-
Notifications
You must be signed in to change notification settings - Fork 0
/
vulreport.go
79 lines (62 loc) · 1.89 KB
/
vulreport.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package maven
import (
"github.com/JackKCWong/go-woodpecker/api"
"sort"
"strings"
)
// HighOrCritical returns Dependency with CVSS score greater or equal to 7.0 (HIGH-CRITICAL)
func (vr *VulnerabilityReport) HighOrCritical() []Dependency {
deps := vr.Dependencies
vulnerables := filterDeps(deps, func(d Dependency) bool {
return len(d.Vulnerabilities) > 0
})
findCoH := func(v []Vulnerability) []Vulnerability {
return filterVuls(v, func(v Vulnerability) bool {
return v.Cvssv3.BaseScore >= 7.0 || v.Cvssv2.Score >= 7.0
})
}
highOrCritical := filterDeps(vulnerables, func(d Dependency) bool {
coh := findCoH(d.Vulnerabilities)
return len(coh) > 0
})
sort.SliceStable(highOrCritical, func(i, j int) bool {
return len(findCoH(highOrCritical[i].Vulnerabilities)) > len(findCoH(highOrCritical[j].Vulnerabilities))
})
return highOrCritical
}
func (vr *VulnerabilityReport) fillIn(tree *api.DependencyTree) {
vuldb := make(map[string][]Vulnerability)
pdb := make(map[string]string)
for _, d := range vr.Dependencies {
for _, v := range d.Vulnerabilities {
gav := getMavenGAV(d.Packages[0].ID)
vuldb[gav] = append(vuldb[gav], v)
pdb[gav] = d.Packages[0].Url
}
}
for i, n := range tree.Nodes() {
n.Vulnerabilities = convertVul(vuldb[n.ID])
n.PackageUrl = pdb[n.ID]
tree.Set(i, n)
}
}
func convertVul(vulnerabilities []Vulnerability) []api.Vulnerability {
r := make([]api.Vulnerability, 0, len(vulnerabilities))
for _, v := range vulnerabilities {
r = append(r, api.Vulnerability{
Cve: v.Name,
Description: v.Description,
CvssScore: v.Cvssv3.BaseScore,
})
}
sort.SliceStable(r, func(i, j int) bool {
return r[i].CvssScore > r[j].CvssScore
})
return r
}
func getMavenGAV(packageId string) string {
gav := strings.TrimPrefix(packageId, "pkg:maven/")
gav = strings.ReplaceAll(gav, "/", ":")
gav = strings.ReplaceAll(gav, "@", ":")
return gav
}