Add detected_versions for OSV Scanners SARIF

lib/salus/scanners/osv/go_osv.rb

@@ -97,7 +97,7 @@ def vulnerability_document(match, version, introduced, fixed)
       {
         "Package": match.dig("package", "name"),
         "Vulnerable Version": introduced,
-        "Version Detected": version,
+        "DectectedVersions": [version],
         "Patched Version": fixed,
         "ID": match.fetch("aliases", [match.fetch("id", [])])[0],
         "Database": match.fetch("database"),

lib/salus/scanners/osv/gradle_osv.rb

@@ -117,7 +117,7 @@ def format_vulnerability_result(match, version, introduced, fixed)
       {
         "Package": match.dig("package", "name"),
         "Vulnerable Version": introduced,
-        "Version Detected": version,
+        "DectectedVersions": [version],
         "Patched Version": fixed,
         "ID": match.fetch("aliases", [match.fetch("id", [])])[0],
         "Database": match.fetch("database"),

lib/salus/scanners/osv/maven_osv.rb

@@ -120,7 +120,7 @@ def vulnerability_document(match, version, introduced, fixed)
       {
         "Package": match.dig("package", "name"),
         "Vulnerable Version": introduced,
-        "Version Detected": version,
+        "DectectedVersions": [version],
         "Patched Version": fixed,
         "ID": match.fetch("aliases", [match.fetch("id", [])])[0],
         "Database": match.fetch("database"),

lib/salus/scanners/osv/python_osv.rb

@@ -109,7 +109,7 @@ def vulnerability_document(match, version, introduced, fixed)
       {
         "Package": match.dig("package", "name"),
         "Vulnerable Version": introduced,
-        "Version Detected": version,
+        "DectectedVersions": [version],
         "Patched Version": fixed,
         "ID": match.fetch("aliases", [match.fetch("id", [])])[0],
         "Database": match.fetch("database"),

lib/sarif/osv/base_sarif.rb

@@ -37,7 +37,7 @@ def parse_issue(issue)
                            "vulnerable_versions": {
                              "text": issue['Vulnerable Version'].to_s
                            } },
-          properties: { 'severity': issue['Severity'] },
+          properties: { 'severity': issue['Severity'], 'detected_versions': issue['DectectedVersions'] },
           uri: OSV_URI.to_s,
           help_url: issue["Source"].to_s
       }

spec/lib/sarif/osv/go_osv_sarif_spec.rb

@@ -75,7 +75,7 @@ def stub_req_with_valid_response
           ],
             "message" => { "text" =>
               "Crash due to malformed relay protocol message" },
-            "properties" => { "severity" => "LOW" },
+            "properties" => { "severity" => "LOW", "detected_versions"=>["1.14.0"] },
             "ruleId" => "CVE-2021-21404",
             "ruleIndex" => 0 }
       )

spec/lib/sarif/osv/gradle_osv_sarif_spec.rb

@@ -85,7 +85,7 @@ def stub_req_with_valid_response
               "text" => "Information Disclosure in Guava"
             },
             "properties" => {
-              "severity" =>  "LOW"
+              "severity" =>  "LOW", "detected_versions" => ["30.1"]
             },
             "ruleId" => "CVE-2020-8908",
             "ruleIndex" => 0

spec/lib/sarif/osv/maven_osv_sarif_spec.rb

@@ -85,7 +85,7 @@ def stub_req_with_valid_response
               "text" => "Denial of Service in Spring Framework"
             },
             "properties" => {
-              "severity" => "HIGH"
+              "severity" => "HIGH", "detected_versions"=>["3.2.9.RELEASE"]
             },
             "ruleId" => "CVE-2018-15756",
             "ruleIndex" => 5

spec/lib/sarif/osv/python_osv_sarif_spec.rb

@@ -83,7 +83,7 @@ def stub_req_with_valid_response
               "text" => "Regular expression deinal of service in py"
             },
             "properties" => {
-              "severity" => "HIGH"
+              "severity" => "HIGH", "detected_versions"=>["1.5.2"],
             },
             "ruleId" => "CVE-2020-29651",
             "ruleIndex" => 0