fix: add CVSSv4 to suppressed entries in JSON report (#7900)

jeremylong · web-flow · commit f3de85180d72 · 2025-09-02T07:44:49.000-04:00
diff --git a/core/src/main/resources/templates/jsonReport.vsl b/core/src/main/resources/templates/jsonReport.vsl
@@ -447,6 +447,136 @@
 #if($vuln.cvssV3.cvssData.version),"version": "$enc.json($vuln.cvssV3.cvssData.version)"#end
                     },
 #end
+#if($vuln.cvssV4)
+                    "cvssv4": {
+#if($vuln.cvssV4.cvssData.vectorString)
+                        "vectorString": "$enc.json($vuln.cvssV4.cvssData.vectorString)"
+#end
+#if($vuln.cvssV4.source)
+                        ,"source": "$enc.json($vuln.cvssV4.source)"
+#end
+#if($vuln.cvssV4.type)
+                        ,"type": "$enc.json($vuln.cvssV4.type)"
+#end
+#if($vuln.cvssV4.cvssData.version)
+                        ,"version": "$enc.json($vuln.cvssV4.cvssData.version)"
+#end
+#if($vuln.cvssV4.cvssData.attackVector)
+                        ,"attackVector": "$enc.json($vuln.cvssV4.cvssData.attackVector)"
+#end
+#if($vuln.cvssV4.cvssData.attackComplexity)
+                        ,"attackComplexity": "$enc.json($vuln.cvssV4.cvssData.attackComplexity)"
+#end
+#if($vuln.cvssV4.cvssData.attackRequirements)
+                        ,"attackRequirements": "$enc.json($vuln.cvssV4.cvssData.attackRequirements)"
+#end
+#if($vuln.cvssV4.cvssData.privilegesRequired)
+                        ,"privilegesRequired": "$enc.json($vuln.cvssV4.cvssData.privilegesRequired)"
+#end
+#if($vuln.cvssV4.cvssData.userInteraction)
+                        ,"userInteraction": "$enc.json($vuln.cvssV4.cvssData.userInteraction)"
+#end
+#if($vuln.cvssV4.cvssData.vulnerableSystemConfidentiality)
+                        ,"vulnerableSystemConfidentiality": "$enc.json($vuln.cvssV4.cvssData.vulnerableSystemConfidentiality)"
+#end
+#if($vuln.cvssV4.cvssData.vulnerableSystemIntegrity)
+                        ,"vulnerableSystemIntegrity": "$enc.json($vuln.cvssV4.cvssData.vulnerableSystemIntegrity)"
+#end
+#if($vuln.cvssV4.cvssData.vulnerableSystemAvailability)
+                        ,"vulnerableSystemAvailability": "$enc.json($vuln.cvssV4.cvssData.vulnerableSystemAvailability)"
+#end
+#if($vuln.cvssV4.cvssData.subsequentSystemConfidentiality)
+                        ,"subsequentSystemConfidentiality": "$enc.json($vuln.cvssV4.cvssData.subsequentSystemConfidentiality)"
+#end
+#if($vuln.cvssV4.cvssData.subsequentSystemIntegrity)
+                        ,"subsequentSystemIntegrity": "$enc.json($vuln.cvssV4.cvssData.subsequentSystemIntegrity)"
+#end
+#if($vuln.cvssV4.cvssData.subsequentSystemAvailability)
+                        ,"subsequentSystemAvailability": "$enc.json($vuln.cvssV4.cvssData.subsequentSystemAvailability)"
+#end
+#if($vuln.cvssV4.cvssData.exploitMaturity)
+                        ,"exploitMaturity": "$enc.json($vuln.cvssV4.cvssData.exploitMaturity)"
+#end
+#if($vuln.cvssV4.cvssData.confidentialityRequirements)
+                        ,"confidentialityRequirements": "$enc.json($vuln.cvssV4.cvssData.confidentialityRequirements)"
+#end
+#if($vuln.cvssV4.cvssData.integrityRequirements)
+                        ,"integrityRequirements": "$enc.json($vuln.cvssV4.cvssData.integrityRequirements)"
+#end
+#if($vuln.cvssV4.cvssData.availabilityRequirements)
+                        ,"availabilityRequirements": "$enc.json($vuln.cvssV4.cvssData.availabilityRequirements)"
+#end
+#if($vuln.cvssV4.cvssData.modifiedAttackVector)
+                        ,"modifiedAttackVector": "$enc.json($vuln.cvssV4.cvssData.modifiedAttackVector)"
+#end
+#if($vuln.cvssV4.cvssData.modifiedAttackComplexity)
