Change structure of ScanResult.[]VulnInfo to Map

2017-05-09 21:03:54 +09:00
parent b977558f38
commit cfb848918f
12 changed files with 129 additions and 224 deletions
--- a/commands/report.go
+++ b/commands/report.go
@@ -504,15 +504,19 @@ func fillCveDetail(r *models.ScanResult) error {
 		return err
 	}
 	for _, d := range ds {
-		nvd := *r.ConvertNvdToModel(d.CveID, d.Nvd)
-		jvn := *r.ConvertJvnToModel(d.CveID, d.Jvn)
-		for i, sc := range r.ScannedCves {
-			if sc.CveID == d.CveID {
-				for _, con := range []models.CveContent{nvd, jvn} {
+		nvd := r.ConvertNvdToModel(d.CveID, d.Nvd)
+		jvn := r.ConvertJvnToModel(d.CveID, d.Jvn)
+		for cveID, vinfo := range r.ScannedCves {
+			if vinfo.CveID == d.CveID {
+				if vinfo.CveContents == nil {
+					vinfo.CveContents = models.CveContents{}
+				}
+				for _, con := range []models.CveContent{*nvd, *jvn} {
 					if !con.Empty() {
-						r.ScannedCves[i].CveContents.Upsert(con)
+						vinfo.CveContents.Upsert(con)
 					}
 				}
+				r.ScannedCves[cveID] = vinfo
 				break
 			}
 		}
@@ -528,15 +532,10 @@ func fillCveDetail(r *models.ScanResult) error {
 }

 func fillCveInfoFromCveDB(r *models.ScanResult) error {
-	var err error
-	var vs []models.VulnInfo
-
 	sInfo := c.Conf.Servers[r.ServerName]
-	vs, err = scanVulnByCpeNames(sInfo.CpeNames, r.ScannedCves)
-	if err != nil {
+	if err := fillVulnByCpeNames(sInfo.CpeNames, r.ScannedCves); err != nil {
 		return err
 	}
-	r.ScannedCves = vs
 	if err := fillCveDetail(r); err != nil {
 		return err
 	}
--- a/commands/util.go
+++ b/commands/util.go
@@ -188,9 +188,7 @@ func diff(curResults, preResults models.ScanResults) (diffed models.ScanResults,
 		}

 		if found {
-			new, updated := getDiffCves(previous, current)
-			current.ScannedCves = append(new, updated...)
-
+			current.ScannedCves = getDiffCves(previous, current)
 			packages := models.Packages{}
 			for _, s := range current.ScannedCves {
 				for _, name := range s.PackageNames {
@@ -206,22 +204,28 @@ func diff(curResults, preResults models.ScanResults) (diffed models.ScanResults,
 	return diffed, err
 }

-func getDiffCves(previous, current models.ScanResult) (new, updated []models.VulnInfo) {
+func getDiffCves(previous, current models.ScanResult) models.VulnInfos {
 	previousCveIDsSet := map[string]bool{}
 	for _, previousVulnInfo := range previous.ScannedCves {
 		previousCveIDsSet[previousVulnInfo.CveID] = true
 	}

+	new := models.VulnInfos{}
+	updated := models.VulnInfos{}
 	for _, v := range current.ScannedCves {
 		if previousCveIDsSet[v.CveID] {
 			if isCveInfoUpdated(v.CveID, previous, current) {
-				updated = append(updated, v)
+				updated[v.CveID] = v
 			}
 		} else {
-			new = append(new, v)
+			new[v.CveID] = v
 		}
 	}
-	return
+
+	for cveID, vuln := range new {
+		updated[cveID] = vuln
+	}
+	return updated
 }

 func isCveInfoUpdated(cveID string, previous, current models.ScanResult) bool {
@@ -274,42 +278,32 @@ func overwriteJSONFile(dir string, r models.ScanResult) error {
 	return nil
 }

