Merge pull request #108 from kubescape/add-relevancy-counter

Add relevancy counter
kubescape · May 16, 2023 · 954f881 · 954f881
2 parents 757296d + 33eb801
commit 954f881
Show file tree

Hide file tree

Showing 9 changed files with 35 additions and 30 deletions.
diff --git a/adapters/v1/armo_utils.go b/adapters/v1/armo_utils.go
@@ -207,8 +207,7 @@ func summarize(report v1.ScanResultReport, vulnerabilities []containerscan.Commo
 		}
 
 		isRelevant := vulnerabilities[i].GetIsRelevant()
-		if isRelevant != nil {
-			// if IsRelevant is not nil, we have relevancy data
+		if isRelevant != nil { // if IsRelevant is not nil, we have relevancy data
 			if *isRelevant {
 				// vulnerability is relevant
 				vulnerabilities[i].SetRelevantLabel(containerscan.RelevantLabelYes)
@@ -232,12 +231,20 @@ func summarize(report v1.ScanResultReport, vulnerabilities []containerscan.Commo
 	// if there is no CVEp, label is empty
 	if !hasRelevancy {
 		summary.SetRelevantLabel(containerscan.RelevantLabelNotExists)
-	} else if summary.SeverityStats.RelevantCount == 0 {
-		// if there is CVEp but no relevant vulnerabilities, label is "no"
-		summary.SetRelevantLabel(containerscan.RelevantLabelNo)
 	} else {
-		// if there is CVEp and there are relevant vulnerabilities, label is "yes"
-		summary.SetRelevantLabel(containerscan.RelevantLabelYes)
+		// mark relevancy scan in severities stats
+		for severity, severityStats := range actualSeveritiesStats {
+			severityStats.RelevancyScanCount = 1
+			actualSeveritiesStats[severity] = severityStats
+		}
+		summary.SeverityStats.RelevancyScanCount = 1
+		if summary.SeverityStats.RelevantCount == 0 {
+			// if there is CVEp but no relevant vulnerabilities, label is "no"
+			summary.SetRelevantLabel(containerscan.RelevantLabelNo)
+		} else {
+			// if there is CVEp and there are relevant vulnerabilities, label is "yes"
+			summary.SetRelevantLabel(containerscan.RelevantLabelYes)
+		}
 	}
 
 	for sever := range actualSeveritiesStats {

diff --git a/adapters/v1/armo_utils_test.go b/adapters/v1/armo_utils_test.go
@@ -287,15 +287,16 @@ func Test_summarize(t *testing.T) {
 				Namespace:       designators.Attributes["namespace"],
 				PackagesName:    []string{},
 				SeveritiesStats: []containerscan.SeverityStats{
-					{Severity: "Critical", TotalCount: 2, RCEFixCount: 2, FixAvailableOfTotalCount: 2, RCECount: 2},
-					{Severity: "Medium", TotalCount: 1, FixAvailableOfTotalCount: 1},
-					{Severity: "Negligible", TotalCount: 1},
+					{Severity: "Critical", TotalCount: 2, RCEFixCount: 2, FixAvailableOfTotalCount: 2, RCECount: 2, RelevancyScanCount: 0},
+					{Severity: "Medium", TotalCount: 1, FixAvailableOfTotalCount: 1, RelevancyScanCount: 0},
+					{Severity: "Negligible", TotalCount: 1, RelevancyScanCount: 0},
 				},
 				SeverityStats: containerscan.SeverityStats{
 					TotalCount:               4,
 					RCEFixCount:              2,
 					FixAvailableOfTotalCount: 3,
 					RCECount:                 2,
+					RelevancyScanCount:       0,
 				},
 				Status:    "Success",
 				Timestamp: timestamp,
@@ -416,9 +417,9 @@ func Test_summarize(t *testing.T) {
 				PackagesName:     []string{},
 				RelevantLabel:    "yes",
 				SeveritiesStats: []containerscan.SeverityStats{
-					{Severity: "Critical", TotalCount: 2, RCEFixCount: 2, FixAvailableOfTotalCount: 2, RCECount: 2, RelevantCount: 1, RelevantFixCount: 1},
-					{Severity: "Medium", TotalCount: 1, FixAvailableOfTotalCount: 1},
-					{Severity: "Negligible", TotalCount: 1},
+					{Severity: "Critical", TotalCount: 2, RCEFixCount: 2, FixAvailableOfTotalCount: 2, RCECount: 2, RelevantCount: 1, RelevantFixCount: 1, RelevancyScanCount: 1},
+					{Severity: "Medium", TotalCount: 1, FixAvailableOfTotalCount: 1, RelevancyScanCount: 1},
+					{Severity: "Negligible", TotalCount: 1, RelevancyScanCount: 1},
 				},
 				SeverityStats: containerscan.SeverityStats{
 					TotalCount:               4,
@@ -427,6 +428,7 @@ func Test_summarize(t *testing.T) {
 					RCECount:                 2,
 					RelevantCount:            1,
 					RelevantFixCount:         1,
+					RelevancyScanCount:       1,
 				},
 				Status:    "Success",
 				Timestamp: timestamp,