+                        ,"modifiedAttackComplexity": "$enc.json($vuln.cvssV4.cvssData.modifiedAttackComplexity)"
+#end
+#if($vuln.cvssV4.cvssData.modifiedAttackRequirements)
+                        ,"modifiedAttackRequirements": "$enc.json($vuln.cvssV4.cvssData.modifiedAttackRequirements)"
+#end
+#if($vuln.cvssV4.cvssData.modifiedPrivilegesRequired)
+                        ,"modifiedPrivilegesRequired": "$enc.json($vuln.cvssV4.cvssData.modifiedPrivilegesRequired)"
+#end
+#if($vuln.cvssV4.cvssData.modifiedUserInteraction)
+                        ,"modifiedUserInteraction": "$enc.json($vuln.cvssV4.cvssData.modifiedUserInteraction)"
+#end
+#if($vuln.cvssV4.cvssData.modifiedVulnerableSystemConfidentiality)
+                        ,"modifiedVulnerableSystemConfidentiality": "$enc.json($vuln.cvssV4.cvssData.modifiedVulnerableSystemConfidentiality)"
+#end
+#if($vuln.cvssV4.cvssData.modifiedVulnerableSystemIntegrity)
+                        ,"modifiedVulnerableSystemIntegrity": "$enc.json($vuln.cvssV4.cvssData.modifiedVulnerableSystemIntegrity)"
+#end
+#if($vuln.cvssV4.cvssData.modifiedVulnerableSystemAvailability)
+                        ,"modifiedVulnerableSystemAvailability": "$enc.json($vuln.cvssV4.cvssData.modifiedVulnerableSystemAvailability)"
+#end
+#if($vuln.cvssV4.cvssData.modifiedSubsequentSystemConfidentiality)
+                        ,"modifiedSubsequentSystemConfidentiality": "$enc.json($vuln.cvssV4.cvssData.modifiedSubsequentSystemConfidentiality)"
+#end
+#if($vuln.cvssV4.cvssData.modifiedSubsequentSystemIntegrity)
+                        ,"modifiedSubsequentSystemIntegrity": "$enc.json($vuln.cvssV4.cvssData.modifiedSubsequentSystemIntegrity)"
+#end
+#if($vuln.cvssV4.cvssData.modifiedSubsequentSystemAvailability)
+                        ,"modifiedSubsequentSystemAvailability": "$enc.json($vuln.cvssV4.cvssData.modifiedSubsequentSystemAvailability)"
+#end
+#if($vuln.cvssV4.cvssData.safety)
+                        ,"safety": "$enc.json($vuln.cvssV4.cvssData.safety)"
+#end
+#if($vuln.cvssV4.cvssData.automatable)
+                        ,"automatable": "$enc.json($vuln.cvssV4.cvssData.automatable)"
+#end
+#if($vuln.cvssV4.cvssData.recovery)
+                        ,"recovery": "$enc.json($vuln.cvssV4.cvssData.recovery)"
+#end
+#if($vuln.cvssV4.cvssData.valueDensity)
+                        ,"valueDensity": "$enc.json($vuln.cvssV4.cvssData.valueDensity)"
+#end
+#if($vuln.cvssV4.cvssData.vulnerabilityResponseEffort)
+                        ,"vulnerabilityResponseEffort": "$enc.json($vuln.cvssV4.cvssData.vulnerabilityResponseEffort)"
+#end
+#if($vuln.cvssV4.cvssData.providerUrgency)
+                        ,"providerUrgency": "$enc.json($vuln.cvssV4.cvssData.providerUrgency)"
+#end
+#if($vuln.cvssV4.cvssData.baseScore)
+                        ,"baseScore": $vuln.cvssV4.cvssData.baseScore
+#end
+#if($vuln.cvssV4.cvssData.baseSeverity)
+                        ,"baseSeverity": "$enc.json($vuln.cvssV4.cvssData.baseSeverity)"
+#end
+#if($vuln.cvssV4.cvssData.threatScore)
+                        ,"threatScore": $vuln.cvssV4.cvssData.threatScore
+#end
+#if($vuln.cvssV4.cvssData.threatSeverity)
+                        ,"threatSeverity": "$enc.json($vuln.cvssV4.cvssData.threatSeverity)"
+#end
+#if($vuln.cvssV4.cvssData.environmentalScore)
+                        ,"environmentalScore": $vuln.cvssV4.cvssData.environmentalScore
+#end
+#if($vuln.cvssV4.cvssData.environmentalSeverity)
+                        ,"environmentalSeverity": "$enc.json($vuln.cvssV4.cvssData.environmentalSeverity)"
+#end
+                    },
+#end
 #if (!$vuln.cwes.isEmpty())
                     "cwes": [
 #set($addComma=0)
