Manage 'remote' value of exploit_type in Aqua in case of several values (#1247)

Author: hrcornejo

CHANGELOG.md

@@ -5,6 +5,7 @@
 ### Added
 
 ### Changed
+* Manage 'remote' value of exploit_type in Aqua in case of several values ([#1247](https://github.com/opendevstack/ods-jenkins-shared-library/pull/1247))
 
 ### Fixed
 * Log correct error message for wrong preview-branch value ([#1249](https://github.com/opendevstack/ods-jenkins-shared-library/pull/1249))

src/org/ods/component/ScanWithAquaStage.groovy

@@ -423,7 +423,8 @@ class ScanWithAquaStage extends Stage {
         aquaJsonMap.resources.each { it ->
             (it as Map).vulnerabilities.each { vul ->
                 Map vulnerability = vul as Map
-                if ((vulnerability?.exploit_type as String)?.equalsIgnoreCase(REMOTE_EXPLOIT_TYPE)
+                if ((vulnerability?.exploit_type as String)?.split(',')*.trim()
+                    .any { it.equalsIgnoreCase(REMOTE_EXPLOIT_TYPE) }
                     && (vulnerability?.aqua_severity as String)?.equalsIgnoreCase(CRITICAL_AQUA_SEVERITY)
                     && !StringUtils.isEmpty((vulnerability?.solution as String).trim())) {
                     if (Boolean.parseBoolean(vulnerability?.already_acknowledged as String)) {

test/resources/org/ods/component/aqua-test-result.json

@@ -1114,7 +1114,7 @@
                     "aqua_severity_classification": "NVD CVSS V3 Score: 10.0",
                     "aqua_score_classification": "NVD CVSS V3 Score: 10.0",
                     "exploitability": "http://www.exploit-db.com/exploits/50592",
-                    "exploit_type": "remote",
+                    "exploit_type": "remote,CISA",
                     "cwe_info": [
                         {
                             "Id": "CWE-20",