From 82c015f306b5dcf854c09f640f3b09c2c9995fb1 Mon Sep 17 00:00:00 2001
From: nscuro <nscuro@protonmail.com>
Date: Sat, 20 Apr 2024 20:09:09 +0200
Subject: [PATCH] Fix labels for vulnerabilities with source `UNKNOWN`

Signed-off-by: nscuro <nscuro@protonmail.com>
---
 src/assets/scss/_custom.scss |  5 +++++
 src/shared/common.js         | 11 ++++++++---
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/assets/scss/_custom.scss b/src/assets/scss/_custom.scss
index 931cd6a21..b6803f96a 100644
--- a/src/assets/scss/_custom.scss
+++ b/src/assets/scss/_custom.scss
@@ -137,6 +137,11 @@ html {
   background-color: #EBE5A8;
   border: 1px solid #DCD167;
 }
+.label-source-unknown {
+  background-color: $severity-unassigned;
+  border: 1px solid $grey-900;
+  color: #FFFFFF;
+}
 .label-notification {
   color: #222222;
   padding: .2em .6em .3em;
diff --git a/src/shared/common.js b/src/shared/common.js
index 15bd527f2..fb294b253 100644
--- a/src/shared/common.js
+++ b/src/shared/common.js
@@ -165,11 +165,13 @@ $common.formatAnalyzerLabel = function formatAnalyzerLabel(
       break;
     case 'TRIVY_ANALYZER':
       analyzerLabel = 'Trivy';
-
-      analyzerUrl = 'https://nvd.nist.gov/vuln/detail/' + vulnId;
-      if (vulnSource === 'GITHUB') {
+      if (vulnSource === 'NVD') {
+        analyzerUrl = 'https://nvd.nist.gov/vuln/detail/' + vulnId;
+      } else if (vulnSource === 'GITHUB') {
         analyzerUrl = 'https://github.com/advisories/' + vulnId;
       }
+      // NB: Trivy can report vulnerabilities from sources that DT does
+      // not explicitly support.
       break;
   }
   if (analyzerUrl) {
@@ -228,6 +230,9 @@ $common.resolveSourceVulnInfo = function resolveSourceVulnInfo(
       sourceInfo.url =
         'https://vulndb.cyberriskanalytics.com/vulnerabilities/' + vulnId;
       break;
+    case 'UNKNOWN':
+      // Not possible to provide any additional information.
+      break;
   }
   return sourceInfo;
 };