feat: made the min critial CVE score configurable

src/config/fact-core-config.toml

@@ -110,6 +110,8 @@ processes = 4
 [[backend.plugin]]
 name = "cve_lookup"
 processes = 4
+# CVE scores greater or equal to this value are shown as "critical"
+min-critical-score = 9.0
 
 [[backend.plugin]]
 name = "cwe_checker"

src/plugins/analysis/cve_lookup/code/cve_lookup.py

@@ -4,6 +4,7 @@
 from pathlib import Path
 from typing import TYPE_CHECKING
 
+import config
 from analysis.PluginBase import AnalysisBasePlugin
 from helperFunctions.tag import TagColor
 from plugins.mime_blacklists import MIME_BLACKLIST_NON_EXECUTABLE
@@ -20,7 +21,6 @@
     from lookup import Lookup
 
 DB_PATH = str(Path(__file__).parent / '../internal/database/cve_cpe.db')
-MINIMUM_CRITICAL_SCORE = 9.0
 
 
 class AnalysisPlugin(AnalysisBasePlugin):
@@ -35,6 +35,9 @@ class AnalysisPlugin(AnalysisBasePlugin):
     VERSION = '0.2.0'
     FILE = __file__
 
+    def additional_setup(self):
+        self.min_crit_score = getattr(config.backend.plugin.get(self.NAME, {}), 'min-critical-score', 9.0)
+
     def process_object(self, file_object: FileObject) -> FileObject:
         """
         Process the given file object and look up vulnerabilities for each software component.
@@ -86,9 +89,8 @@ def add_tags(self, cve_results: dict[str, dict[str, dict[str, str]]], file_objec
                     self.add_analysis_tag(file_object, 'CVE', 'critical CVE', TagColor.RED, True)
                     return
 
-    @staticmethod
-    def _entry_has_critical_rating(entry: dict[str, dict[str, str]]) -> bool:
+    def _entry_has_critical_rating(self, entry: dict[str, dict[str, str]]) -> bool:
         """
         Check if the given entry has a critical rating.
         """
-        return any(value != 'N/A' and float(value) >= MINIMUM_CRITICAL_SCORE for value in entry['scores'].values())
+        return any(value != 'N/A' and float(value) >= self.min_crit_score for value in entry['scores'].values())