From ef37bd1afbb09b7453df4cf0189e76625ac31430 Mon Sep 17 00:00:00 2001
From: He Weiwei <hweiwei@vmware.com>
Date: Tue, 18 Aug 2020 06:33:17 +0000
Subject: [PATCH] refactor(scan): remove duplicate CVESet types

Closes #9471

Signed-off-by: He Weiwei <hweiwei@vmware.com>
---
 src/common/models/cve_allowlist.go             | 18 +++++++++++++++---
 src/common/models/cve_allowlist_test.go        | 14 +++++++-------
 src/controller/p2p/preheat/enforcer.go         |  2 +-
 src/pkg/scan/report/summary.go                 | 15 +++------------
 src/pkg/scan/report/summary_test.go            |  3 ++-
 src/server/middleware/vulnerable/vulnerable.go |  2 +-
 6 files changed, 29 insertions(+), 25 deletions(-)

diff --git a/src/common/models/cve_allowlist.go b/src/common/models/cve_allowlist.go
index 9b18833246..928e69ade2 100644
--- a/src/common/models/cve_allowlist.go
+++ b/src/common/models/cve_allowlist.go
@@ -14,7 +14,9 @@
 
 package models
 
-import "time"
+import (
+	"time"
+)
 
 // CVEAllowlist defines the data model for a CVE allowlist
 type CVEAllowlist struct {
@@ -38,8 +40,8 @@ func (c *CVEAllowlist) TableName() string {
 }
 
 // CVESet returns the set of CVE id of the items in the allowlist to help filter the vulnerability list
-func (c *CVEAllowlist) CVESet() map[string]struct{} {
-	r := map[string]struct{}{}
+func (c *CVEAllowlist) CVESet() CVESet {
+	r := CVESet{}
 	for _, it := range c.Items {
 		r[it.CVEID] = struct{}{}
 	}
@@ -53,3 +55,13 @@ func (c *CVEAllowlist) IsExpired() bool {
 	}
 	return time.Now().Unix() >= *c.ExpiresAt
 }
+
+// CVESet defines the CVE allowlist with a hash set way for easy query.
+type CVESet map[string]struct{}
+
+// Contains checks whether the specified CVE is in the set or not.
+func (cs CVESet) Contains(cve string) bool {
+	_, ok := cs[cve]
+
+	return ok
+}
diff --git a/src/common/models/cve_allowlist_test.go b/src/common/models/cve_allowlist_test.go
index 9d5c87b716..7d06c18840 100644
--- a/src/common/models/cve_allowlist_test.go
+++ b/src/common/models/cve_allowlist_test.go
@@ -15,10 +15,10 @@
 package models
 
 import (
-	"github.com/stretchr/testify/assert"
-	"reflect"
 	"testing"
 	"time"
+
+	"github.com/stretchr/testify/assert"
 )
 
 func TestCVEAllowlist_All(t *testing.T) {
@@ -26,7 +26,7 @@ func TestCVEAllowlist_All(t *testing.T) {
 	now := time.Now().Unix()
 	cases := []struct {
 		input   CVEAllowlist
-		cveset  map[string]struct{}
+		cveset  CVESet
 		expired bool
 	}{
 		{
@@ -35,7 +35,7 @@ func TestCVEAllowlist_All(t *testing.T) {
 				ProjectID: 0,
 				Items:     []CVEAllowlistItem{},
 			},
-			cveset:  map[string]struct{}{},
+			cveset:  CVESet{},
 			expired: false,
 		},
 		{
@@ -45,7 +45,7 @@ func TestCVEAllowlist_All(t *testing.T) {
 				Items:     []CVEAllowlistItem{},
 				ExpiresAt: &now,
 			},
-			cveset:  map[string]struct{}{},
+			cveset:  CVESet{},
 			expired: true,
 		},
 		{
@@ -58,7 +58,7 @@ func TestCVEAllowlist_All(t *testing.T) {
 				},
 				ExpiresAt: &future,
 			},
-			cveset: map[string]struct{}{
+			cveset: CVESet{
 				"CVE-1999-0067":    {},
 				"CVE-2016-7654321": {},
 			},
@@ -67,6 +67,6 @@ func TestCVEAllowlist_All(t *testing.T) {
 	}
 	for _, c := range cases {
 		assert.Equal(t, c.expired, c.input.IsExpired())
-		assert.True(t, reflect.DeepEqual(c.cveset, c.input.CVESet()))
+		assert.Equal(t, c.cveset, c.input.CVESet())
 	}
 }
diff --git a/src/controller/p2p/preheat/enforcer.go b/src/controller/p2p/preheat/enforcer.go
index c9fd55dd37..4e75b178d9 100644
--- a/src/controller/p2p/preheat/enforcer.go
+++ b/src/controller/p2p/preheat/enforcer.go
@@ -476,7 +476,7 @@ func (de *defaultEnforcer) startTask(ctx context.Context, executionID int64, can
 
