-
Notifications
You must be signed in to change notification settings - Fork 2.2k
/
vulnerability_flags.go
99 lines (88 loc) · 2.47 KB
/
vulnerability_flags.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package flag
import (
"github.com/samber/lo"
dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/types"
)
var (
VulnTypeFlag = Flag{
Name: "vuln-type",
ConfigName: "vulnerability.type",
Default: []string{
types.VulnTypeOS,
types.VulnTypeLibrary,
},
Values: []string{
types.VulnTypeOS,
types.VulnTypeLibrary,
},
Usage: "comma-separated list of vulnerability types",
}
IgnoreUnfixedFlag = Flag{
Name: "ignore-unfixed",
ConfigName: "vulnerability.ignore-unfixed",
Default: false,
Usage: "display only fixed vulnerabilities",
}
IgnoreStatusFlag = Flag{
Name: "ignore-status",
ConfigName: "vulnerability.ignore-status",
Default: []string{},
Values: dbTypes.Statuses,
Usage: "comma-separated list of vulnerability status to ignore",
}
)
type VulnerabilityFlagGroup struct {
VulnType *Flag
IgnoreUnfixed *Flag
IgnoreStatus *Flag
}
type VulnerabilityOptions struct {
VulnType []string
IgnoreStatuses []dbTypes.Status
}
func NewVulnerabilityFlagGroup() *VulnerabilityFlagGroup {
return &VulnerabilityFlagGroup{
VulnType: &VulnTypeFlag,
IgnoreUnfixed: &IgnoreUnfixedFlag,
IgnoreStatus: &IgnoreStatusFlag,
}
}
func (f *VulnerabilityFlagGroup) Name() string {
return "Vulnerability"
}
func (f *VulnerabilityFlagGroup) Flags() []*Flag {
return []*Flag{
f.VulnType,
f.IgnoreUnfixed,
f.IgnoreStatus,
}
}
func (f *VulnerabilityFlagGroup) ToOptions() VulnerabilityOptions {
// Just convert string to dbTypes.Status as the validated values are passed here.
ignoreStatuses := lo.Map(getStringSlice(f.IgnoreStatus), func(s string, _ int) dbTypes.Status {
return dbTypes.NewStatus(s)
})
ignoreUnfixed := getBool(f.IgnoreUnfixed)
switch {
case ignoreUnfixed && len(ignoreStatuses) > 0:
log.Logger.Warn("'--ignore-unfixed' is ignored because '--ignore-status' is specified")
case ignoreUnfixed:
// '--ignore-unfixed' is a shorthand of '--ignore-status'.
ignoreStatuses = lo.FilterMap(dbTypes.Statuses, func(s string, _ int) (dbTypes.Status, bool) {
fixed := dbTypes.StatusFixed
if s == fixed.String() {
return 0, false
}
return dbTypes.NewStatus(s), true
})
case len(ignoreStatuses) == 0:
ignoreStatuses = nil
}
log.Logger.Debugw("Ignore statuses", "statuses", ignoreStatuses)
return VulnerabilityOptions{
VulnType: getStringSlice(f.VulnType),
IgnoreStatuses: ignoreStatuses,
}
}