Fix test and make code a bit more robust

eoftedal · eoftedal · commit 6da45fcb6a34 · 2025-08-11T22:35:51.000+02:00
diff --git a/node/spec/repository.json b/node/spec/repository.json
@@ -3,7 +3,7 @@
     "vulnerabilities": [
       { "atOrAbove": "1.6.0-rc.1", "below": "1.6.0-rc.1.1", "info": ["http://some.url"] },
       { "below": "1.5.0", "info": ["http://some.url"] },
-      { "atOrAbove": "1.8.0", "below": "1.9.0", "info": ["http://some.url"] }
+      { "atOrAbove": "1.8.0", "below": "1.9.0", "info": ["http://some.url"], "cwe":[ "CWE-79"], "identifiers": { "CVE": ["CVE-2021-1234"], "githubID": "GHSA-1234" } }
     ],
     "extractors": {
       "uri": ["/([0-9.]+([a-z\\-0-9.]+)?)/jquery(\\.min)?\\.js"],
diff --git a/node/src/reporters/cyclonedx-1_6-json.ts b/node/src/reporters/cyclonedx-1_6-json.ts
@@ -94,7 +94,7 @@ function configureCycloneDXJSONLogger(logger: Logger, writer: Writer, config: Lo
             const bomRef = purl;
             dep.vulnerabilities?.forEach((vuln) => {
               // Pick valid identifiers for VEX
-              const ids: string[] | undefined = vuln.identifiers.CVE ?? (vuln.identifiers.githubID ? [vuln.identifiers.githubID] : undefined);
+              const ids: string[] | undefined = vuln.identifiers?.CVE ?? (vuln.identifiers?.githubID ? [vuln.identifiers.githubID] : undefined);
               if (!ids) return;
               ids.forEach((id) => {
                 if (!vulnerabilitiesCyclone.has(id)) {
