep 17 00:00:00 2001
From: Paul Horton <phorton@sonatype.com>
Date: Wed, 15 Sep 2021 13:45:27 +0100
Subject: [PATCH] fix: correct logic for determining which Vulnerability has
 the highest CVS score

Signed-off-by: Paul Horton <phorton@sonatype.com>
---
 ossindex/model.py   | 5 +++--
 tests/test_model.py | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/ossindex/model.py b/ossindex/model.py
index 1d880f2..5b559aa 100644
--- a/ossindex/model.py
+++ b/ossindex/model.py
@@ -172,10 +172,11 @@ def get_vulnerabilities(self) -> List[Vulnerability]:
     def get_max_cvss_score(self) -> float:
         max_cvss_score = 0.0
         if self.has_known_vulnerabilities():
-            max_cvss_score = reduce(
-                lambda a, b: a.get_cvss_score() if a.get_cvss_score() > b.get_cvss_score() else b.get_cvss_score(),
+            max_scoring_vulnerability: Vulnerability = reduce(
+                lambda a, b: a if a.get_cvss_score() > b.get_cvss_score() else b,
                 self._vulnerabilities
             )
+            max_cvss_score = max_scoring_vulnerability.get_cvss_score()
         return max_cvss_score
 
     def has_known_vulnerabilities(self) -> bool:
diff --git a/tests/test_model.py b/tests/test_model.py
index afb5df7..0ac922a 100644
--- a/tests/test_model.py
+++ b/tests/test_model.py
@@ -69,5 +69,5 @@ def test_max_cvss_score_2(self):
             coordinates='test@1.0.0', description='Test', oss_index_reference_url='https://test.com',
             vulnerabilities=vulns
         )
-        self.assertEqual(len(oic.get_vulnerabilities()), 3)
-        self.assertEqual(oic.get_max_cvss_score(), 9.5)
\ No newline at end of file
+        self.assertEqual(len(oic.get_vulnerabilities()), 2)
+        self.assertEqual(oic.get_max_cvss_score(), 9.z)
\ No newline at end of file