address feedback

valentijnscholten · valentijnscholten · commit 112adfecfea2 · 2025-05-29T12:51:20.000+02:00
diff --git a/docs/content/en/open_source/contributing/how-to-write-a-parser.md b/docs/content/en/open_source/contributing/how-to-write-a-parser.md
@@ -171,20 +171,22 @@ Data can have `CVSS` vectors or scores. Don't write your own CVSS score algorith
 For parser, we rely on module `cvss`. But we also have a helper method to validate the vector and extract the base score and severity from it.
 
 ```python
+from dojo.utils import parse_cvss_data
 cvss_data = parse_cvss_data("CVSS:3.0/S:C/C:H/I:H/A:N/AV:P/AC:H/PR:H/UI:R/E:H/RL:O/RC:R/CR:H/IR:X/AR:X/MAC:H/MPR:X/MUI:X/MC:L/MA:X")
 if cvss_data:
     finding.cvssv3 = cvss_data.get("vector")
     finding.cvssv3_score = cvss_data.get("score")
     finding.severity = cvss_data.get("severity")  # if your tool does generate severity
 ```
 
-If you need more manual processing, you can parse the `CVSS` vector directly.
+If you need more manual processing, you can parse the `CVSS3` vector directly.
 
 Example of use:
 
 ```python
-from dojo.utils import cvss.cvss3 import CVSS3
 import cvss.parser
+from cvss import CVSS2, CVSS3
+
 vectors = cvss.parser.parse_cvss_from_text("CVSS:3.0/S:C/C:H/I:H/A:N/AV:P/AC:H/PR:H/UI:R/E:H/RL:O/RC:R/CR:H/IR:X/AR:X/MAC:H/MPR:X/MUI:X/MC:L/MA:X")
 if len(vectors) > 0 and type(vectors[0]) is CVSS3:
     print(vectors[0].severities())  # this is the 3 severities
diff --git a/dojo/models.py b/dojo/models.py
@@ -2707,7 +2707,9 @@ def save(self, dedupe_option=True, rules_option=True, product_grading_option=Tru
 
             except Exception as ex:
                 logger.warning("Can't compute cvssv3 score for finding id %i. Invalid cvssv3 vector found: '%s'. Exception: %s.", self.id, self.cvssv3, ex)
-                # should we set self.cvssv3 to None here to avoid storing invalid vectors? it would also remove invalid vectors on existing findings...
+                # remove invalid cvssv3 vector for new findings, or should we just throw a ValidationError?
+                if self.pk is None:
+                    self.cvssv3 = None
 
         self.set_hash_code(dedupe_option)
 
diff --git a/dojo/tools/npm_audit_7_plus/parser.py b/dojo/tools/npm_audit_7_plus/parser.py
@@ -3,6 +3,7 @@
 import logging
 
 from dojo.models import Finding
+from dojo.utils import parse_cvss_data
 
 logger = logging.getLogger(__name__)
 
@@ -166,7 +167,6 @@ def get_item(item_node, tree, test):
         dojo_finding.cwe = cwe
 
     if (cvssv3 is not None) and (len(cvssv3) > 0):
-        from dojo.utils import parse_cvss_data
         cvss_data = parse_cvss_data(cvssv3)
         if cvss_data:
             dojo_finding.cvssv3 = cvss_data.get("vector")
