From 038e3532a4a17248c94b21320ca29c75984dd35f Mon Sep 17 00:00:00 2001
From: Oliver Weyhmueller <oliver@weyhmueller.de>
Date: Sat, 2 Dec 2023 12:35:24 +0100
Subject: [PATCH] fix: some more flaws with gitlab report format (#6193)

---
 .../main/resources/templates/gitlabReport.vsl | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/core/src/main/resources/templates/gitlabReport.vsl b/core/src/main/resources/templates/gitlabReport.vsl
index 8349d966afd..0999b114f0a 100644
--- a/core/src/main/resources/templates/gitlabReport.vsl
+++ b/core/src/main/resources/templates/gitlabReport.vsl
@@ -100,15 +100,26 @@
                         ## optional properties
                         "name": "$enc.json($vulnerability.name)",
                         "description": "$enc.json($vulnerability.description)",
-                        #set($severity = $rpt.normalizeSeverity($vulnerability.cvssV3.cvssData.baseSeverity))
+                        #if($vulnerability.unscoredSeverity)
+                            #if($vulnerability.unscoredSeverity.equals("0.0"))
+                                #set($severity = "Unknown")
+                            #else
+                                #set($severity = $rpt.normalizeSeverity($vulnerability.unscoredSeverity))
+                            #end
+                        #elseif($vulnerability.cvssV3 && $vulnerability.cvssV3.cvssData && $vulnerability.cvssV3.cvssData.baseSeverity)
+                            #set($severity = $rpt.normalizeSeverity($vulnerability.cvssV3.cvssData.baseSeverity))
+                        #elseif($vulnerability.cvssV2 && $vulnerability.cvssV2.cvssData && $vulnerability.cvssV2.cvssData.baseSeverity)
+                            #set($severity = $rpt.normalizeSeverity($vulnerability.cvssV2.cvssData.baseSeverity))
+                        #end
                         "severity": "$severity.substring(0,1).toUpperCase()$severity.substring(1)",
                         ## "solution": "" --> not implemented
                         "links": [
                             #foreach( $ref in $vulnerability.getReferences(true) )
                                 {
+                                #if($ref.name)
+                                    ## optional property
                                     "name": "$enc.json($ref.name)",
-
-                                    ## optional properties
+                                #end
                                     "url": "$enc.json($ref.url)"
                                 }
                                 #if( $foreach.hasNext ),#end
@@ -129,6 +140,7 @@
             "package_manager": "maven",
             "dependencies": [
                 #foreach( $dependency in $dependencies )
+                    #if( $dependency.name )
                     {
                         "package": {
                             "name": "$enc.json($dependency.name)"
@@ -141,6 +153,7 @@
                         ##"dependency_path": [] --> not implemented
                     }
                     #if( $foreach.hasNext ),#end
+                    #end
                 #end
             ]
             ## no optional properties