diff --git a/adapters/v1/testdata/cve-body-with-exception.json b/adapters/v1/testdata/cve-body-with-exception.json
@@ -25,6 +25,7 @@
     "rceTotal": 0,
     "urgent": 0,
     "neglected": 0,
+    "relevancyScanCount": 0,
     "version": "",
     "registry": "",
     "customerGUID": "",
@@ -48,7 +49,8 @@
         "relevantTotal": 0,
         "rceTotal": 0,
         "urgent": 0,
-        "neglected": 0
+        "neglected": 0,
+        "relevancyScanCount": 0
       }
     ],
     "packages": [],
@@ -63,7 +65,8 @@
         "relevantTotal": 0,
         "rceTotal": 0,
         "urgent": 0,
-        "neglected": 0
+        "neglected": 0,
+        "relevancyScanCount": 0
       }
     ],
     "jobIDs": null,

diff --git a/adapters/v1/testdata/cve-body.json b/adapters/v1/testdata/cve-body.json
@@ -25,6 +25,7 @@
     "rceTotal": 0,
     "urgent": 0,
     "neglected": 0,
+    "relevancyScanCount": 0,
     "version": "",
     "registry": "",
     "customerGUID": "",
@@ -49,7 +50,8 @@
         "relevantTotal": 0,
         "rceTotal": 0,
         "urgent": 0,
-        "neglected": 0
+        "neglected": 0,
+        "relevancyScanCount": 0
       }
     ],
     "jobIDs": null,

diff --git a/adapters/v1/testdata/cve-chunk-with-relevant-summary.json b/adapters/v1/testdata/cve-chunk-with-relevant-summary.json
@@ -25,6 +25,7 @@
     "rceTotal": "<<PRESENCE>>",
     "urgent": "<<PRESENCE>>",
     "neglected": "<<PRESENCE>>",
+    "relevancyScanCount": 1,
     "version": "",
     "registry": "",
     "customerGUID": "",

diff --git a/adapters/v1/testdata/cve-chunk-with-summary.json b/adapters/v1/testdata/cve-chunk-with-summary.json
@@ -25,6 +25,7 @@
     "rceTotal": "<<PRESENCE>>",
     "urgent": "<<PRESENCE>>",
     "neglected": "<<PRESENCE>>",
+    "relevancyScanCount": 0,
     "version": "",
     "registry": "",
     "customerGUID": "",

diff --git a/core/services/scan_test.go b/core/services/scan_test.go
@@ -529,13 +529,6 @@ func Test_generateScanID(t *testing.T) {
 			},
 			want: "InstanceID",
 		},
-		// {
-		// 	name: "generate scanID with UUID",
-		// 	args: args{
-		// 		workload: domain.ScanCommand{},
-		// 	},
-		// 	want: "",
-		// },
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

