Skip to content

Commit

Permalink
Populate vulnerability.reference with a link to NVD (#1303)
Browse files Browse the repository at this point in the history 
* opulate vulnerability.reference with a link to NVD

* revert the if statemenet
  • Loading branch information
@maxcold
maxcold authored Sep 12, 2023
1 parent 4255912 commit 752b630
Show file tree
Hide file tree
Showing 3 changed files with 75 additions and 1 deletion.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,3 +73,4 @@ terraform.rc
# Vulnerability management
db/
fanal/
java-db/
12 changes: 11 additions & 1 deletion vulnerability/events_creator.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -322,7 +322,7 @@ func (e EventsCreator) generateEvent(reportResult trivyTypes.Result, vul trivyTy
ID: vul.VulnerabilityID,
Title: vul.Title,
Enumeration: getIdentifierType(vul.VulnerabilityID),
Reference: vul.PrimaryURL,
Reference: getReference(vul),
Description: vul.Description,
Severity: vul.Severity,
Classification: vulScoreSystemClass,
Expand Down Expand Up @@ -391,6 +391,16 @@ func (e EventsCreator) getCVSSScore(vul trivyTypes.DetectedVulnerability) float6
return getCVSSValue(vul, func(cvss dbTypes.CVSS) float64 { return cvss.V2Score }, zeroVal)
}

const NVDVulnDetailBaseURL = "https://nvd.nist.gov/vuln/detail/"

func getReference(vul trivyTypes.DetectedVulnerability) string {
if _, ok := vul.CVSS[trivyVul.NVD]; !ok {
return vul.PrimaryURL
}

return fmt.Sprintf("%s%s", NVDVulnDetailBaseURL, vul.VulnerabilityID)
}

func getCVSSValue[T comparable](vul trivyTypes.DetectedVulnerability, value func(cvss dbTypes.CVSS) T, zeroVal T) T {
// Get all the sources
sources := maps.Keys(vul.CVSS)
Expand Down
63 changes: 63 additions & 0 deletions vulnerability/events_creator_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -289,3 +289,66 @@ func TestEventsCreator_getCVSSScore(t *testing.T) {
})
}
}

func TestEventsCreator_getReference(t *testing.T) {
tests := []struct {
name string
vul types.DetectedVulnerability
want string
}{
{
name: "CVSS is nil",
vul: types.DetectedVulnerability{
Vulnerability: dbTypes.Vulnerability{
CVSS: nil,
},
PrimaryURL: "https://example.com/primary",
VulnerabilityID: "someID",
},
want: "https://example.com/primary",
},
{
name: "CVSS contains NVD",
vul: types.DetectedVulnerability{
Vulnerability: dbTypes.Vulnerability{
CVSS: dbTypes.VendorCVSS{
trivyVul.RedHat: dbTypes.CVSS{
V2Vector: "AV:N/AC:M/Au:N/C:V/I:P/A:N",
V2Score: 3.0,
},
trivyVul.NVD: dbTypes.CVSS{
V2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
V2Score: 3.2,
},
},
},
PrimaryURL: "https://example.com/primary",
VulnerabilityID: "someID",
},
want: "https://nvd.nist.gov/vuln/detail/someID",
},
{
name: "CVSS does not contain NVD",
vul: types.DetectedVulnerability{
Vulnerability: dbTypes.Vulnerability{
CVSS: dbTypes.VendorCVSS{
trivyVul.RedHat: dbTypes.CVSS{
V2Vector: "AV:N/AC:M/Au:N/C:V/I:P/A:N",
V2Score: 3.0,
},
},
},
PrimaryURL: "https://example.com/primary",
VulnerabilityID: "someID",
},
want: "https://example.com/primary",
},
}

for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
result := getReference(test.vul)
assert.Equal(t, test.want, result)
})
}
}

0 comments on commit 752b630

Please sign in to comment.