mirror of
https://github.com/goharbor/harbor.git
synced 2024-10-04 00:07:47 +02:00
Export CVE data Score column empty values (#17321) Closes: https://github.com/goharbor/harbor/issues/17189 Signed-off-by: prahaladdarkin <prahaladd@vmware.com> Co-authored-by: prahaladdarkin <prahaladd@vmware.com>
This commit is contained in:
parent
5d876c088d
commit
08c1cc40bf
@ -637,10 +637,6 @@ func (suite *ScanDataExportJobTestSuite) createDataRecords(numRecs int, ownerId
|
||||
Version: fmt.Sprintf("Version%d", i),
|
||||
FixVersion: fmt.Sprintf("FixVersion%d", i),
|
||||
Severity: fmt.Sprintf("Severity%d", i),
|
||||
CVSSScoreV3: fmt.Sprintf("3.0"),
|
||||
CVSSScoreV2: fmt.Sprintf("2.0"),
|
||||
CVSSVectorV3: fmt.Sprintf("TestCVSSVectorV3%d", i),
|
||||
CVSSVectorV2: fmt.Sprintf("TestCVSSVectorV2%d", i),
|
||||
CWEIds: "",
|
||||
}
|
||||
data = append(data, dataRec)
|
||||
|
@ -36,10 +36,6 @@ func (vds *defaultVulnerabilitySelector) Select(vulnDataRecords []Data, decorati
|
||||
value = vulnDataRecord.Package
|
||||
case ScannerMatches:
|
||||
value = vulnDataRecord.ScannerName
|
||||
case CVE2VectorMatches:
|
||||
value = vulnDataRecord.CVSSVectorV2
|
||||
case CVE3VectorMatches:
|
||||
value = vulnDataRecord.CVSSVectorV3
|
||||
}
|
||||
matched, err := vds.match(pattern, value)
|
||||
if err != nil {
|
||||
|
@ -64,38 +64,6 @@ func (suite *ExportDataSelectorTestSuite) TestScannerNameFilter() {
|
||||
}
|
||||
}
|
||||
|
||||
func (suite *ExportDataSelectorTestSuite) TestCVE2VectorMatches() {
|
||||
{
|
||||
dataRecords := suite.createDataRecords(10, 1)
|
||||
filtered, err := suite.exportDataSelector.Select(dataRecords, CVE2VectorMatches, "TestCVSSVectorV21")
|
||||
suite.NoError(err)
|
||||
suite.Equal(1, len(filtered))
|
||||
suite.Equal("TestCVSSVectorV21", filtered[0].CVSSVectorV2)
|
||||
}
|
||||
{
|
||||
dataRecords := suite.createDataRecords(10, 1)
|
||||
filtered, err := suite.exportDataSelector.Select(dataRecords, CVE2VectorMatches, "")
|
||||
suite.NoError(err)
|
||||
suite.Equal(10, len(filtered))
|
||||
}
|
||||
}
|
||||
|
||||
func (suite *ExportDataSelectorTestSuite) TestCVE3VectorMatches() {
|
||||
{
|
||||
dataRecords := suite.createDataRecords(10, 1)
|
||||
filtered, err := suite.exportDataSelector.Select(dataRecords, CVE3VectorMatches, "TestCVSSVectorV31")
|
||||
suite.NoError(err)
|
||||
suite.Equal(1, len(filtered))
|
||||
suite.Equal("TestCVSSVectorV31", filtered[0].CVSSVectorV3)
|
||||
}
|
||||
{
|
||||
dataRecords := suite.createDataRecords(10, 1)
|
||||
filtered, err := suite.exportDataSelector.Select(dataRecords, CVE3VectorMatches, "")
|
||||
suite.NoError(err)
|
||||
suite.Equal(10, len(filtered))
|
||||
}
|
||||
}
|
||||
|
||||
func TestExportDataSelectorTestSuite(t *testing.T) {
|
||||
suite.Run(t, &ExportDataSelectorTestSuite{})
|
||||
}
|
||||
@ -113,10 +81,6 @@ func (suite *ExportDataSelectorTestSuite) createDataRecords(numRecs int, ownerId
|
||||
Version: fmt.Sprintf("Version%d", i),
|
||||
FixVersion: fmt.Sprintf("FixVersion%d", i),
|
||||
Severity: fmt.Sprintf("Severity%d", i),
|
||||
CVSSScoreV3: fmt.Sprintf("3.0"),
|
||||
CVSSScoreV2: fmt.Sprintf("2.0"),
|
||||
CVSSVectorV3: fmt.Sprintf("TestCVSSVectorV3%d", i),