 // getVulnerabilitySev gets the severity code value for the given artifact with allowlist option set
 func (de *defaultEnforcer) getVulnerabilitySev(ctx context.Context, p *models.Project, art *artifact.Artifact) (uint, error) {
-	al := report.CVESet(p.CVEAllowlist.CVESet())
+	al := p.CVEAllowlist.CVESet()
 	r, err := de.scanCtl.GetSummary(ctx, art, []string{v1.MimeTypeNativeReport}, report.WithCVEAllowlist(&al))
 	if err != nil {
 		if errors.IsNotFoundErr(err) {
diff --git a/src/pkg/scan/report/summary.go b/src/pkg/scan/report/summary.go
index 9f54d3f391..373c3791b0 100644
--- a/src/pkg/scan/report/summary.go
+++ b/src/pkg/scan/report/summary.go
@@ -17,6 +17,7 @@ package report
 import (
 	"reflect"
 
+	"github.com/goharbor/harbor/src/common/models"
 	"github.com/goharbor/harbor/src/jobservice/job"
 	"github.com/goharbor/harbor/src/lib/errors"
 	"github.com/goharbor/harbor/src/pkg/scan/dao/scan"
@@ -24,29 +25,19 @@ import (
 	"github.com/goharbor/harbor/src/pkg/scan/vuln"
 )
 
-// CVESet defines the CVE allowlist with a hash set way for easy query.
-type CVESet map[string]struct{}
-
-// Contains checks whether the specified CVE is in the set or not.
-func (cs CVESet) Contains(cve string) bool {
-	_, ok := cs[cve]
-
-	return ok
-}
-
 // Options provides options for getting the report w/ summary.
 type Options struct {
 	// If it is set, the returned report will contains artifact digest for the vulnerabilities
 	ArtifactDigest string
 	// If it is set, the returned summary will not count the CVEs in the list in.
-	CVEAllowlist CVESet
+	CVEAllowlist models.CVESet
 }
 
 // Option for getting the report w/ summary with func template way.
 type Option func(options *Options)
 
 // WithCVEAllowlist is an option of setting CVE allowlist.
-func WithCVEAllowlist(set *CVESet) Option {
+func WithCVEAllowlist(set *models.CVESet) Option {
 	return func(options *Options) {
 		options.CVEAllowlist = *set
 	}
diff --git a/src/pkg/scan/report/summary_test.go b/src/pkg/scan/report/summary_test.go
index dd40525a66..0f8489f4f8 100644
--- a/src/pkg/scan/report/summary_test.go
+++ b/src/pkg/scan/report/summary_test.go
@@ -19,6 +19,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/goharbor/harbor/src/common/models"
 	"github.com/goharbor/harbor/src/pkg/scan/dao/scan"
 	v1 "github.com/goharbor/harbor/src/pkg/scan/rest/v1"
 	"github.com/goharbor/harbor/src/pkg/scan/vuln"
@@ -108,7 +109,7 @@ func (suite *SummaryTestSuite) TestSummaryGenerateSummaryNoOptions() {
 
 // TestSummaryGenerateSummaryWithOptions ...
 func (suite *SummaryTestSuite) TestSummaryGenerateSummaryWithOptions() {
-	cveSet := make(CVESet)
+	cveSet := make(models.CVESet)
 	cveSet["2019-0980-0909"] = struct{}{}
 
 	summaries, err := GenerateSummary(suite.r, WithCVEAllowlist(&cveSet))
diff --git a/src/server/middleware/vulnerable/vulnerable.go b/src/server/middleware/vulnerable/vulnerable.go
index d0f1278bdc..c616d2e8ff 100644
--- a/src/server/middleware/vulnerable/vulnerable.go
+++ b/src/server/middleware/vulnerable/vulnerable.go
@@ -91,7 +91,7 @@ func Middleware() func(http.Handler) http.Handler {
 			return nil
 		}
 
-		allowlist := report.CVESet(proj.CVEAllowlist.CVESet())
+		allowlist := proj.CVEAllowlist.CVESet()
 		summaries, err := scanController.GetSummary(ctx, art, []string{v1.MimeTypeNativeReport}, report.WithCVEAllowlist(&allowlist))
 		if err != nil {
 			logger.Errorf("get vulnerability summary of the artifact %s@%s failed, error: %v", art.RepositoryName, art.Digest, err)