fix(vulnerability): make an empty severity UNKNOWN (#759)

pkg/vulnerability/vulnerability_test.go

@@ -84,6 +84,7 @@ func TestClient_FillInfo(t *testing.T) {
 						Vulnerability: dbTypes.Vulnerability{
 							Title:       "dos",
 							Description: "dos vulnerability",
+							Severity:    dbTypes.SeverityUnknown.String(),
 							VendorSeverity: dbTypes.VendorSeverity{
 								vulnerability.Nvd: dbTypes.SeverityLow,
 							},
@@ -140,6 +141,7 @@ func TestClient_FillInfo(t *testing.T) {
 					Vulnerability: dbTypes.Vulnerability{
 						Title:       "dos",
 						Description: "dos vulnerability",
+						Severity:    dbTypes.SeverityUnknown.String(),
 						References:  []string{"http://example.com"},
 					},
 					PrimaryURL: "https://avd.aquasec.com/nvd/cve-2019-0001",
@@ -250,6 +252,37 @@ func TestClient_FillInfo(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "happy path light db, with only OS vulnerability, no vendor severity",
+			getVulnerability: []db.OperationGetVulnerabilityExpectation{
+				{
+					Args: db.OperationGetVulnerabilityArgs{
+						VulnerabilityID: "CVE-2020-28928",
+					},
+					Returns: db.OperationGetVulnerabilityReturns{
+						Vulnerability: dbTypes.Vulnerability{
+							VendorSeverity: dbTypes.VendorSeverity{},
+						},
+					},
+				},
+			},
+			args: args{
+				vulns: []types.DetectedVulnerability{
+					{VulnerabilityID: "CVE-2020-28928"},
+				},
+				reportType: vulnerability.Alpine,
+			},
+			expectedVulnerabilities: []types.DetectedVulnerability{
+				{
+					VulnerabilityID: "CVE-2020-28928",
+					Vulnerability: dbTypes.Vulnerability{
+						Severity: dbTypes.SeverityUnknown.String(),
+					},
+					SeveritySource: "",
+					PrimaryURL:     "https://avd.aquasec.com/nvd/cve-2020-28928",
+				},
+			},
+		},
 		{
 			name: "happy path, with only library vulnerability",
 			getVulnerability: []db.OperationGetVulnerabilityExpectation{