fix(server): add filter cves (#1707)

2023-09-22 17:45:45 +09:00
parent 01441351c3
commit 70fd968910
1 changed files with 23 additions and 0 deletions
--- a/server/server.go
+++ b/server/server.go
@@ -113,6 +113,29 @@ func (h VulsHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 		r.ReportedAt = time.Now()
 	}

+	nFiltered := 0
+	logging.Log.Infof("%s: total %d CVEs detected", r.FormatServerName(), len(r.ScannedCves))
+
+	if 0 < config.Conf.CvssScoreOver {
+		r.ScannedCves, nFiltered = r.ScannedCves.FilterByCvssOver(config.Conf.CvssScoreOver)
+		logging.Log.Infof("%s: %d CVEs filtered by --cvss-over=%g", r.FormatServerName(), nFiltered, config.Conf.CvssScoreOver)
+	}
+
+	if 0 < config.Conf.ConfidenceScoreOver {
+		r.ScannedCves, nFiltered = r.ScannedCves.FilterByConfidenceOver(config.Conf.ConfidenceScoreOver)
+		logging.Log.Infof("%s: %d CVEs filtered by --confidence-over=%d", r.FormatServerName(), nFiltered, config.Conf.ConfidenceScoreOver)
+	}
+
+	if config.Conf.IgnoreUnscoredCves {
+		r.ScannedCves, nFiltered = r.ScannedCves.FindScoredVulns()
+		logging.Log.Infof("%s: %d CVEs filtered by --ignore-unscored-cves", r.FormatServerName(), nFiltered)
+	}
+
+	if config.Conf.IgnoreUnfixed {
+		r.ScannedCves, nFiltered = r.ScannedCves.FilterUnfixed(config.Conf.IgnoreUnfixed)
+		logging.Log.Infof("%s: %d CVEs filtered by --ignore-unfixed", r.FormatServerName(), nFiltered)
+	}
+
 	// report
 	reports := []reporter.ResultWriter{
 		reporter.HTTPResponseWriter{Writer: w},