Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 73 additions & 1 deletion internal/commands/result.go
Original file line number Diff line number Diff line change
Expand Up @@ -1650,6 +1650,7 @@ func enrichScaResults(
if scaPackageModel != nil {
resultsModel = addPackageInformation(resultsModel, scaPackageModel, scaTypeModel)
}
backfillRecommendedVersionsFromExport(resultsModel, scaExportDetails.ScaTypes)
}
if slices.Contains(scan.Engines, commonParams.ContainersType) && !wrappers.IsContainersEnabled {
resultsModel = removeResultsByType(resultsModel, commonParams.ContainersType)
Expand All @@ -1660,7 +1661,12 @@ func enrichScaResults(
func parseExportScaVulnerability(types []wrappers.ScaType) *[]wrappers.ScaTypeCollection {
var scaTypes []wrappers.ScaTypeCollection
for _, t := range types {
scaTypes = append(scaTypes, wrappers.ScaTypeCollection(t))
scaTypes = append(scaTypes, wrappers.ScaTypeCollection{
ID: t.ID,
Type: t.Type,
IsIgnored: t.IsIgnored,
PackageID: t.PackageID,
})
}
return &scaTypes
}
Expand Down Expand Up @@ -2879,6 +2885,72 @@ func buildVulnerabilityIdentifier(result *wrappers.ScanResult) string {
return fmt.Sprintf("%s:%s", result.ID, result.ScanResultData.PackageIdentifier)
}

func scaUpgradeVersionLookupKey(cveID, packageID string) string {
return fmt.Sprintf("%s|%s", cveID, packageID)
}

func buildScaUpgradeVersionLookup(vulnerabilities []wrappers.ScaType) map[string]string {
lookup := make(map[string]string)
for _, vulnerability := range vulnerabilities {
cveID := vulnerability.CveName
if cveID == "" {
cveID = vulnerability.ID
}
if cveID == "" || vulnerability.PackageID == "" || vulnerability.NextFixedVersion == "" {
continue
}
lookup[scaUpgradeVersionLookupKey(cveID, vulnerability.PackageID)] = vulnerability.NextFixedVersion
}
return lookup
}

func isRecommendedVersionEmpty(version interface{}) bool {
if version == nil {
return true
}
value, ok := version.(string)
if !ok {
return fmt.Sprint(version) == ""
}
return strings.TrimSpace(value) == ""
}

func backfillRecommendedVersionsFromExport(
resultsModel *wrappers.ScanResultsCollection,
vulnerabilities []wrappers.ScaType,
) {
if resultsModel == nil || len(vulnerabilities) == 0 {
return
}

lookup := buildScaUpgradeVersionLookup(vulnerabilities)
if len(lookup) == 0 {
return
}

for _, result := range resultsModel.Results {
if result.Type != commonParams.ScaType {
continue
}
if !isRecommendedVersionEmpty(result.ScanResultData.RecommendedVersion) {
continue
}

cveID := result.ID
if cveID == "" {
cveID = result.VulnerabilityDetails.CveName
}
packageID := result.ScanResultData.PackageIdentifier
if cveID == "" || packageID == "" {
continue
}

if version, ok := lookup[scaUpgradeVersionLookupKey(cveID, packageID)]; ok {
result.ScanResultData.RecommendedVersion = version
}
}
}

func addPackageInformation(
resultsModel *wrappers.ScanResultsCollection,
scaPackageModel *[]wrappers.ScaPackageCollection,
Expand Down
52 changes: 52 additions & 0 deletions internal/commands/result_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1045,6 +1045,58 @@ func Test_addPackageInformation(t *testing.T) {
assert.Equal(t, expectedFixLink, actualFixLink, "FixLink should match the result ID")
}

func Test_backfillRecommendedVersionsFromExport(t *testing.T) {
resultsModel := &wrappers.ScanResultsCollection{
Results: []*wrappers.ScanResult{
{
Type: "sca",
ID: "CVE-2024-0001",
ScanResultData: wrappers.ScanResultData{
PackageIdentifier: "pkg-empty",
RecommendedVersion: "",
},
},
{
Type: "sca",
ID: "CVE-2024-0002",
ScanResultData: wrappers.ScanResultData{
PackageIdentifier: "pkg-existing",
RecommendedVersion: "1.2.3",
},
},
},
}
exportVulnerabilities := []wrappers.ScaType{
{
CveName: "CVE-2024-0001",
PackageID: "pkg-empty",
NextFixedVersion: "4.5.6",
},
{
CveName: "CVE-2024-0002",
PackageID: "pkg-existing",
NextFixedVersion: "9.9.9",
},
}

backfillRecommendedVersionsFromExport(resultsModel, exportVulnerabilities)

assert.Equal(t, "4.5.6", resultsModel.Results[0].ScanResultData.RecommendedVersion)
assert.Equal(t, "1.2.3", resultsModel.Results[1].ScanResultData.RecommendedVersion)
}

func Test_buildScaUpgradeVersionLookup_usesCveIDFallback(t *testing.T) {
lookup := buildScaUpgradeVersionLookup([]wrappers.ScaType{
{
ID: "CVE-2024-9999",
PackageID: "pkg-1",
NextFixedVersion: "2.0.0",
},
})

assert.Equal(t, "2.0.0", lookup["CVE-2024-9999|pkg-1"])
}

func TestRunGetResultsByScanIdGLSastFormat_NoVulnerabilities_Success(t *testing.T) {
// Execute the command and perform nil assertion
execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK_NO_VULNERABILITIES", "--report-format", "gl-sast")
Expand Down
10 changes: 6 additions & 4 deletions internal/wrappers/export.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,10 @@ type PackagePath struct {
}

type ScaType struct {
ID string `json:"Id,omitempty"`
Type string `json:"Type,omitempty"`
IsIgnored bool `json:"IsIgnored,omitempty"`
PackageID string `json:"PackageID,omitempty"`
ID string `json:"Id,omitempty"`
CveName string `json:"CveName,omitempty"`
Type string `json:"Type,omitempty"`
IsIgnored bool `json:"IsIgnored,omitempty"`
PackageID string `json:"PackageID,omitempty"`
NextFixedVersion string `json:"NextFixedVersion,omitempty"`
}