From 0179f4299a8359b8d1b38be8cd9a3071bcb2b985 Mon Sep 17 00:00:00 2001
From: Tomoya Amachi <tomoya.amachi@gmail.com>
Date: Mon, 22 Mar 2021 19:32:08 +0900
Subject: [PATCH] fix(trivy-to-vuls): converts even if null vulnerabilities
 (#1201)

---
 contrib/trivy/parser/parser.go      | 24 ++++++++++++++----------
 contrib/trivy/parser/parser_test.go | 28 ++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 10 deletions(-)

diff --git a/contrib/trivy/parser/parser.go b/contrib/trivy/parser/parser.go
index 3723af5d..8d2b7a7e 100644
--- a/contrib/trivy/parser/parser.go
+++ b/contrib/trivy/parser/parser.go
@@ -22,6 +22,9 @@ func Parse(vulnJSON []byte, scanResult *models.ScanResult) (result *models.ScanR
 	vulnInfos := models.VulnInfos{}
 	uniqueLibraryScannerPaths := map[string]models.LibraryScanner{}
 	for _, trivyResult := range trivyResults {
+		if IsTrivySupportedOS(trivyResult.Type) {
+			overrideServerData(scanResult, &trivyResult)
+		}
 		for _, vuln := range trivyResult.Vulnerabilities {
 			if _, ok := vulnInfos[vuln.VulnerabilityID]; !ok {
 				vulnInfos[vuln.VulnerabilityID] = models.VulnInfo{
@@ -89,16 +92,6 @@ func Parse(vulnJSON []byte, scanResult *models.ScanResult) (result *models.ScanR
 					FixState:    fixState,
 					FixedIn:     vuln.FixedVersion,
 				})
-
-				// overwrite every time if os package
-				scanResult.Family = trivyResult.Type
-				scanResult.ServerName = trivyResult.Target
-				scanResult.Optional = map[string]interface{}{
-					"trivy-target": trivyResult.Target,
-				}
-				scanResult.ScannedAt = time.Now()
-				scanResult.ScannedBy = "trivy"
-				scanResult.ScannedVia = "trivy"
 			} else {
 				// LibraryScanの結果
 				vulnInfo.LibraryFixedIns = append(vulnInfo.LibraryFixedIns, models.LibraryFixedIn{
@@ -174,3 +167,14 @@ func IsTrivySupportedOS(family string) bool {
 	}
 	return false
 }
+
+func overrideServerData(scanResult *models.ScanResult, trivyResult *report.Result) {
+	scanResult.Family = trivyResult.Type
+	scanResult.ServerName = trivyResult.Target
+	scanResult.Optional = map[string]interface{}{
+		"trivy-target": trivyResult.Target,
+	}
+	scanResult.ScannedAt = time.Now()
+	scanResult.ScannedBy = "trivy"
+	scanResult.ScannedVia = "trivy"
+}
diff --git a/contrib/trivy/parser/parser_test.go b/contrib/trivy/parser/parser_test.go
index f3d05da5..43d117a9 100644
--- a/contrib/trivy/parser/parser_test.go
+++ b/contrib/trivy/parser/parser_test.go
@@ -5,6 +5,7 @@ import (
 
 	"github.com/aquasecurity/trivy/pkg/types"
 	"github.com/d4l3k/messagediff"
+
 	"github.com/future-architect/vuls/models"
 )
 
@@ -3205,6 +3206,33 @@ func TestParse(t *testing.T) {
 				Optional: map[string]interface{}{"trivy-target": "knqyf263/vuln-image:1.2.3 (alpine 3.7.1)"},
 			},
 		},
+		"found-no-vulns": {
+			vulnJSON: []byte(`[
+  {
+    "Target": "no-vuln-image:v1 (debian 9.13)",
+    "Type": "debian",
+    "Vulnerabilities": null
+  }
+]
+`),
+			scanResult: &models.ScanResult{
+				JSONVersion: 1,
+				ServerUUID:  "uuid",
+				ScannedCves: models.VulnInfos{},
+			},
+			expected: &models.ScanResult{
+				JSONVersion:     1,
+				ServerUUID:      "uuid",
+				ServerName:      "no-vuln-image:v1 (debian 9.13)",
+				Family:          "debian",
+				ScannedBy:       "trivy",
+				ScannedVia:      "trivy",
+				ScannedCves:     models.VulnInfos{},
+				Packages:        models.Packages{},
+				LibraryScanners: models.LibraryScanners{},
+				Optional:        map[string]interface{}{"trivy-target": "no-vuln-image:v1 (debian 9.13)"},
+			},
+		},
 	}
 
 	for testcase, v := range cases {