refactor(scan): remove duplicate CVESet types

Closes #9471 Signed-off-by: He Weiwei <hweiwei@vmware.com>
2025-01-11 10:27:58 +01:00 · 2020-08-18 06:33:17 +00:00 · 2020-08-18 06:33:17 +00:00 · ef37bd1afb
commit ef37bd1afb
parent 3364f76d99
6 changed files with 29 additions and 25 deletions
--- a/src/common/models/cve_allowlist.go
+++ b/src/common/models/cve_allowlist.go
@ -14,7 +14,9 @@

 package models

-import "time"
+import (
+	"time"
+)

 // CVEAllowlist defines the data model for a CVE allowlist
 type CVEAllowlist struct {
@ -38,8 +40,8 @@ func (c *CVEAllowlist) TableName() string {
 }

 // CVESet returns the set of CVE id of the items in the allowlist to help filter the vulnerability list
-func (c *CVEAllowlist) CVESet() map[string]struct{} {
-	r := map[string]struct{}{}
+func (c *CVEAllowlist) CVESet() CVESet {
+	r := CVESet{}
 	for _, it := range c.Items {
 		r[it.CVEID] = struct{}{}
 	}
@ -53,3 +55,13 @@ func (c *CVEAllowlist) IsExpired() bool {
 	}
 	return time.Now().Unix() >= *c.ExpiresAt
 }
+
+// CVESet defines the CVE allowlist with a hash set way for easy query.
+type CVESet map[string]struct{}
+
+// Contains checks whether the specified CVE is in the set or not.
+func (cs CVESet) Contains(cve string) bool {
+	_, ok := cs[cve]
+
+	return ok
+}
--- a/src/common/models/cve_allowlist_test.go
+++ b/src/common/models/cve_allowlist_test.go
@ -15,10 +15,10 @@
 package models

 import (
-	"github.com/stretchr/testify/assert"
-	"reflect"
 	"testing"
 	"time"
+
+	"github.com/stretchr/testify/assert"
 )

 func TestCVEAllowlist_All(t *testing.T) {
@ -26,7 +26,7 @@ func TestCVEAllowlist_All(t *testing.T) {
 	now := time.Now().Unix()
 	cases := []struct {
 		input   CVEAllowlist
-		cveset  map[string]struct{}
+		cveset  CVESet
 		expired bool
 	}{
 		{
@ -35,7 +35,7 @@ func TestCVEAllowlist_All(t *testing.T) {
 				ProjectID: 0,
 				Items:     []CVEAllowlistItem{},
 			},
-			cveset:  map[string]struct{}{},
+			cveset:  CVESet{},
 			expired: false,
 		},
 		{
@ -45,7 +45,7 @@ func TestCVEAllowlist_All(t *testing.T) {
 				Items:     []CVEAllowlistItem{},
 				ExpiresAt: &now,
 			},
-			cveset:  map[string]struct{}{},
+			cveset:  CVESet{},
 			expired: true,
 		},
 		{
@ -58,7 +58,7 @@ func TestCVEAllowlist_All(t *testing.T) {
 				},
 				ExpiresAt: &future,
 			},
-			cveset: map[string]struct{}{
+			cveset: CVESet{
 				"CVE-1999-0067":    {},
 				"CVE-2016-7654321": {},
 			},
@ -67,6 +67,6 @@ func TestCVEAllowlist_All(t *testing.T) {
 	}
 	for _, c := range cases {
 		assert.Equal(t, c.expired, c.input.IsExpired())
-		assert.True(t, reflect.DeepEqual(c.cveset, c.input.CVESet()))
+		assert.Equal(t, c.cveset, c.input.CVESet())
 	}
 }
--- a/src/controller/p2p/preheat/enforcer.go
+++ b/src/controller/p2p/preheat/enforcer.go
@ -476,7 +476,7 @@ func (de *defaultEnforcer) startTask(ctx context.Context, executionID int64, can