-func scanVulnByCpeNames(cpeNames []string, scannedVulns []models.VulnInfo) ([]models.VulnInfo, error) {
-	// To remove duplicate
-	set := map[string]models.VulnInfo{}
-	for _, v := range scannedVulns {
-		set[v.CveID] = v
-	}
-
+func fillVulnByCpeNames(cpeNames []string, scannedVulns models.VulnInfos) error {
 	for _, name := range cpeNames {
 		details, err := cveapi.CveClient.FetchCveDetailsByCpeName(name)
 		if err != nil {
-			return nil, err
+			return err
 		}
 		for _, detail := range details {
-			if val, ok := set[detail.CveID]; ok {
+			if val, ok := scannedVulns[detail.CveID]; ok {
 				names := val.CpeNames
 				names = util.AppendIfMissing(names, name)
 				val.CpeNames = names
 				val.Confidence = models.CpeNameMatch
-				set[detail.CveID] = val
+				scannedVulns[detail.CveID] = val
 			} else {
 				v := models.VulnInfo{
 					CveID:      detail.CveID,
 					CpeNames:   []string{name},
 					Confidence: models.CpeNameMatch,
 				}
-				v.NilToEmpty()
-				set[detail.CveID] = v
+				//TODO
+				//  v.NilToEmpty()
+				scannedVulns[detail.CveID] = v
 			}
 		}
 	}
-
-	vinfos := []models.VulnInfo{}
-	for key := range set {
-		vinfos = append(vinfos, set[key])
-	}
-	return vinfos, nil
+	return nil
 }

