Skip to content

Commit

Permalink
feat(cve): add reference url for cve
Browse files Browse the repository at this point in the history 
Signed-off-by: Laurentiu Niculae <[email protected]>
  • Loading branch information
@laurentiuNiculae
laurentiuNiculae committed Nov 29, 2023
1 parent 3c8da6e commit 0002dd8
Show file tree
Hide file tree
Showing 7 changed files with 112 additions and 0 deletions.
1 change: 1 addition & 0 deletions pkg/extensions/search/cve/model/models.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ type CVE struct {
Description string `json:"Description"`
Severity string `json:"Severity"`
Title string `json:"Title"`
Reference string `json:"Reference"`
PackageList []Package `json:"PackageList"`
}

Expand Down
30 changes: 30 additions & 0 deletions pkg/extensions/search/cve/trivy/scanner.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"fmt"
"os"
"path"
"strings"
"sync"

"github.com/aquasecurity/trivy-db/pkg/metadata"
Expand Down Expand Up @@ -427,6 +428,7 @@ func (scanner Scanner) scanManifest(ctx context.Context, repo, digest string) (m
ID: vulnerability.VulnerabilityID,
Title: vulnerability.Title,
Description: vulnerability.Description,
Reference: getCVEReference(vulnerability.PrimaryURL, vulnerability.References),
Severity: convertSeverity(vulnerability.Severity),
PackageList: newPkgList,
}
Expand All @@ -439,6 +441,34 @@ func (scanner Scanner) scanManifest(ctx context.Context, repo, digest string) (m
return cveidMap, nil
}

func getCVEReference(primaryURL string, references []string) string {
if primaryURL != "" {
return primaryURL
}

if len(references) > 0 {
nvdReference, found := getNVDReference(references)

if found {
return nvdReference
}

return references[0]
}

return ""

Check warning on line 459 in pkg/extensions/search/cve/trivy/scanner.go

View check run for this annotation

Codecov / codecov/patch

pkg/extensions/search/cve/trivy/scanner.go#L459 

Added line #L459 was not covered by tests
}

func getNVDReference(references []string) (string, bool) {
for i := range references {
if strings.Contains(references[i], "nvd.nist.gov") {
return references[i], true
}
}

return "", false
}

func (scanner Scanner) scanIndex(ctx context.Context, repo, digest string) (map[string]cvemodel.CVE, error) {
if cachedMap := scanner.cache.Get(digest); cachedMap != nil {
return cachedMap, nil
Expand Down
16 changes: 16 additions & 0 deletions pkg/extensions/search/cve/trivy/scanner_internal_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -488,3 +488,19 @@ func TestIsIndexScannableErrors(t *testing.T) {
})
})
}

func TestGetCVEReference(t *testing.T) {
Convey("getCVEReference", t, func() {
ref := getCVEReference("primary", []string{})
So(ref, ShouldResemble, "primary")

ref = getCVEReference("", []string{"secondary"})
So(ref, ShouldResemble, "secondary")

ref = getCVEReference("", []string{""})
So(ref, ShouldResemble, "")

ref = getCVEReference("", []string{"https://nvd.nist.gov/vuln/detail/CVE-2023-2650"})
So(ref, ShouldResemble, "https://nvd.nist.gov/vuln/detail/CVE-2023-2650")
})
}
57 changes: 57 additions & 0 deletions pkg/extensions/search/gql_generated/generated.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions pkg/extensions/search/gql_generated/models_gen.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions pkg/extensions/search/resolver.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -228,6 +228,7 @@ func getCVEListForImage(
desc := cveDetail.Description
title := cveDetail.Title
severity := cveDetail.Severity
referenceURL := cveDetail.Reference

pkgList := make([]*gql_generated.PackageInfo, 0)

Expand All @@ -249,6 +250,7 @@ func getCVEListForImage(
Title: &title,
Description: &desc,
Severity: &severity,
Reference: &referenceURL,
PackageList: pkgList,
},
)
Expand Down
4 changes: 4 additions & 0 deletions pkg/extensions/search/schema.graphql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,10 @@ type CVE {
"""
Description: String
"""
Reference for the given CVE
"""
Reference: String
"""
The impact the CVE has, one of "UNKNOWN", "LOW", "MEDIUM", "HIGH", "CRITICAL"
"""
Severity: String
Expand Down

0 comments on commit 0002dd8

Please sign in to comment.