fix(black-duck): Gracefully handle duplicate URIs in references

fviernau · fviernau · commit 1ed7010d6163 · 2025-01-28T16:38:08.000+01:00
Signed-off-by: Frank Viernau &lt;x9fviern@zeiss.com&gt;
diff --git a/plugins/advisors/black-duck/src/main/kotlin/BlackDuck.kt b/plugins/advisors/black-duck/src/main/kotlin/BlackDuck.kt
@@ -198,7 +198,7 @@ class BlackDuck(
 }
 
 internal fun VulnerabilityView.toOrtVulnerability(): Vulnerability {
-    val referenceUris = listOf(meta.href.uri(), *meta.links.map { it.href.uri() }.toTypedArray())
+    val referenceUris = setOf(meta.href.uri(), *meta.links.map { it.href.uri() }.toTypedArray())
 
     val references = referenceUris.map { uri ->
         val cvssVector = cvss3?.vector ?: cvss2?.vector
diff --git a/plugins/advisors/black-duck/src/test/assets/BDSA-2024-5272-parsed.yml b/plugins/advisors/black-duck/src/test/assets/BDSA-2024-5272-parsed.yml
@@ -44,11 +44,6 @@ references:
   severity: "MEDIUM"
   score: 4.8
   vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"
-- url: "https://gitlab.com/libtiff/libtiff/-/issues/624"
-  scoring_system: "CVSS:3.1"
-  severity: "MEDIUM"
-  score: 4.8
-  vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"
 - url: "https://gitlab.com/libtiff/libtiff/-/tags/v4.7.0rc1"
   scoring_system: "CVSS:3.1"
   severity: "MEDIUM"

Original file line number	Diff line number	Diff line change
`@@ -198,7 +198,7 @@ class BlackDuck(`
`198`	`198`	`}`
`199`	`199`
`200`	`200`	`internal fun VulnerabilityView.toOrtVulnerability(): Vulnerability {`
`201`		`- val referenceUris = listOf(meta.href.uri(), *meta.links.map { it.href.uri() }.toTypedArray())`
	`201`	`+ val referenceUris = setOf(meta.href.uri(), *meta.links.map { it.href.uri() }.toTypedArray())`
`202`	`202`
`203`	`203`	`val references = referenceUris.map { uri ->`
`204`	`204`	`val cvssVector = cvss3?.vector ?: cvss2?.vector`