From 1bf0d3514fb23afac63f3f9843d1564eec4bb873 Mon Sep 17 00:00:00 2001
From: Sebastian Schuberth <sebastian@doubleopen.org>
Date: Wed, 18 Sep 2024 09:00:08 +0200
Subject: [PATCH] fix(rules): Adjust to the new vulnerability API

See [1].

[1]: https://github.com/oss-review-toolkit/ort/pull/9091

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
---
 evaluator.rules.kts | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/evaluator.rules.kts b/evaluator.rules.kts
index 3195a110..9ca0e9a5 100644
--- a/evaluator.rules.kts
+++ b/evaluator.rules.kts
@@ -1540,18 +1540,14 @@ fun RuleSet.vulnerabilityInDependencyRule() = packageRule("VULNERABILITY_IN_DEPE
 }
 
 fun RuleSet.vulnerabilityWithHighSeverityInDependencyRule() = packageRule("HIGH_SEVERITY_VULNERABILITY_IN_DEPENDENCY") {
-    val maxAcceptedSeverity = "5.0"
+    val scoreThreshold = 5.0f
 
     require {
         -isProject()
         -isExcluded()
         +AnyOf(
-            hasVulnerability(maxAcceptedSeverity, "CVSS2") { value, threshold ->
-                value.toFloat() >= threshold.toFloat()
-            },
-            hasVulnerability(maxAcceptedSeverity, "CVSS3") { value, threshold ->
-                value.toFloat() >= threshold.toFloat()
-            }
+            hasVulnerability(scoreThreshold, "CVSS2"),
+            hasVulnerability(scoreThreshold, "CVSS3")
         )
     }