Handle zero scores from npm

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
AppThreat · Feb 25, 2024 · e4a6628 · e4a6628
1 parent 3de8883
commit e4a6628
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "appthreat-vulnerability-db"
-version = "5.6.2"
+version = "5.6.3"
 description = "AppThreat's vulnerability database and package search library with a built-in file based storage. OSV, CVE, GitHub, npm are the primary sources of vulnerabilities."
 authors = [
     {name = "Team AppThreat", email = "cloud@appthreat.com"},

diff --git a/vdb/lib/npm.py b/vdb/lib/npm.py
@@ -209,8 +209,10 @@ def to_vuln(self, v, ret_data):
             )
             cvss = v.get("cvss")
             if cvss:
-                score = cvss.get("score")
-                vectorString = cvss.get("vectorString")
+                if cvss.get("score"):
+                    score = cvss.get("score")
+                if cvss.get("vectorString"):
+                    vectorString = cvss.get("vectorString")
             exploitabilityScore = score
             metadata = v.get("metadata", {})
             if isinstance(metadata, dict) and metadata.get("exploitability"):