diff --git a/go.mod b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/anchore/syft v0.76.0
 	github.com/aquilax/truncate v1.0.0
 	github.com/armosec/armoapi-go v0.0.176
-	github.com/armosec/cluster-container-scanner-api v0.0.52
+	github.com/armosec/cluster-container-scanner-api v0.0.54
 	github.com/armosec/logger-go v0.0.14
 	github.com/armosec/utils-go v0.0.16
 	github.com/armosec/utils-k8s-go v0.0.13

diff --git a/go.sum b/go.sum
@@ -258,8 +258,8 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armosec/armoapi-go v0.0.176 h1:C0TWqU1BrKpfJGKT9rhqGVzUZBUxLOvcSOFOoWEkFAA=
 github.com/armosec/armoapi-go v0.0.176/go.mod h1:cC43pDRr6tLMIVQGdgH1G/UxBiV5QI2QttxE9pkbqmo=
-github.com/armosec/cluster-container-scanner-api v0.0.52 h1:u6T4wCTGwyJiPPTIAVrRqsT1sfw30e+/mjVuNmDK4mg=
-github.com/armosec/cluster-container-scanner-api v0.0.52/go.mod h1:HP1ZdO9/R8x8IMiTwO3dwI+MNH1oBTrIwtqdE40lfuI=
+github.com/armosec/cluster-container-scanner-api v0.0.54 h1:m9R7+bQrGf7vkKKiFDxGU3/+kzn37uecZPjdNwAhqf8=
+github.com/armosec/cluster-container-scanner-api v0.0.54/go.mod h1:HP1ZdO9/R8x8IMiTwO3dwI+MNH1oBTrIwtqdE40lfuI=
 github.com/armosec/logger-go v0.0.14 h1:5YpXMlYt/7zIAcmJP4q1BmWNH/7bpkSndfZTyysrtUE=
 github.com/armosec/logger-go v0.0.14/go.mod h1:OKV/cBcEjNv/T62vd1cnD2lf07POPSpy3PQkURfoCeI=
 github.com/armosec/utils-go v0.0.16 h1:rz4jtEdQgQ5i+GnMYhhrlVn4izWxl04mUKMmTRSRA4o=
@@ -677,10 +677,6 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kubescape/go-logger v0.0.11 h1:oucpq2S7+DT7O+UclG5IrmHado/tj6+IkYf9czVk/aY=
 github.com/kubescape/go-logger v0.0.11/go.mod h1:yGiKBJ2lhq/kxzY/MVYDREL9fLV3RGD6gv+UFjslaew=
-github.com/kubescape/k8s-interface v0.0.121 h1:nk9NDuVPo4lWcVU7WDvJCfH6ZM4dE9gTNSr4gZHA6V4=
-github.com/kubescape/k8s-interface v0.0.121/go.mod h1:ENpA9SkkS6E3PIT+AaMu/JGkuyE04aUamY+a7WLqsJQ=
-github.com/kubescape/k8s-interface v0.0.122 h1:Aq6xf1wq+nl2UtLX6rjFaGULZxES8OlzvXNLQcZk9+0=
-github.com/kubescape/k8s-interface v0.0.122/go.mod h1:ENpA9SkkS6E3PIT+AaMu/JGkuyE04aUamY+a7WLqsJQ=
 github.com/kubescape/k8s-interface v0.0.123 h1:7KjQ1bHoaggzAPcufdT6NZeffyL4t0WWZBoaJ1tCgmY=
 github.com/kubescape/k8s-interface v0.0.123/go.mod h1:ENpA9SkkS6E3PIT+AaMu/JGkuyE04aUamY+a7WLqsJQ=
 github.com/kubescape/storage v0.2.0 h1:WZXy4Dyjf5ltEMtk0SOD9RFL1haS9ffFPGfs1gUV1aM=