fix: check return on re.search in canonical_convert (#1643)

addresses #1639

re.search returns `None` on failure, updating to indicate the version is
`UNKNOWN` when this occurs and generating a log message

Author: wyattearp

cve_bin_tool/cve_scanner.py

@@ -272,7 +272,13 @@ def canonical_convert(
             else:
                 # Handle a.b.c<string> e.g. 1.20.9rel1
                 pv = re.search(r"\d[.\d]*", product_info.version)
-        parsed_version = parse_version(pv.group(0))
+        if pv is None:
+            parsed_version = "UNKNOWN"
+            self.logger.warn(
+                f"error parsing {product_info.vendor}.{product_info.product} v{product_info.version} - manual inspection required"
+            )
+        else:
+            parsed_version = parse_version(pv.group(0))
         return parsed_version, version_between
 
     def affected(self):