Skip to content

Commit

Permalink
Merge pull request #2289 from opengovern/fix-tasks
Browse files Browse the repository at this point in the history
fix: add artifact_vulnerabilities steampipe table
  • Loading branch information
artaasadi authored Dec 20, 2024
2 parents 54de292 + 96d0564 commit c150e4f
Show file tree
Hide file tree
Showing 11 changed files with 247 additions and 13 deletions.
190 changes: 190 additions & 0 deletions pkg/cloudql/client/artifact_vulnerabilities.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,190 @@
package opengovernance_client

import (
"context"
"runtime"

steampipesdk "github.com/opengovern/og-util/pkg/steampipe"

es "github.com/opengovern/og-util/pkg/opengovernance-es-sdk"
"github.com/opengovern/opencomply/pkg/cloudql/sdk/config"
"github.com/turbot/steampipe-plugin-sdk/v5/plugin"
)

const (
ArtifactVulnerabilitiesIndex = "oci_container_vulnerabilities"
)

type OciArtifactVulnerabilities struct {
ImageURL string `json:"imageUrl"`
ArtifactDigest string `json:"artifactDigest"`
Vulnerabilities []VulnerabilityMatch `json:"Vulnerabilities"`
}

type GrypeOutput struct {
Matches []VulnerabilityMatch `json:"matches"`
}

type VulnerabilityMatch struct {
Vulnerability Vulnerability `json:"vulnerability"`
RelatedVulnerabilities []Vulnerability `json:"relatedVulnerabilities"`
MatchDetail interface{} `json:"matchDetail"`
Artifact interface{} `json:"artifact"`
}

type Vulnerability struct {
ID string `json:"id"`
DataSource string `json:"dataSource"`
Namespace string `json:"namespace"`
Severity string `json:"severity"`
URLs []string `json:"urls"`
Description string `json:"description"`
CVSs []VulnerabilityCVS `json:"cvss"`
Fix VulnerabilityFix `json:"fix"`
Advisories interface{} `json:"advisories"`
}

type VulnerabilityCVS struct {
Source string `json:"source"`
Type string `json:"type"`
Version string `json:"version"`
Vector string `json:"vector"`
Metrics map[string]string `json:"metrics"`
VendorMetadata map[string]string `json:"vendorMetadata"`
}

type VulnerabilityFix struct {
Versions []string `json:"versions"`
State string `json:"state"`
}

type OciArtifactVulnerabilitiesHit struct {
ID string `json:"_id"`
Score float64 `json:"_score"`
Index string `json:"_index"`
Type string `json:"_type"`
Version int64 `json:"_version,omitempty"`
Source OciArtifactVulnerabilities `json:"_source"`
Sort []any `json:"sort"`
}

type OciArtifactVulnerabilitiesHits struct {
Total es.SearchTotal `json:"total"`
Hits []OciArtifactVulnerabilitiesHit `json:"hits"`
}

type OciArtifactVulnerabilitiesSearchResponse struct {
PitID string `json:"pit_id"`
Hits OciArtifactVulnerabilitiesHits `json:"hits"`
}

type OciArtifactVulnerabilitiesPaginator struct {
paginator *es.BaseESPaginator
}

func (k Client) NewOciArtifactVulnerabilitiesPaginator(filters []es.BoolFilter, limit *int64) (OciArtifactVulnerabilitiesPaginator, error) {
paginator, err := es.NewPaginator(k.ES.ES(), ArtifactVulnerabilitiesIndex, filters, limit)
if err != nil {
return OciArtifactVulnerabilitiesPaginator{}, err
}

p := OciArtifactVulnerabilitiesPaginator{
paginator: paginator,
}

return p, nil
}

func (p OciArtifactVulnerabilitiesPaginator) HasNext() bool {
return !p.paginator.Done()
}

func (p OciArtifactVulnerabilitiesPaginator) Close(ctx context.Context) error {
return p.paginator.Deallocate(ctx)
}

func (p OciArtifactVulnerabilitiesPaginator) NextPage(ctx context.Context) ([]OciArtifactVulnerabilities, error) {
var response OciArtifactVulnerabilitiesSearchResponse
err := p.paginator.SearchWithLog(ctx, &response, true)
if err != nil {
return nil, err
}

var values []OciArtifactVulnerabilities
for _, hit := range response.Hits.Hits {
values = append(values, hit.Source)
}

hits := int64(len(response.Hits.Hits))
if hits > 0 {
p.paginator.UpdateState(hits, response.Hits.Hits[hits-1].Sort, response.PitID)
} else {
p.paginator.UpdateState(hits, nil, "")
}

return values, nil
}

var artifactVulnerabilitiesMapping = map[string]string{
"image_url": "imageUrl",
"artifact_digest": "artifactDigest",
}

func ListArtifactVulnerabilities(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (any, error) {
plugin.Logger(ctx).Trace("ListArtifactVulnerabilities", d)
runtime.GC()
// create service
cfg := config.GetConfig(d.Connection)
ke, err := config.NewClientCached(cfg, d.ConnectionCache, ctx)
if err != nil {
plugin.Logger(ctx).Error("ListArtifactVulnerabilities NewClientCached", "error", err)
return nil, err
}
k := Client{ES: ke}

