Modified based on comments

stackrox · Oct 28, 2022 · 95bcca4 · 95bcca4
1 parent 0254d0c
commit 95bcca4
Show file tree

Hide file tree

Showing 8 changed files with 24 additions and 25 deletions.
diff --git a/api/v1/convert/istio.go b/api/v1/convert/istio.go
@@ -1,19 +1,18 @@
 package convert
 
 import (
+	log "github.com/sirupsen/logrus"
 	"github.com/stackrox/istio-cves/types"
 	"github.com/stackrox/rox/pkg/stringutils"
 	v1 "github.com/stackrox/scanner/generated/scanner/api/v1"
-	stackroxTypes "github.com/stackrox/scanner/pkg/types"
-
-	log "github.com/sirupsen/logrus"
+	pkgtypes "github.com/stackrox/scanner/pkg/types"
 )
 
 // IstioVulnerabilities converts istio cve schema to vulnerability.
-func IstioVulnerabilities(version string, istioVulns []types.Vuln) ([]*v1.Vulnerability, error) {
+func IstioVulnerabilities(version string, istioVulns []types.Vuln) []*v1.Vulnerability {
 	res := make([]*v1.Vulnerability, 0, len(istioVulns))
 	for _, v := range istioVulns {
-		m, err := stackroxTypes.ConvertMetadataFromIstio(v)
+		m, err := pkgtypes.ConvertMetadataFromIstio(v)
 		if err != nil {
 			log.Errorf("unable to convert metadata for %s: %v", v.Name, err)
 			continue
@@ -39,5 +38,5 @@ func IstioVulnerabilities(version string, istioVulns []types.Vuln) ([]*v1.Vulner
 			Severity:    string(DatabaseSeverityToSeverity(m.GetDatabaseSeverityIstio())),
 		})
 	}
-	return res, nil
+	return res
 }
diff --git a/api/v1/orchestratorscan/service.go b/api/v1/orchestratorscan/service.go
@@ -114,7 +114,7 @@ func (s *serviceImpl) getIstioVuln(version string) ([]*v1.Vulnerability, error)
 	}
 	version, err := convert.TruncateVersion(version)
 	if err != nil {
-		log.Warnf("Unable to convert version of %s - %v. Skipping...", version, err)
+		log.Warnf("Unable to convert Istio version of %s - %v. Skipping...", version, err)
 		return nil, nil
 	}
 

diff --git a/e2etests/orchestrator_scan_test.go b/e2etests/orchestrator_scan_test.go
@@ -25,24 +25,24 @@ func TestGRPCGetIstioVulnerabilities(t *testing.T) {
 	client := v1.NewOrchestratorScanServiceClient(conn)
 
 	testCases := []*struct {
-		addressFamily string
-		knownFixed    string
+		version string
+		fixedBy string
 	}{
 		{
-			addressFamily: "1.13.6",
-			knownFixed:    "1.13.7",
+			version: "1.13.6",
+			fixedBy: "1.13.7",
 		},
 	}
 
 	for _, c := range testCases {
-		t.Run(fmt.Sprintf("case-%s", c.addressFamily), func(t *testing.T) {
-			req := &v1.GetIstioVulnerabilitiesRequest{IstioVersion: c.addressFamily}
+		t.Run(fmt.Sprintf("case-%s", c.version), func(t *testing.T) {
+			req := &v1.GetIstioVulnerabilitiesRequest{IstioVersion: c.version}
 			resp, err := client.GetIstioVulnerabilities(context.Background(), req)
 			assert.NoError(t, err)
 			for _, vuln := range resp.GetVulnerabilities() {
-				assert.True(t, vuln.MetadataV2.CvssV3 != nil)
+				assert.NotNil(t, vuln.GetMetadataV2().GetCvssV3())
 				assert.True(t, vuln.FixedBy != "")
-				assert.Equal(t, vuln.FixedBy, c.knownFixed)
+				assert.Equal(t, c.fixedBy, vuln.FixedBy)
 			}
 		})
 	}

diff --git a/istio/cache/cache.go b/istio/cache/cache.go
@@ -5,7 +5,7 @@ import (
 	"github.com/stackrox/scanner/pkg/cache"
 )
 
-// Cache defines a Kubernetes vulnerability cache.
+// Cache defines a Istio vulnerability cache.
 type Cache interface {
 	GetVulnsByVersion(version string) []types.Vuln
 

diff --git a/istio/cache/db.go b/istio/cache/db.go
@@ -9,13 +9,13 @@ import (
 	"github.com/stackrox/scanner/pkg/vulndump"
 )
 
+var (
+	_ Cache = (*cacheImpl)(nil)
+)
+
 type cacheImpl struct {
 	cacheRWLock sync.RWMutex
-	// The expectation is that the number of Kubernetes vulns is rather low (100 or fewer).
-	// Because of this, we just store the vulns in memory instead of in BoltDB.
-	// Consider switching to BoltDB if this gets absurdly large (on the scale of NVD).
-	// Vulns that are not associated with a particular component are kept in the map with
-	// component Generic.
+
 	cache map[string]types.Vuln
 
 	dir             string
@@ -38,7 +38,7 @@ func (c *cacheImpl) GetVulnsByVersion(version string) []types.Vuln {
 	return vulns
 }
 
-// New returns a new Kubernetes vulnerability cache.
+// New returns a new Istio vulnerability cache.
 func New() Cache {
 	return &cacheImpl{
 		cache: make(map[string]types.Vuln),

diff --git a/istio/cache/load.go b/istio/cache/load.go
@@ -40,7 +40,7 @@ func (c *cacheImpl) LoadFromDirectory(definitionsDir string) error {
 	return nil
 }
 
-func (c *cacheImpl) LoadFromZip(zipR *zip.ReadCloser, definitionsDir string) error {
+func (c *cacheImpl) LoadFromZip(zipR *zip.Reader, definitionsDir string) error {
 	log.WithField("dir", definitionsDir).Info("Loading definitions directory")
 
 	rs, err := ziputil.OpenFilesInDir(zipR, definitionsDir, ".yaml")

diff --git a/pkg/types/types.go b/pkg/types/types.go
@@ -196,7 +196,7 @@ func ConvertMetadataFromK8s(cve *validation.CVESchema) (*Metadata, error) {
 	return &m, nil
 }
 
-// ConvertMetadataFromIstio takes the Kubernetes' vulnerability definition,
+// ConvertMetadataFromIstio takes the Istio' vulnerability definition,
 // and it returns *Metadata based on the given data.
 func ConvertMetadataFromIstio(vuln types.Vuln) (*MetadataIstio, error) {
 	var m MetadataIstio

diff --git a/tools/allowed-large-files b/tools/allowed-large-files
@@ -11,4 +11,4 @@ pkg/rhelv2/rpm/testdata/Packages
 pkg/rhelv2/rpm/testdata/rpmdb.sqlite
 pkg/vulnloader/nvdloader/nvdloader_easyjson.go
 pkg/ziputil/testdata/test.zip
-tools/linters/go.sum
+tools/linters/go.sum