rpc: Add CVSS information to client/server (#564)

Signed-off-by: Simarpreet Singh <simar@linux.com>
aquasecurity · Jul 26, 2020 · 5b9d942 · 5b9d942
1 parent d6b37cb
commit 5b9d942
Show file tree

Hide file tree

Showing 8 changed files with 222 additions and 65 deletions.
diff --git a/pkg/rpc/client/client_test.go b/pkg/rpc/client/client_test.go
@@ -153,6 +153,20 @@ func TestScanner_Scan(t *testing.T) {
 										Severity:         common.Severity_CRITICAL,
 										References:       []string{"http://exammple.com"},
 										SeveritySource:   "nvd",
+										Cvss: map[string]*common.CVSS{
+											"nvd": {
+												V2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
+												V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+												V2Score:  7.2,
+												V3Score:  7.8,
+											},
+											"redhat": {
+												V2Vector: "AV:H/AC:L/Au:N/C:C/I:C/A:C",
+												V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+												V2Score:  4.2,
+												V3Score:  2.8,
+											},
+										},
 										Layer: &common.Layer{
 											DiffId: "sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10",
 										},
@@ -177,6 +191,20 @@ func TestScanner_Scan(t *testing.T) {
 								Description: "Denial os Service",
 								Severity:    "CRITICAL",
 								References:  []string{"http://exammple.com"},
+								CVSS: dbTypes.VendorCVSS{
+									"nvd": {
+										V2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
+										V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+										V2Score:  7.2,
+										V3Score:  7.8,
+									},
+									"redhat": {
+										V2Vector: "AV:H/AC:L/Au:N/C:C/I:C/A:C",
+										V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+										V2Score:  4.2,
+										V3Score:  2.8,
+									},
+								},
 							},
 							SeveritySource: "nvd",
 							Layer: ftypes.Layer{

diff --git a/pkg/rpc/convert.go b/pkg/rpc/convert.go
@@ -101,6 +101,15 @@ func ConvertToRpcVulns(vulns []types.DetectedVulnerability) []*common.Vulnerabil
 		if err != nil {
 			log.Logger.Warn(err)
 		}
+		cvssMap := make(map[string]*common.CVSS) // This is needed because protobuf generates a map[string]*CVSS type
+		for vendor, vendorSeverity := range vuln.CVSS {
+			cvssMap[vendor] = &common.CVSS{
+				V2Vector: vendorSeverity.V2Vector,
+				V3Vector: vendorSeverity.V3Vector,
+				V2Score:  vendorSeverity.V2Score,
+				V3Score:  vendorSeverity.V3Score,
+			}
+		}
 
 		rpcVulns = append(rpcVulns, &common.Vulnerability{
 			VulnerabilityId:  vuln.VulnerabilityID,
@@ -115,6 +124,7 @@ func ConvertToRpcVulns(vulns []types.DetectedVulnerability) []*common.Vulnerabil
 				Digest: vuln.Layer.Digest,
 				DiffId: vuln.Layer.DiffID,
 			},
+			Cvss:           cvssMap,
 			SeveritySource: vuln.SeveritySource,
 		})
 	}
@@ -128,6 +138,16 @@ func ConvertFromRpcResults(rpcResults []*scanner.Result) []report.Result {
 		var vulns []types.DetectedVulnerability
 		for _, vuln := range result.Vulnerabilities {
 			severity := dbTypes.Severity(vuln.Severity)
+			cvssMap := make(dbTypes.VendorCVSS) // This is needed because protobuf generates a map[string]*CVSS type
+			for vendor, vendorSeverity := range vuln.Cvss {
+				cvssMap[vendor] = dbTypes.CVSS{
+					V2Vector: vendorSeverity.V2Vector,
+					V3Vector: vendorSeverity.V3Vector,
+					V2Score:  vendorSeverity.V2Score,
+					V3Score:  vendorSeverity.V3Score,
+				}
+			}
+
 			vulns = append(vulns, types.DetectedVulnerability{
 				VulnerabilityID:  vuln.VulnerabilityId,
 				PkgName:          vuln.PkgName,
@@ -137,6 +157,7 @@ func ConvertFromRpcResults(rpcResults []*scanner.Result) []report.Result {
 					Title:       vuln.Title,
 					Description: vuln.Description,
 					Severity:    severity.String(),
+					CVSS:        cvssMap,
 					References:  vuln.References,
 				},
 				Layer: ftypes.Layer{

diff --git a/pkg/rpc/convert_test.go b/pkg/rpc/convert_test.go
@@ -252,7 +252,15 @@ func TestConvertToRpcVulns(t *testing.T) {
 							Title:       "DoS",
 							Description: "Denial of Service",
 							Severity:    "MEDIUM",
-							References:  []string{"http://example.com"},
+							CVSS: dbTypes.VendorCVSS{
+								"redhat": {
+									V2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
+									V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+									V2Score:  7.2,
+									V3Score:  7.8,
+								},
+							},
+							References: []string{"http://example.com"},
 						},
 						Layer: ftypes.Layer{
 							Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",
@@ -270,7 +278,15 @@ func TestConvertToRpcVulns(t *testing.T) {
 					Title:            "DoS",
 					Description:      "Denial of Service",
 					Severity:         common.Severity_MEDIUM,
-					References:       []string{"http://example.com"},
+					Cvss: map[string]*common.CVSS{
+						"redhat": {
+							V2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
+							V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+							V2Score:  7.2,
+							V3Score:  7.8,
+						},
+					},
+					References: []string{"http://example.com"},
 					Layer: &common.Layer{
 						Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",
 						DiffId: "sha256:b2a1a2d80bf0c747a4f6b0ca6af5eef23f043fcdb1ed4f3a3e750aef2dc68079",
@@ -309,6 +325,7 @@ func TestConvertToRpcVulns(t *testing.T) {
 					Title:            "DoS",
 					Description:      "Denial of Service",
 					Severity:         common.Severity_UNKNOWN,
+					Cvss:             make(map[string]*common.CVSS),
 					References:       []string{"http://example.com"},
 					Layer: &common.Layer{
 						Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",

diff --git a/pkg/rpc/server/library/server_test.go b/pkg/rpc/server/library/server_test.go
@@ -112,6 +112,7 @@ func TestServer_Detect(t *testing.T) {
 						Title:            "title",
 						Description:      "description",
 						Severity:         common.Severity_MEDIUM,
+						Cvss:             make(map[string]*common.CVSS),
 						References:       []string{"http://example.com"},
 						Layer: &common.Layer{
 							Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",

diff --git a/pkg/rpc/server/ospkg/server_test.go b/pkg/rpc/server/ospkg/server_test.go
@@ -96,6 +96,7 @@ func TestServer_Detect(t *testing.T) {
 						VulnerabilityId: "CVE-2019-0001",
 						PkgName:         "musl",
 						Severity:        common.Severity_HIGH,
+						Cvss:            make(map[string]*common.CVSS),
 						Layer: &common.Layer{
 							Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",
 							DiffId: "sha256:b2a1a2d80bf0c747a4f6b0ca6af5eef23f043fcdb1ed4f3a3e750aef2dc68079",

diff --git a/pkg/rpc/server/server_test.go b/pkg/rpc/server/server_test.go
@@ -114,6 +114,7 @@ func TestScanServer_Scan(t *testing.T) {
 								FixedVersion:     "1.2.4",
 								SeveritySource:   "nvd",
 								Layer:            &common.Layer{},
+								Cvss:             make(map[string]*common.CVSS),
 							},
 						},
 						Type: "alpine",