Fix to CVE Data Export functionality for images pushed by docker push (#17182)

Closes: * https://github.com/goharbor/harbor/issues/17167 Signed-off-by: prahaladdarkin <prahaladd@vmware.com>
2024-11-22 18:25:56 +01:00 · 2022-07-18 06:52:15 +05:30 · 2022-07-18 06:52:15 +05:30 · f3edb03b49
commit f3edb03b49
parent 72cd65df6a
1 changed files with 20 additions and 2 deletions
--- a/src/pkg/scan/export/manager.go
+++ b/src/pkg/scan/export/manager.go
@ -20,7 +20,7 @@ scanner_registration.id as scanner_id, scanner_registration."name" as scanner_na
 vulnerability_record.cve_id, vulnerability_record.package, vulnerability_record.severity,
 vulnerability_record.cvss_score_v3, vulnerability_record.cvss_score_v2, vulnerability_record.cvss_vector_v3, vulnerability_record.cvss_vector_v2, vulnerability_record.cwe_ids from report_vulnerability_record inner join  scan_report on report_vulnerability_record.report_uuid = scan_report.uuid
 inner join  artifact on  scan_report.digest = artifact.digest
-inner join artifact_reference on artifact.id = artifact_reference.child_id
+left outer join artifact_reference on artifact.id = artifact_reference.child_id
 inner join  vulnerability_record on  report_vulnerability_record.vuln_record_id = vulnerability_record.id
 inner join project on artifact.project_id = project.project_id
 inner join repository on artifact.repository_id = repository.repository_id
@ -29,10 +29,12 @@ inner join harbor_user on project.owner_id = harbor_user.user_id
 inner join scanner_registration on scan_report.registration_uuid = scanner_registration.uuid `
 	ArtifactBylabelQueryTemplate = "select distinct artifact.id from artifact inner join label_reference on artifact.id = label_reference.artifact_id inner join harbor_label on label_reference.label_id = harbor_label.id and harbor_label.id in (%s)"
 	SQLAnd                       = " and "
+	SQLOr                        = " or "
 	RepositoryIDColumn           = "repository.repository_id"
 	ProjectIDColumn              = "project.project_id"
 	TagIDColumn                  = "tag.id"
 	ArtifactParentIDColumn       = "artifact_reference.parent_id"
+	ArtifactIDColumn             = "artifact.id"
 	GroupBy                      = " group by "
 	GroupByCols                  = `package, vulnerability_record.severity, vulnerability_record.cve_id, project.project_id, harbor_user.user_id , 
 repository.repository_id, scanner_registration.id, vulnerability_record.cvss_score_v3, 
@ -173,7 +175,7 @@ func (em *exportManager) getFilters(ctx context.Context, params Params, artifact
 	}

 	if len(artifactsWithLabel) > 0 {
-		filters = em.buildIDFilterFragmentWithIn(artifactsWithLabel, filters, ArtifactParentIDColumn)
+		filters = em.buildIDFilterFragmentWithInForMultipleCols(artifactsWithLabel, filters, []string{ArtifactParentIDColumn, ArtifactIDColumn}, SQLOr)
 	}

 	if len(filters) == 0 {
@ -202,6 +204,22 @@ func (em *exportManager) buildIDFilterFragmentWithIn(ids []int64, filters []stri
 	return filters
 }

+func (em *exportManager) buildIDFilterFragmentWithInForMultipleCols(ids []int64, filters, columns []string, operator string) []string {
+	if len(ids) == 0 {
+		return filters
+	}
+	strIds := make([]string, 0)
+	for _, id := range ids {
+		strIds = append(strIds, strconv.FormatInt(id, 10))
+	}
+	columnInClauses := make([]string, 0)
+	for _, column := range columns {
+		columnInClauses = append(columnInClauses, fmt.Sprintf(" %s in (%s)", column, strings.Join(strIds, ",")))
+	}
+	filters = append(filters, strings.Join(columnInClauses, operator))
+	return filters
+}
+
 // utility method to get all child artifacts belonging to a parent containing
 // the specified label ids.
 // Within Harbor, labels are attached to the root artifact whereas scan results