update CVE' if exists

Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
kubescape · Mar 29, 2023 · c2e22db · c2e22db
1 parent e6f88e1
commit c2e22db
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 5 deletions.
diff --git a/repositories/apiserver.go b/repositories/apiserver.go
@@ -2,6 +2,7 @@ package repositories
 
 import (
 	"context"
+	"strconv"
 	"strings"
 	"time"
 
@@ -99,7 +100,7 @@ func (a *APIServerStore) StoreCVE(ctx context.Context, cve domain.CVEManifest, w
 	_, span := otel.Tracer("").Start(ctx, "APIServerStore.StoreCVE")
 	defer span.End()
 	if cve.ID == "" {
-		logger.L().Debug("skipping storing CVE manifest with empty ID")
+		logger.L().Debug("skipping storing CVE manifest with empty ID", helpers.String("relevant", strconv.FormatBool(withRelevancy)))
 		return nil
 	}
 	name := hashFromImageID(cve.ID)
@@ -131,11 +132,15 @@ func (a *APIServerStore) StoreCVE(ctx context.Context, cve domain.CVEManifest, w
 	_, err := a.StorageClient.VulnerabilityManifests(a.Namespace).Create(context.Background(), &manifest, metav1.CreateOptions{})
 	switch {
 	case errors.IsAlreadyExists(err):
-		logger.L().Debug("CVE manifest already exists in storage", helpers.String("ID", cve.ID))
+		_, err := a.StorageClient.VulnerabilityManifests(a.Namespace).Update(context.Background(), &manifest, metav1.UpdateOptions{})
+		if err != nil {
+			logger.L().Ctx(ctx).Warning("failed to update CVE manifest into apiserver", helpers.Error(err), helpers.String("ID", cve.ID), helpers.String("relevant", strconv.FormatBool(withRelevancy)))
+		}
+		logger.L().Debug("updated CVE manifest in storage", helpers.String("ID", cve.ID), helpers.String("relevant", strconv.FormatBool(withRelevancy)))
 	case err != nil:
-		logger.L().Ctx(ctx).Warning("failed to store CVE manifest into apiserver", helpers.Error(err), helpers.String("ID", cve.ID))
+		logger.L().Ctx(ctx).Warning("failed to store CVE manifest into apiserver", helpers.Error(err), helpers.String("ID", cve.ID), helpers.String("relevant", strconv.FormatBool(withRelevancy)))
 	default:
-		logger.L().Debug("stored CVE manifest in storage", helpers.String("ID", cve.ID))
+		logger.L().Debug("stored CVE manifest in storage", helpers.String("ID", cve.ID), helpers.String("relevant", strconv.FormatBool(withRelevancy)))
 	}
 	return nil
 }

diff --git a/repositories/apiserver_test.go b/repositories/apiserver_test.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kubescape/kubevuln/core/domain"
 	"github.com/kubescape/kubevuln/internal/tools"
 	"github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1"
+	"gotest.tools/v3/assert"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -17,7 +18,7 @@ const instanceID = "ee9bdd0adec9ce004572faf3492f583aa82042a8b3a9d5c7d9179dc03c53
 func (a *APIServerStore) storeSBOMp(ctx context.Context, sbom domain.SBOM) error {
 	manifest := v1beta1.SBOMSPDXv2p3Filtered{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:   sbom.ID,
+			Name: sbom.ID,
 			Annotations: map[string]string{
 				domain.StatusKey: sbom.Status,
 			},
@@ -115,6 +116,27 @@ func TestAPIServerStore_GetCVE(t *testing.T) {
 	}
 }
 
+func TestAPIServerStore_UpdateCVE(t *testing.T) {
+	ctx := context.TODO()
+	a := NewFakeAPIServerStorage("kubescape")
+	cvep := domain.CVEManifest{
+		ID:           instanceID,
+		Content:      &v1beta1.GrypeDocument{
+			Descriptor: v1beta1.Descriptor{
+				Version: "v1.0.0",
+			},
+		},
+	}
+	err := a.StoreCVE(ctx, cvep, true)
+	tools.EnsureSetup(t, err == nil)
+	cvep.Content.Descriptor.Version = "v1.1.0"
+	err = a.StoreCVE(ctx, cvep, true)
+	assert.Assert(t, err == nil)
+	got, err := a.GetCVE(ctx, instanceID, "", "", "")
+	tools.EnsureSetup(t, err == nil)
+	assert.Assert(t, got.Content.Descriptor.Version == "v1.1.0")
+}
+
 func TestAPIServerStore_GetSBOM(t *testing.T) {
 	type args struct {
 		ctx                context.Context