fix: prepend justification to comments

* workaround for intel#4439 I decided it was probably better to retain the 3.3 behaviour for now; we can decide if that's the right choice for future releases later. Signed-off-by: Terri Oda <terri.oda@intel.com>
terriko · Sep 13, 2024 · 79c7701 · 79c7701
1 parent 3d2aad3
commit 79c7701
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/cve_bin_tool/vex_manager/parse.py b/cve_bin_tool/vex_manager/parse.py
@@ -114,6 +114,11 @@ def __process_vulnerabilities(self, vulnerabilities) -> None:
             justification = vuln.get("justification")
             response = vuln.get("remediation")
             comments = vuln.get("comment")
+
+            # If the comment doesn't already have the justification prepended, add it
+            if comments and justification and not comments.startswith(justification):
+                comments = f"{justification}: {comments}"
+
             severity = vuln.get("severity")  # Severity is not available in Lib4VEX
             # Decode the bom reference for cyclonedx and purl for csaf and openvex
             product_info = None