Merge pull request #38 from Quentin-M/causedby
api: Specify what packages cause the layer to have vulnerabilities.
This commit is contained in:
commit
326ad7fc13
@ -182,7 +182,7 @@ func GETLayersVulnerabilities(w http.ResponseWriter, r *http.Request, p httprout
|
||||
}
|
||||
|
||||
// Find vulnerabilities.
|
||||
vulnerabilities, err := getVulnerabilitiesFromLayerPackagesNodes(packagesNodes, minimumPriority, []string{database.FieldVulnerabilityID, database.FieldVulnerabilityLink, database.FieldVulnerabilityPriority, database.FieldVulnerabilityDescription})
|
||||
vulnerabilities, err := getVulnerabilitiesFromLayerPackagesNodes(packagesNodes, minimumPriority, []string{database.FieldVulnerabilityID, database.FieldVulnerabilityLink, database.FieldVulnerabilityPriority, database.FieldVulnerabilityDescription, database.FieldVulnerabilityCausedByPackage})
|
||||
if err != nil {
|
||||
jsonhttp.RenderError(w, 0, err)
|
||||
return
|
||||
@ -211,7 +211,7 @@ func GETLayersVulnerabilitiesDiff(w http.ResponseWriter, r *http.Request, p http
|
||||
}
|
||||
|
||||
// Selected fields for vulnerabilities.
|
||||
selectedFields := []string{database.FieldVulnerabilityID, database.FieldVulnerabilityLink, database.FieldVulnerabilityPriority, database.FieldVulnerabilityDescription}
|
||||
selectedFields := []string{database.FieldVulnerabilityID, database.FieldVulnerabilityLink, database.FieldVulnerabilityPriority, database.FieldVulnerabilityDescription, database.FieldVulnerabilityCausedByPackage}
|
||||
|
||||
// Find vulnerabilities for installed packages.
|
||||
addedVulnerabilities, err := getVulnerabilitiesFromLayerPackagesNodes(layer.InstalledPackagesNodes, minimumPriority, selectedFields)
|
||||
@ -287,7 +287,7 @@ func POSTBatchLayersVulnerabilities(w http.ResponseWriter, r *http.Request, p ht
|
||||
}
|
||||
|
||||
// Find vulnerabilities.
|
||||
vulnerabilities, err := getVulnerabilitiesFromLayerPackagesNodes(packagesNodes, minimumPriority, []string{database.FieldVulnerabilityID, database.FieldVulnerabilityLink, database.FieldVulnerabilityPriority, database.FieldVulnerabilityDescription})
|
||||
vulnerabilities, err := getVulnerabilitiesFromLayerPackagesNodes(packagesNodes, minimumPriority, []string{database.FieldVulnerabilityID, database.FieldVulnerabilityLink, database.FieldVulnerabilityPriority, database.FieldVulnerabilityDescription, database.FieldVulnerabilityCausedByPackage})
|
||||
if err != nil {
|
||||
jsonhttp.RenderError(w, 0, err)
|
||||
return
|
||||
|
@ -30,6 +30,8 @@ const (
|
||||
FieldVulnerabilityPriority = "priority"
|
||||
FieldVulnerabilityDescription = "description"
|
||||
FieldVulnerabilityFixedIn = "fixedIn"
|
||||
// FieldVulnerabilityCausedByPackage only makes sense with FindAllVulnerabilitiesByFixedIn.
|
||||
FieldVulnerabilityCausedByPackage = "causedByPackage"
|
||||
)
|
||||
|
||||
var FieldVulnerabilityAll = []string{FieldVulnerabilityID, FieldVulnerabilityLink, FieldVulnerabilityPriority, FieldVulnerabilityDescription, FieldVulnerabilityFixedIn}
|
||||
@ -42,6 +44,8 @@ type Vulnerability struct {
|
||||
Priority types.Priority
|
||||
Description string `json:",omitempty"`
|
||||
FixedInNodes []string `json:"-"`
|
||||
|
||||
CausedByPackage string `json:",omitempty"`
|
||||
}
|
||||
|
||||
// GetNode returns an unique identifier for the graph node
|
||||
@ -340,14 +344,22 @@ func FindAllVulnerabilitiesByFixedIn(nodes []string, selectedFields []string) ([
|
||||
log.Warning("Could not FindAllVulnerabilitiesByFixedIn with an empty nodes array.")
|
||||
return []*Vulnerability{}, nil
|
||||
}
|
||||
return toVulnerabilities(cayley.StartPath(store, nodes...).In(FieldVulnerabilityFixedIn), selectedFields)
|
||||
|
||||
// Construct path, potentially saving FieldVulnerabilityCausedByPackage
|
||||
path := cayley.StartPath(store, nodes...)
|
||||
if utils.Contains(FieldVulnerabilityCausedByPackage, selectedFields) {
|
||||
path = path.Save(FieldPackageName, FieldVulnerabilityCausedByPackage)
|
||||
}
|
||||
path = path.In(FieldVulnerabilityFixedIn)
|
||||
|
||||
return toVulnerabilities(path, selectedFields)
|
||||
}
|
||||
|
||||
// toVulnerabilities converts a path leading to one or multiple vulnerabilities to Vulnerability structs, selecting the specified fields
|
||||
func toVulnerabilities(path *path.Path, selectedFields []string) ([]*Vulnerability, error) {
|
||||
var vulnerabilities []*Vulnerability
|
||||
|
||||
saveFields(path, selectedFields, []string{FieldVulnerabilityFixedIn})
|
||||
saveFields(path, selectedFields, []string{FieldVulnerabilityFixedIn, FieldVulnerabilityCausedByPackage})
|
||||
it, _ := path.BuildIterator().Optimize()
|
||||
defer it.Close()
|
||||
for cayley.RawNext(it) {
|
||||
@ -372,6 +384,8 @@ func toVulnerabilities(path *path.Path, selectedFields []string) ([]*Vulnerabili
|
||||
log.Errorf("could not get fixedIn on vulnerability %s: %s.", vulnerability.Node, err.Error())
|
||||
return []*Vulnerability{}, err
|
||||
}
|
||||
case FieldVulnerabilityCausedByPackage:
|
||||
vulnerability.CausedByPackage = store.NameOf(tags[FieldVulnerabilityCausedByPackage])
|
||||
default:
|
||||
panic("unknown selectedField")
|
||||
}
|
||||
|
@ -326,7 +326,8 @@ HTTP/1.1 200 OK
|
||||
"ID": "CVE-2014-2583",
|
||||
"Link": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2583",
|
||||
"Priority": "Low",
|
||||
"Description": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function."
|
||||
"Description": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function.",
|
||||
"CausedByPackage": "pam"
|
||||
},
|
||||
[...]
|
||||
}
|
||||
@ -368,7 +369,8 @@ HTTP/1.1 200 OK
|
||||
"ID": "CVE-2014-2583",
|
||||
"Link": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2583",
|
||||
"Priority": "Low",
|
||||
"Description": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function."
|
||||
"Description": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function.",
|
||||
"CausedByPackage": "pam"
|
||||
},
|
||||
[...]
|
||||
],
|
||||
@ -424,7 +426,8 @@ HTTP/1.1 200 OK
|
||||
"ID": "CVE-2014-2583",
|
||||
"Link": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2583",
|
||||
"Priority": "Low",
|
||||
"Description": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function."
|
||||
"Description": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function.",
|
||||
"CausedByPackage": "pam"
|
||||
},
|
||||
[...]
|
||||
]
|
||||
|
Loading…
Reference in New Issue
Block a user