CM-42882 - Fix SCA table printing (severity weights)

Author: MarshalX

cycode/cli/commands/scan/code_scanner.py

@@ -455,7 +455,7 @@ def create_local_scan_result(
     documents_to_scan: List[Document],
     command_scan_type: str,
     scan_type: str,
-    severity_threshold: str,
+    severity_threshold: Optional[str],
 ) -> LocalScanResult:
     document_detections = get_document_detections(scan_result, documents_to_scan)
     relevant_document_detections_list = exclude_irrelevant_document_detections(
@@ -627,7 +627,10 @@ def get_document_detections(
 
 
 def exclude_irrelevant_document_detections(
-    document_detections_list: List[DocumentDetections], scan_type: str, command_scan_type: str, severity_threshold: str
+    document_detections_list: List[DocumentDetections],
+    scan_type: str,
+    command_scan_type: str,
+    severity_threshold: Optional[str],
 ) -> List[DocumentDetections]:
     relevant_document_detections_list = []
     for document_detections in document_detections_list:
@@ -709,17 +712,18 @@ def try_get_git_remote_url(path: str) -> Optional[str]:
 
 
 def exclude_irrelevant_detections(
-    detections: List[Detection], scan_type: str, command_scan_type: str, severity_threshold: str
+    detections: List[Detection], scan_type: str, command_scan_type: str, severity_threshold: Optional[str]
 ) -> List[Detection]:
     relevant_detections = _exclude_detections_by_exclusions_configuration(detections, scan_type)
     relevant_detections = _exclude_detections_by_scan_type(relevant_detections, scan_type, command_scan_type)
-    return _exclude_detections_by_severity(relevant_detections, severity_threshold)
 
+    if severity_threshold:
+        return _exclude_detections_by_severity(relevant_detections, severity_threshold)
+
+    return relevant_detections
 
-def _exclude_detections_by_severity(detections: List[Detection], severity_threshold: str) -> List[Detection]:
-    if severity_threshold is None:
-        return detections
 
+def _exclude_detections_by_severity(detections: List[Detection], severity_threshold: str) -> List[Detection]:
     relevant_detections = []
     for detection in detections:
         severity = detection.detection_details.get('advisory_severity')

cycode/cli/commands/scan/scan_command.py

@@ -1,5 +1,5 @@
 import sys
-from typing import List
+from typing import List, Optional
 
 import click
 
@@ -117,7 +117,7 @@ def scan_command(
     client_id: str,
     show_secret: bool,
     soft_fail: bool,
-    severity_threshold: str,
+    severity_threshold: Optional[str],
     sca_scan: List[str],
     monitor: bool,
     report: bool,

cycode/cli/models.py

@@ -33,6 +33,9 @@ def __repr__(self) -> str:
         return 'document:{0}, detections:{1}'.format(self.document, self.detections)
 
 
+SEVERITY_UNKNOWN_WEIGHT = -2
+
+
 class Severity(Enum):
     INFO = -1
     LOW = 0
@@ -42,18 +45,19 @@ class Severity(Enum):
     CRITICAL = 3
 
     @staticmethod
-    def try_get_value(name: str) -> any:
+    def try_get_value(name: str) -> Optional[int]:
         name = name.upper()
         if name not in Severity.__members__:
             return None
 
         return Severity[name].value
 
     @staticmethod
-    def get_member_weight(name: str) -> any:
+    def get_member_weight(name: str) -> int:
         weight = Severity.try_get_value(name)
-        if weight is None:  # if License Compliance
-            return -2
+        if weight is None:  # unknown severity
+            return SEVERITY_UNKNOWN_WEIGHT
+
         return weight
 
 

cycode/cli/printers/tables/sca_table_printer.py

@@ -4,7 +4,7 @@
 import click
 
 from cycode.cli.consts import LICENSE_COMPLIANCE_POLICY_ID, PACKAGE_VULNERABILITY_POLICY_ID
-from cycode.cli.models import Detection, Severity
+from cycode.cli.models import SEVERITY_UNKNOWN_WEIGHT, Detection, Severity
 from cycode.cli.printers.tables.table import Table
 from cycode.cli.printers.tables.table_models import ColumnInfoBuilder, ColumnWidths
 from cycode.cli.printers.tables.table_printer_base import TablePrinterBase
@@ -73,7 +73,10 @@ def __group_by(detections: List[Detection], details_field_name: str) -> Dict[str
     @staticmethod
     def __severity_sort_key(detection: Detection) -> int:
         severity = detection.detection_details.get('advisory_severity')
-        return Severity.get_member_weight(severity)
+        if severity:
+            return Severity.get_member_weight(severity)
+
+        return SEVERITY_UNKNOWN_WEIGHT
 
     def _sort_detections_by_severity(self, detections: List[Detection]) -> List[Detection]:
         return sorted(detections, key=self.__severity_sort_key, reverse=True)