fixup! Fix: Inspector reports should link to CVEs (#6557)

DataBiosphere · Sep 21, 2024 · e2e5569 · e2e5569
1 parent b22ba9e
commit e2e5569
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/scripts/export_inspector_findings.py b/scripts/export_inspector_findings.py
@@ -178,9 +178,11 @@ def findings_sort(self, item: tuple[str, list[SummaryType]]) -> tuple[int, str]:
         if vulnerability.startswith('CVE-'):
             # Best secondary-sorting effort on CVE findings, vulnerability names
             # not prefixed with 'CVE' may reflect an inaccurate secondary order.
-            id = vulnerability.split('-')[-1]
-            padded_id = '000000'[:abs(6 - len(id))] + id
-            vulnerability = vulnerability.replace(id, padded_id)
+            id = vulnerability.rsplit('-', 1)[1]
+            id_max_length = 6
+            if len(id) > id_max_length:
+                log.warning('Vulnerability %s may not be sorted properly', vulnerability)
+            vulnerability = vulnerability.replace(id, f'{id:0>6}')
         return score, vulnerability
 
     def write_to_csv(self, findings: dict[str, list[SummaryType]]) -> None: