-
Notifications
You must be signed in to change notification settings - Fork 2.2k
/
custom.go
74 lines (64 loc) · 2.02 KB
/
custom.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
package spec
import (
"github.com/samber/lo"
dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
"github.com/aquasecurity/trivy/pkg/types"
)
// We might be going to rewrite these functions in Rego,
// but we'll keep them for now until we need flexibility.
var customIDs = map[string]func(types.Result) types.Result{
"VULN-CRITICAL": filterCriticalVulns,
"VULN-HIGH": filterHighVulns,
"SECRET-CRITICAL": filterCriticalSecrets,
"SECRET-HIGH": filterHighSecrets,
}
func mapCustomIDsToFilteredResults(result types.Result, checkIDs map[types.Scanner][]string,
mapCheckByID map[string]types.Results) {
for _, ids := range checkIDs {
for _, id := range ids {
filterFunc, ok := customIDs[id]
if !ok {
continue
}
filtered := filterFunc(result)
if filtered.IsEmpty() {
continue
}
mapCheckByID[id] = types.Results{filtered}
}
}
}
func filterCriticalVulns(result types.Result) types.Result {
return filterVulns(result, dbTypes.SeverityCritical)
}
func filterHighVulns(result types.Result) types.Result {
return filterVulns(result, dbTypes.SeverityHigh)
}
func filterVulns(result types.Result, severity dbTypes.Severity) types.Result {
filtered := lo.Filter(result.Vulnerabilities, func(vuln types.DetectedVulnerability, _ int) bool {
return vuln.Severity == severity.String()
})
return types.Result{
Target: result.Target,
Class: result.Class,
Type: result.Type,
Vulnerabilities: filtered,
}
}
func filterCriticalSecrets(result types.Result) types.Result {
return filterSecrets(result, dbTypes.SeverityCritical)
}
func filterHighSecrets(result types.Result) types.Result {
return filterSecrets(result, dbTypes.SeverityHigh)
}
func filterSecrets(result types.Result, severity dbTypes.Severity) types.Result {
filtered := lo.Filter(result.Secrets, func(secret types.DetectedSecret, _ int) bool {
return secret.Severity == severity.String()
})
return types.Result{
Target: result.Target,
Class: result.Class,
Type: result.Type,
Secrets: filtered,
}
}