 func needToRefreshCve(r models.ScanResult) bool {
--- a/commands/util_test.go
+++ b/commands/util_test.go
@@ -45,8 +45,8 @@ func TestIsCveInfoUpdated(t *testing.T) {
 			in: In{
 				cveID: "CVE-2017-0001",
 				cur: models.ScanResult{
-					ScannedCves: []models.VulnInfo{
-						{
+					ScannedCves: models.VulnInfos{
+						"CVE-2017-0001": {
 							CveID: "CVE-2017-0001",
 							CveContents: models.NewCveContents(
 								models.CveContent{
@@ -59,8 +59,8 @@ func TestIsCveInfoUpdated(t *testing.T) {
 					},
 				},
 				prev: models.ScanResult{
-					ScannedCves: []models.VulnInfo{
-						{
+					ScannedCves: models.VulnInfos{
+						"CVE-2017-0001": {
 							CveID: "CVE-2017-0001",
 							CveContents: models.NewCveContents(
 								models.CveContent{
@@ -80,8 +80,8 @@ func TestIsCveInfoUpdated(t *testing.T) {
 			in: In{
 				cveID: "CVE-2017-0002",
 				cur: models.ScanResult{
-					ScannedCves: []models.VulnInfo{
-						{
+					ScannedCves: models.VulnInfos{
+						"CVE-2017-0002": {
 							CveID: "CVE-2017-0002",
 							CveContents: models.NewCveContents(
 								models.CveContent{
@@ -94,8 +94,8 @@ func TestIsCveInfoUpdated(t *testing.T) {
 					},
 				},
 				prev: models.ScanResult{
-					ScannedCves: []models.VulnInfo{
-						{
+					ScannedCves: models.VulnInfos{
+						"CVE-2017-0002": {
 							CveID: "CVE-2017-0002",
 							CveContents: models.NewCveContents(
 								models.CveContent{
@@ -116,8 +116,8 @@ func TestIsCveInfoUpdated(t *testing.T) {
 				cveID: "CVE-2017-0003",
 				cur: models.ScanResult{
 					Family: "ubuntu",
-					ScannedCves: []models.VulnInfo{
-						{
+					ScannedCves: models.VulnInfos{
+						"CVE-2017-0003": {
 							CveID: "CVE-2017-0003",
 							CveContents: models.NewCveContents(
 								models.CveContent{
@@ -131,8 +131,8 @@ func TestIsCveInfoUpdated(t *testing.T) {
 				},
 				prev: models.ScanResult{
 					Family: "ubuntu",
-					ScannedCves: []models.VulnInfo{
-						{
+					ScannedCves: models.VulnInfos{
+						"CVE-2017-0003": {
 							CveID: "CVE-2017-0003",
 							CveContents: models.NewCveContents(
 								models.CveContent{
@@ -153,8 +153,8 @@ func TestIsCveInfoUpdated(t *testing.T) {
 				cveID: "CVE-2017-0004",
 				cur: models.ScanResult{
 					Family: "redhat",
-					ScannedCves: []models.VulnInfo{
-						{
+					ScannedCves: models.VulnInfos{
+						"CVE-2017-0004": {
 							CveID: "CVE-2017-0004",
 							CveContents: models.NewCveContents(
 								models.CveContent{
@@ -168,7 +168,7 @@ func TestIsCveInfoUpdated(t *testing.T) {
 				},
 				prev: models.ScanResult{
 					Family:      "redhat",
-					ScannedCves: []models.VulnInfo{},
+					ScannedCves: models.VulnInfos{},
 				},
 			},
 			expected: true,
@@ -197,14 +197,14 @@ func TestDiff(t *testing.T) {
 					ServerName: "u16",
 					Family:     "ubuntu",
 					Release:    "16.04",
-					ScannedCves: []models.VulnInfo{
-						{
+					ScannedCves: models.VulnInfos{
+						"CVE-2012-6702": {
 							CveID:            "CVE-2012-6702",
 							PackageNames:     []string{"libexpat1"},
 							DistroAdvisories: []models.DistroAdvisory{},
 							CpeNames:         []string{},
 						},
-						{
+						"CVE-2014-9761": {
 							CveID:            "CVE-2014-9761",
 							PackageNames:     []string{"libc-bin"},
 							DistroAdvisories: []models.DistroAdvisory{},
@@ -222,14 +222,14 @@ func TestDiff(t *testing.T) {
 					ServerName: "u16",
 					Family:     "ubuntu",
 					Release:    "16.04",
-					ScannedCves: []models.VulnInfo{
-						{
+					ScannedCves: models.VulnInfos{
+						"CVE-2012-6702": {
 							CveID:            "CVE-2012-6702",
 							PackageNames:     []string{"libexpat1"},
 							DistroAdvisories: []models.DistroAdvisory{},
 							CpeNames:         []string{},
 						},
-						{
+						"CVE-2014-9761": {
 							CveID:            "CVE-2014-9761",
 							PackageNames:     []string{"libc-bin"},
 							DistroAdvisories: []models.DistroAdvisory{},
@@ -242,13 +242,14 @@ func TestDiff(t *testing.T) {
 				},
 			},
 			out: models.ScanResult{
-				ScannedAt:  atCurrent,
-				ServerName: "u16",
-				Family:     "ubuntu",
-				Release:    "16.04",
-				Packages:   models.Packages{},
-				Errors:     []string{},
-				Optional:   [][]interface{}{},
+				ScannedAt:   atCurrent,
+				ServerName:  "u16",
+				Family:      "ubuntu",
+				Release:     "16.04",
+				Packages:    models.Packages{},
+				ScannedCves: models.VulnInfos{},
+				Errors:      []string{},
+				Optional:    [][]interface{}{},
 			},
 		},
 		{
@@ -258,8 +259,8 @@ func TestDiff(t *testing.T) {
 					ServerName: "u16",
 					Family:     "ubuntu",
 					Release:    "16.04",
-					ScannedCves: []models.VulnInfo{
-						{
+					ScannedCves: models.VulnInfos{
+						"CVE-2016-6662": {
 							CveID:            "CVE-2016-6662",
 							PackageNames:     []string{"mysql-libs"},
 							DistroAdvisories: []models.DistroAdvisory{},
@@ -288,7 +289,7 @@ func TestDiff(t *testing.T) {
 					ServerName:  "u16",
 					Family:      "ubuntu",
 					Release:     "16.04",
-					ScannedCves: []models.VulnInfo{},
+					ScannedCves: models.VulnInfos{},
 				},
 			},
 			out: models.ScanResult{
@@ -296,8 +297,8 @@ func TestDiff(t *testing.T) {
 				ServerName: "u16",
 				Family:     "ubuntu",
 				Release:    "16.04",
-				ScannedCves: []models.VulnInfo{
-					{
+				ScannedCves: models.VulnInfos{
+					"CVE-2016-6662": {
 						CveID:            "CVE-2016-6662",
 						PackageNames:     []string{"mysql-libs"},
 						DistroAdvisories: []models.DistroAdvisory{},