|
||||
CVSSVectorV2: fmt.Sprintf("TestCVSSVectorV2%d", i),
|
||||
CWEIds: "",
|
||||
}
|
||||
data = append(data, dataRec)
|
||||
|
@ -29,13 +29,10 @@ select
|
||||
vulnerability_record.cve_id,
|
||||
vulnerability_record.package,
|
||||
vulnerability_record.severity,
|
||||
vulnerability_record.cvss_score_v3,
|
||||
vulnerability_record.cvss_score_v2,
|
||||
vulnerability_record.cvss_vector_v3,
|
||||
vulnerability_record.cvss_vector_v2,
|
||||
vulnerability_record.cwe_ids,
|
||||
vulnerability_record.package_version,
|
||||
vulnerability_record.fixed_version,
|
||||
to_jsonb(vulnerability_record.vendor_attributes) as vendor_attributes,
|
||||
scanner_registration."name" as scanner_name
|
||||
from
|
||||
report_vulnerability_record
|
||||
@ -53,13 +50,10 @@ group by
|
||||
artifact.digest,
|
||||
artifact.repository_id,
|
||||
artifact.repository_name,
|
||||
vulnerability_record.cvss_score_v3,
|
||||
vulnerability_record.cvss_score_v2,
|
||||
vulnerability_record.cvss_vector_v3,
|
||||
vulnerability_record.cvss_vector_v2,
|
||||
vulnerability_record.cwe_ids,
|
||||
vulnerability_record.package_version,
|
||||
vulnerability_record.fixed_version,
|
||||
to_jsonb(vulnerability_record.vendor_attributes),
|
||||
scanner_registration.id
|
||||
`
|
||||
JobModeExport = "export"
|
||||
|
@ -1,6 +1,7 @@
|
||||
package export
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"testing"
|
||||
"time"
|
||||
@ -122,6 +123,9 @@ func (suite *ExportManagerSuite) TestExport() {
|
||||
data, err := suite.exportManager.Fetch(suite.Context(), Params{ArtifactIDs: []int64{1}})
|
||||
suite.NoError(err)
|
||||
suite.Equal(10, len(data))
|
||||
for _, datum := range data {
|
||||
suite.Equal("{\"CVSS\": {\"nvd\": {\"V2Score\": \"4.3\"}}}", datum.AdditionalData)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -170,6 +174,10 @@ func (suite *ExportManagerSuite) generateVulnerabilityRecordsForReport(registrat
|
||||
} else {
|
||||
vulnV2.Severity = "Low"
|
||||
}
|
||||
var vendorAttributes = make(map[string]interface{})
|
||||
vendorAttributes["CVSS"] = map[string]interface{}{"nvd": map[string]interface{}{"V2Score": "4.3"}}
|
||||
data, _ := json.Marshal(vendorAttributes)
|
||||
vulnV2.VendorAttributes = string(data)
|
||||
vulns = append(vulns, vulnV2)
|
||||
}
|
||||
|
||||
|
@ -18,11 +18,8 @@ type Data struct {
|
||||
Version string `orm:"column(package_version)" csv:"Current Version"`
|
||||
FixVersion string `orm:"column(fixed_version)" csv:"Fixed in version"`
|
||||
Severity string `orm:"column(severity)" csv:"Severity"`
|
||||
CVSSScoreV3 string `orm:"column(cvss_score_v3)" csv:"CVSS V3 Score"`
|
||||
CVSSScoreV2 string `orm:"column(cvss_score_v2)" csv:"CVSS V2 Score"`
|
||||
CVSSVectorV3 string `orm:"column(cvss_vector_v3)" csv:"CVSS V3 Vector"`
|
||||
CVSSVectorV2 string `orm:"column(cvss_vector_v2)" csv:"CVSS V2 Vector"`
|
||||
CWEIds string `orm:"column(cwe_ids)" csv:"CWE Ids"`
|
||||
AdditionalData string `orm:"column(vendor_attributes)" csv:"Additional Data"`
|
||||
}
|
||||
|
||||
// Request encapsulates the filters to be provided when exporting the data for a scan.
|
||||
|
Loading…
Reference in New Issue
Block a user