diff --git a/mirror-service/src/main/java/org/dependencytrack/vulnmirror/datasource/nvd/NvdToCyclonedxParser.java b/mirror-service/src/main/java/org/dependencytrack/vulnmirror/datasource/nvd/NvdToCyclonedxParser.java index 1d7fe287c..f4571e37a 100644 --- a/mirror-service/src/main/java/org/dependencytrack/vulnmirror/datasource/nvd/NvdToCyclonedxParser.java +++ b/mirror-service/src/main/java/org/dependencytrack/vulnmirror/datasource/nvd/NvdToCyclonedxParser.java @@ -64,6 +64,7 @@ import java.util.Collections; import java.util.HashMap; import java.util.List; +import java.util.Locale; import java.util.Map; import java.util.Objects; import java.util.Optional; @@ -305,7 +306,7 @@ private static List parseCveImpact(Metrics metrics) { CvssV2Data cvss = baseMetric.getCvssData(); Optional.ofNullable(cvss) .map(cvss20 -> VulnerabilityRating.newBuilder() - .setScore(Double.parseDouble(NumberFormat.getInstance().format(cvss20.getBaseScore()))) + .setScore(Double.parseDouble(NumberFormat.getInstance(Locale.US).format(cvss20.getBaseScore()))) .setMethod(ScoreMethod.SCORE_METHOD_CVSSV2) .setVector(cvss20.getVectorString()) .setSeverity(mapSeverity(baseMetric.getBaseSeverity())) @@ -322,7 +323,7 @@ private static List parseCveImpact(Metrics metrics) { CvssV3Data cvss = baseMetric.getCvssData(); Optional.ofNullable(cvss) .map(cvssx -> VulnerabilityRating.newBuilder() - .setScore(Double.parseDouble(NumberFormat.getInstance().format(cvssx.getBaseScore()))) + .setScore(Double.parseDouble(NumberFormat.getInstance(Locale.US).format(cvssx.getBaseScore()))) .setMethod(ScoreMethod.SCORE_METHOD_CVSSV3) .setVector(cvssx.getVectorString()) .setSeverity(mapSeverity(cvssx.getBaseSeverity().value())) @@ -339,7 +340,7 @@ private static List parseCveImpact(Metrics metrics) { CvssV3Data cvss = baseMetric.getCvssData(); Optional.ofNullable(cvss) .map(cvss31 -> VulnerabilityRating.newBuilder() - .setScore(Double.parseDouble(NumberFormat.getInstance().format(cvss.getBaseScore()))) + .setScore(Double.parseDouble(NumberFormat.getInstance(Locale.US).format(cvss.getBaseScore()))) .setMethod(ScoreMethod.SCORE_METHOD_CVSSV31) .setVector(cvss.getVectorString()) .setSeverity(mapSeverity(cvss.getBaseSeverity().value())) diff --git a/mirror-service/src/main/java/org/dependencytrack/vulnmirror/datasource/osv/OsvToCyclonedxParser.java b/mirror-service/src/main/java/org/dependencytrack/vulnmirror/datasource/osv/OsvToCyclonedxParser.java index 49e14d72e..cd34e6432 100644 --- a/mirror-service/src/main/java/org/dependencytrack/vulnmirror/datasource/osv/OsvToCyclonedxParser.java +++ b/mirror-service/src/main/java/org/dependencytrack/vulnmirror/datasource/osv/OsvToCyclonedxParser.java @@ -50,6 +50,7 @@ import java.util.ArrayList; import java.util.Collections; import java.util.List; +import java.util.Locale; import java.util.Map; import java.util.Objects; import java.util.Optional; @@ -270,7 +271,7 @@ private static List parseCvssRatings(JSONObject object, Sev var rating = VulnerabilityRating.newBuilder(); double score = cvss.calculateScore().getBaseScore(); rating.setVector(vector); - rating.setScore(Double.parseDouble(NumberFormat.getInstance().format(score))); + rating.setScore(Double.parseDouble(NumberFormat.getInstance(Locale.US).format(score))); String type = cvssObj.optString("type", null); if (type != null && type.equalsIgnoreCase("CVSS_V3")) { diff --git a/vulnerability-analyzer/src/main/java/org/dependencytrack/vulnanalyzer/client/ossindex/ModelConverterToCdx.java b/vulnerability-analyzer/src/main/java/org/dependencytrack/vulnanalyzer/client/ossindex/ModelConverterToCdx.java index a79e965c4..c4ebe0c68 100644 --- a/vulnerability-analyzer/src/main/java/org/dependencytrack/vulnanalyzer/client/ossindex/ModelConverterToCdx.java +++ b/vulnerability-analyzer/src/main/java/org/dependencytrack/vulnanalyzer/client/ossindex/ModelConverterToCdx.java @@ -35,6 +35,7 @@ import java.text.NumberFormat; import java.util.List; +import java.util.Locale; import java.util.Optional; import static org.cyclonedx.proto.v1_4.ScoreMethod.SCORE_METHOD_CVSSV2; @@ -116,7 +117,7 @@ private static VulnerabilityRating convertRating(final String cvssVector) { return VulnerabilityRating.newBuilder() .setSource(Source.newBuilder().setName("OSSINDEX")) .setMethod(SCORE_METHOD_CVSSV3) - .setScore(Double.parseDouble(NumberFormat.getInstance().format(score.getBaseScore()))) + .setScore(Double.parseDouble(NumberFormat.getInstance(Locale.US).format(score.getBaseScore()))) .setVector(cvss.getVector()) .setSeverity(convert(normalizedCvssV3Score(score.getBaseScore()))) .build(); @@ -124,7 +125,7 @@ private static VulnerabilityRating convertRating(final String cvssVector) { return VulnerabilityRating.newBuilder() .setSource(Source.newBuilder().setName("OSSINDEX")) .setMethod(SCORE_METHOD_CVSSV2) - .setScore(Double.parseDouble(NumberFormat.getInstance().format(score.getBaseScore()))) + .setScore(Double.parseDouble(NumberFormat.getInstance(Locale.US).format(score.getBaseScore()))) .setVector(cvss.getVector()) .setSeverity(convert(normalizedCvssV2Score(score.getBaseScore()))) .build(); diff --git a/vulnerability-analyzer/src/main/java/org/dependencytrack/vulnanalyzer/client/snyk/ModelConverterToCdx.java b/vulnerability-analyzer/src/main/java/org/dependencytrack/vulnanalyzer/client/snyk/ModelConverterToCdx.java index c9a867060..8bae91dd1 100644 --- a/vulnerability-analyzer/src/main/java/org/dependencytrack/vulnanalyzer/client/snyk/ModelConverterToCdx.java +++ b/vulnerability-analyzer/src/main/java/org/dependencytrack/vulnanalyzer/client/snyk/ModelConverterToCdx.java @@ -42,6 +42,7 @@ import java.util.Comparator; import java.util.HashSet; import java.util.List; +import java.util.Locale; import java.util.Objects; import java.util.Optional; import java.util.function.Predicate; @@ -215,7 +216,7 @@ private static VulnerabilityRating convert(final Severity severity) { default -> SEVERITY_UNKNOWN; }) .setMethod(determineScoreMethod(severity)) - .setScore(Double.parseDouble(NumberFormat.getInstance().format(severity.score()))) + .setScore(Double.parseDouble(NumberFormat.getInstance(Locale.US).format(severity.score()))) .setVector(severity.vector()) .build(); }