fix(trivy-to-vuls): converts even if null vulnerabilities (#1201)

2021-03-22 19:32:08 +09:00
parent 56017e57a0
commit 0179f4299a
2 changed files with 42 additions and 10 deletions
--- a/contrib/trivy/parser/parser.go
+++ b/contrib/trivy/parser/parser.go
@@ -22,6 +22,9 @@ func Parse(vulnJSON []byte, scanResult *models.ScanResult) (result *models.ScanR
 	vulnInfos := models.VulnInfos{}
 	uniqueLibraryScannerPaths := map[string]models.LibraryScanner{}
 	for _, trivyResult := range trivyResults {
+		if IsTrivySupportedOS(trivyResult.Type) {
+			overrideServerData(scanResult, &trivyResult)
+		}
 		for _, vuln := range trivyResult.Vulnerabilities {
 			if _, ok := vulnInfos[vuln.VulnerabilityID]; !ok {
 				vulnInfos[vuln.VulnerabilityID] = models.VulnInfo{
@@ -89,16 +92,6 @@ func Parse(vulnJSON []byte, scanResult *models.ScanResult) (result *models.ScanR
 					FixState:    fixState,
 					FixedIn:     vuln.FixedVersion,
 				})
-
-				// overwrite every time if os package
-				scanResult.Family = trivyResult.Type
-				scanResult.ServerName = trivyResult.Target
-				scanResult.Optional = map[string]interface{}{
-					"trivy-target": trivyResult.Target,
-				}
-				scanResult.ScannedAt = time.Now()
-				scanResult.ScannedBy = "trivy"
-				scanResult.ScannedVia = "trivy"
 			} else {
 				// LibraryScanの結果
 				vulnInfo.LibraryFixedIns = append(vulnInfo.LibraryFixedIns, models.LibraryFixedIn{
@@ -174,3 +167,14 @@ func IsTrivySupportedOS(family string) bool {
 	}
 	return false
 }
+
+func overrideServerData(scanResult *models.ScanResult, trivyResult *report.Result) {
+	scanResult.Family = trivyResult.Type
+	scanResult.ServerName = trivyResult.Target
+	scanResult.Optional = map[string]interface{}{
+		"trivy-target": trivyResult.Target,
+	}
+	scanResult.ScannedAt = time.Now()
+	scanResult.ScannedBy = "trivy"
+	scanResult.ScannedVia = "trivy"
+}
--- a/contrib/trivy/parser/parser_test.go
+++ b/contrib/trivy/parser/parser_test.go
@@ -5,6 +5,7 @@ import (

 	"github.com/aquasecurity/trivy/pkg/types"
 	"github.com/d4l3k/messagediff"
+
 	"github.com/future-architect/vuls/models"
 )

@@ -3205,6 +3206,33 @@ func TestParse(t *testing.T) {
 				Optional: map[string]interface{}{"trivy-target": "knqyf263/vuln-image:1.2.3 (alpine 3.7.1)"},
 			},
 		},
+		"found-no-vulns": {
+			vulnJSON: []byte(`[
+  {
+    "Target": "no-vuln-image:v1 (debian 9.13)",
+    "Type": "debian",
+    "Vulnerabilities": null
+  }
+]
+`),
+			scanResult: &models.ScanResult{
+				JSONVersion: 1,
+				ServerUUID:  "uuid",
+				ScannedCves: models.VulnInfos{},
+			},
+			expected: &models.ScanResult{
+				JSONVersion:     1,
+				ServerUUID:      "uuid",
+				ServerName:      "no-vuln-image:v1 (debian 9.13)",
+				Family:          "debian",
+				ScannedBy:       "trivy",
+				ScannedVia:      "trivy",
+				ScannedCves:     models.VulnInfos{},
+				Packages:        models.Packages{},
+				LibraryScanners: models.LibraryScanners{},
+				Optional:        map[string]interface{}{"trivy-target": "no-vuln-image:v1 (debian 9.13)"},
+			},
+		},
 	}

 	for testcase, v := range cases {