 // getVulnerabilitySev gets the severity code value for the given artifact with allowlist option set
 func (de *defaultEnforcer) getVulnerabilitySev(ctx context.Context, p *models.Project, art *artifact.Artifact) (uint, error) {
-	al := report.CVESet(p.CVEAllowlist.CVESet())
+	al := p.CVEAllowlist.CVESet()
 	r, err := de.scanCtl.GetSummary(ctx, art, []string{v1.MimeTypeNativeReport}, report.WithCVEAllowlist(&al))
 	if err != nil {
 		if errors.IsNotFoundErr(err) {
--- a/src/pkg/scan/report/summary.go
+++ b/src/pkg/scan/report/summary.go
@ -17,6 +17,7 @@ package report
 import (
 	"reflect"

+	"github.com/goharbor/harbor/src/common/models"
 	"github.com/goharbor/harbor/src/jobservice/job"
 	"github.com/goharbor/harbor/src/lib/errors"
 	"github.com/goharbor/harbor/src/pkg/scan/dao/scan"
@ -24,29 +25,19 @@ import (
 	"github.com/goharbor/harbor/src/pkg/scan/vuln"
 )

-// CVESet defines the CVE allowlist with a hash set way for easy query.
-type CVESet map[string]struct{}
-
-// Contains checks whether the specified CVE is in the set or not.
-func (cs CVESet) Contains(cve string) bool {
-	_, ok := cs[cve]
-
-	return ok
-}
-
 // Options provides options for getting the report w/ summary.
 type Options struct {
 	// If it is set, the returned report will contains artifact digest for the vulnerabilities
 	ArtifactDigest string
 	// If it is set, the returned summary will not count the CVEs in the list in.
-	CVEAllowlist CVESet
+	CVEAllowlist models.CVESet
 }

 // Option for getting the report w/ summary with func template way.
 type Option func(options *Options)

 // WithCVEAllowlist is an option of setting CVE allowlist.
-func WithCVEAllowlist(set *CVESet) Option {
+func WithCVEAllowlist(set *models.CVESet) Option {
 	return func(options *Options) {
 		options.CVEAllowlist = *set
 	}
--- a/src/pkg/scan/report/summary_test.go
+++ b/src/pkg/scan/report/summary_test.go
@ -19,6 +19,7 @@ import (
 	"testing"
 	"time"

+	"github.com/goharbor/harbor/src/common/models"
 	"github.com/goharbor/harbor/src/pkg/scan/dao/scan"
 	v1 "github.com/goharbor/harbor/src/pkg/scan/rest/v1"
 	"github.com/goharbor/harbor/src/pkg/scan/vuln"
@ -108,7 +109,7 @@ func (suite *SummaryTestSuite) TestSummaryGenerateSummaryNoOptions() {

 // TestSummaryGenerateSummaryWithOptions ...
 func (suite *SummaryTestSuite) TestSummaryGenerateSummaryWithOptions() {
-	cveSet := make(CVESet)
+	cveSet := make(models.CVESet)
 	cveSet["2019-0980-0909"] = struct{}{}

 	summaries, err := GenerateSummary(suite.r, WithCVEAllowlist(&cveSet))
--- a/src/server/middleware/vulnerable/vulnerable.go
+++ b/src/server/middleware/vulnerable/vulnerable.go
@ -91,7 +91,7 @@ func Middleware() func(http.Handler) http.Handler {
 			return nil
 		}

-		allowlist := report.CVESet(proj.CVEAllowlist.CVESet())
+		allowlist := proj.CVEAllowlist.CVESet()
 		summaries, err := scanController.GetSummary(ctx, art, []string{v1.MimeTypeNativeReport}, report.WithCVEAllowlist(&allowlist))
 		if err != nil {
 			logger.Errorf("get vulnerability summary of the artifact %s@%s failed, error: %v", art.RepositoryName, art.Digest, err)