sc, err := steampipesdk.NewSelfClientCached(ctx, d.ConnectionCache)
if err != nil {
plugin.Logger(ctx).Error("ListArtifactVulnerabilities NewSelfClientCached", "error", err)
return nil, err
}
encodedResourceCollectionFilters, err := sc.GetConfigTableValueOrNil(ctx, steampipesdk.OpenGovernanceConfigKeyResourceCollectionFilters)
if err != nil {
plugin.Logger(ctx).Error("ListLookupResources GetConfigTableValueOrNil for resource_collection_filters", "error", err)
return nil, err
}
clientType, err := sc.GetConfigTableValueOrNil(ctx, steampipesdk.OpenGovernanceConfigKeyClientType)
if err != nil {
plugin.Logger(ctx).Error("ListLookupResources GetConfigTableValueOrNil for client_type", "error", err)
return nil, err
}

plugin.Logger(ctx).Trace("Columns", d.FetchType)
paginator, err := k.NewOciArtifactVulnerabilitiesPaginator(
es.BuildFilterWithDefaultFieldName(ctx, d.QueryContext, artifactVulnerabilitiesMapping,
nil, encodedResourceCollectionFilters, clientType, true),
d.QueryContext.Limit)
if err != nil {
plugin.Logger(ctx).Error("ListArtifactVulnerabilities NewOciArtifactVulnerabilitiesPaginator", "error", err)
return nil, err
}

for paginator.HasNext() {
page, err := paginator.NextPage(ctx)
if err != nil {
plugin.Logger(ctx).Error("ListArtifactVulnerabilities NextPage", "error", err)
return nil, err
}
plugin.Logger(ctx).Trace("ListArtifactVulnerabilities", "next page")

for _, v := range page {
d.StreamListItem(ctx, v)
}
}

err = paginator.Close(ctx)
if err != nil {
return nil, err
}

return nil, nil
}
15 changes: 9 additions & 6 deletions pkg/cloudql/client/resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,12 +110,15 @@ func (p ResourcePaginator) NextPage(ctx context.Context) ([]Resource, error) {
}

var resourceMapping = map[string]string{
"resource_id": "id",
"resource_arn": "arn",
"connector": "source_type",
"region": "location",
"connection_id": "source_id",
"name": "metadata.Name",
"platform_id": "platform_id",
"resource_id": "resource_id",
"integration_id": "integration_id",
"integration_type": "integration_type",
"resource_type": "resource_type",
"resource_name": "resource_name",
"described_by": "described_by",
"described_at": "described_at",
"name": "metadata.Name",
}

var resourceTypeMap = map[string]string{
Expand Down
15 changes: 8 additions & 7 deletions pkg/cloudql/tables/plugin.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,14 @@ func Plugin(ctx context.Context) *plugin.Plugin {
Schema: config.Schema(),
},
TableMap: map[string]*plugin.Table{
"platform_findings": tablePlatformFindings(ctx),
"platform_resources": tablePlatformResources(ctx),
"platform_lookup": tablePlatformLookup(ctx),
"platform_integrations": tablePlatformConnections(ctx),
"platform_integration_groups": tablePlatformIntegrationGroups(ctx),
"platform_api_benchmark_summary": tablePlatformApiBenchmarkSummary(ctx),
"platform_api_benchmark_controls": tablePlatformApiBenchmarkControls(ctx),
"platform_findings": tablePlatformFindings(ctx),
"platform_resources": tablePlatformResources(ctx),
"platform_lookup": tablePlatformLookup(ctx),
"platform_integrations": tablePlatformConnections(ctx),
"platform_integration_groups": tablePlatformIntegrationGroups(ctx),
"platform_api_benchmark_summary": tablePlatformApiBenchmarkSummary(ctx),
"platform_api_benchmark_controls": tablePlatformApiBenchmarkControls(ctx),
"platform_artifact_vulnerabilities": tablePlatformArtifactVulnerabilities(ctx),
},
}

Expand Down
40 changes: 40 additions & 0 deletions pkg/cloudql/tables/table_platform_artifact_vulnerabilities.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
package opengovernance

import (
"context"
"github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform"

og_client "github.com/opengovern/opencomply/pkg/cloudql/client"
"github.com/turbot/steampipe-plugin-sdk/v5/grpc/proto"
"github.com/turbot/steampipe-plugin-sdk/v5/plugin"
)

func tablePlatformArtifactVulnerabilities(_ context.Context) *plugin.Table {
return &plugin.Table{
Name: "platform_artifact_vulnerabilities",
Description: "Platform Artifact Vulnerabilities",
Cache: &plugin.TableCacheOptions{
Enabled: false,
},
List: &plugin.ListConfig{
Hydrate: og_client.ListArtifactVulnerabilities,
},
Columns: []*plugin.Column{
{
Name: "image_url",
Transform: transform.FromQual("imageUrl"),
Type: proto.ColumnType_STRING,
},
{
Name: "artifact_digest",
Transform: transform.FromQual("artifactDigest"),
Type: proto.ColumnType_STRING,
},
{
Name: "vulnerabilities",
Transform: transform.FromQual("Vulnerabilities"),
Type: proto.ColumnType_JSON,
},
},
}
}
File renamed without changes.

0 comments on commit c150e4f

Please sign in to comment.