Fix ignoreCves option

2017-08-22 20:28:24 +09:00
parent 579fff122c
commit 3790197699
3 changed files with 68 additions and 1 deletions
--- a/models/scanresults.go
+++ b/models/scanresults.go
@@ -82,6 +82,21 @@ func (r ScanResult) FilterByCvssOver(over float64) ScanResult {
 	return copiedScanResult
 }

+// FilterIgnoreCves is filter function.
+func (r ScanResult) FilterIgnoreCves(cveIDs []string) ScanResult {
+	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
+		for _, c := range cveIDs {
+			if v.CveID == c {
+				return false
+			}
+		}
+		return true
+	})
+	copiedScanResult := r
+	copiedScanResult.ScannedCves = filtered
+	return copiedScanResult
+}
+
 // ReportFileName returns the filename on localhost without extention
 func (r ScanResult) ReportFileName() (name string) {
 	if len(r.Container.ContainerID) == 0 {
--- a/models/scanresults_test.go
+++ b/models/scanresults_test.go
@@ -205,3 +205,53 @@ func TestFilterByCvssOver(t *testing.T) {
 		}
 	}
 }
+
+func TestFilterIgnoreCveIDs(t *testing.T) {
+	type in struct {
+		cves []string
+		rs   ScanResult
+	}
+	var tests = []struct {
+		in  in
+		out ScanResult
+	}{
+		{
+			in: in{
+				cves: []string{"CVE-2017-0002"},
+				rs: ScanResult{
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+						},
+						"CVE-2017-0002": {
+							CveID: "CVE-2017-0002",
+						},
+						"CVE-2017-0003": {
+							CveID: "CVE-2017-0003",
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+					},
+					"CVE-2017-0003": {
+						CveID: "CVE-2017-0003",
+					},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		actual := tt.in.rs.FilterIgnoreCves(tt.in.cves)
+		for k := range tt.out.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+	}
+}
--- a/report/report.go
+++ b/report/report.go
@@ -79,7 +79,9 @@ func FillCveInfos(rs []models.ScanResult, dir string) ([]models.ScanResult, erro

 	filtered := []models.ScanResult{}
 	for _, r := range filled {
-		filtered = append(filtered, r.FilterByCvssOver(c.Conf.CvssScoreOver))
+		r = r.FilterByCvssOver(c.Conf.CvssScoreOver)
+		r = r.FilterIgnoreCves(c.Conf.Servers[r.ServerName].IgnoreCves)
+		filtered = append(filtered, r)
 	}
 	return filtered, nil
 }