From 2b81487cd5dd6c1a8e54538254629bc30fb1c980 Mon Sep 17 00:00:00 2001
From: David Redmin <david.redmin@trio.dhs.gov>
Date: Tue, 10 May 2022 16:17:08 -0400
Subject: [PATCH] Prefer CVSS v3 score over v2 and add cvss_version to ticket
 details

---
 cyhy/db/ticket_manager.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cyhy/db/ticket_manager.py b/cyhy/db/ticket_manager.py
index 8cef0b0..00d25bd 100644
--- a/cyhy/db/ticket_manager.py
+++ b/cyhy/db/ticket_manager.py
@@ -96,7 +96,8 @@ def __generate_ticket_details(self, vuln, ticket, check_for_changes=True):
 
         new_details = {
             "cve": vuln.get("cve"),
-            "cvss_base_score": vuln["cvss_base_score"],
+            "cvss_base_score": vuln.get("cvss3_base_score", vuln["cvss_base_score"]),
+            "cvss_version": "3" if "cvss3_base_score" in vuln else "2",
             "kev": False,
             "name": vuln["plugin_name"],
             "score_source": vuln["source"],
@@ -108,6 +109,7 @@ def __generate_ticket_details(self, vuln, ticket, check_for_changes=True):
             cve_doc = self.__db.CVEDoc.find_one({"_id": vuln["cve"]})
             if cve_doc:
                 new_details["cvss_base_score"] = cve_doc["cvss_score"]
+                new_details["cvss_version"] = cve_doc["cvss_version"]
                 new_details["score_source"] = "nvd"
                 new_details["severity"] = cve_doc["severity"]
             # if the CVE is listed in the KEV collection, we'll mark it as such