From 699b5b793844cca849557b7344611836ba1870a0 Mon Sep 17 00:00:00 2001 From: Jacob Larfors Date: Tue, 14 Sep 2021 10:56:28 +0300 Subject: [PATCH] Add ability to create a patch with component adapters --- adapter/adapter_test.go | 4 ++-- adapter/testdata/snyk.rego | 2 ++ store/api/component.go | 5 +++++ store/codescan.go | 38 +++++++++++++++++++++++++++++++------- 4 files changed, 40 insertions(+), 9 deletions(-) diff --git a/adapter/adapter_test.go b/adapter/adapter_test.go index 3ca6fad2..9b76d54a 100644 --- a/adapter/adapter_test.go +++ b/adapter/adapter_test.go @@ -24,13 +24,13 @@ func TestRego(t *testing.T) { result, err := RunFromFile( tc.adapter, WithInputFileSlice(tc.inputFiles), - WithTracing(true), + // WithTracing(true), ) require.NoError(t, err) for _, trace := range result.Traces { fmt.Println(trace) } - t.Logf("result: %#v", result.CodeScan) + t.Logf("%s result: %#v", name, result.CodeScan) }) } } diff --git a/adapter/testdata/snyk.rego b/adapter/testdata/snyk.rego index 98fd4337..37d69a92 100644 --- a/adapter/testdata/snyk.rego +++ b/adapter/testdata/snyk.rego @@ -12,6 +12,8 @@ component := [comp | "vulnerabilities": [{ "vid": vuln.id, "severity_score": vuln.cvssScore, + # if you want to add a patch which becomes a vulnerability review + # "patch": {"message": "test patch"}, }], } ] diff --git a/store/api/component.go b/store/api/component.go index f6159e38..23be82c5 100644 --- a/store/api/component.go +++ b/store/api/component.go @@ -17,6 +17,11 @@ type ( Vulnerability struct { ent.VulnerabilityModelCreate `validate:"required" mapstructure:",squash"` + Patch *VulnerabilityPatch `json:"patch,omitempty" mapstructure:"patch"` + } + + VulnerabilityPatch struct { + Message *string `json:"message,omitempty" validate:"required" mapstructure:"message"` } ComponentRead struct { diff --git a/store/codescan.go b/store/codescan.go index 100200b9..8b910fcd 100644 --- a/store/codescan.go +++ b/store/codescan.go @@ -6,7 +6,9 @@ import ( "github.com/valocode/bubbly/ent/gitcommit" "github.com/valocode/bubbly/ent/release" "github.com/valocode/bubbly/ent/releasecomponent" + "github.com/valocode/bubbly/ent/releasevulnerability" "github.com/valocode/bubbly/ent/vulnerability" + "github.com/valocode/bubbly/ent/vulnerabilityreview" "github.com/valocode/bubbly/store/api" ) @@ -126,14 +128,36 @@ func (h *Handler) saveCodeScan(dbRelease *ent.Release, scan *api.CodeScan) (*ent return HandleEntError(err, "vulnerability") } } - _, err = tx.ReleaseVulnerability.Create(). - SetRelease(dbRelease). - SetVulnerability(existingVuln). - SetScan(codeScan). - SetComponent(relComp). - Save(h.ctx) + // Check if the release vulnerability already exists, which is + // the combination of release ID and vulnerability ID + dbRelVuln, err := tx.ReleaseVulnerability.Query().Where( + releasevulnerability.HasReleaseWith(release.ID(dbRelease.ID)), + releasevulnerability.HasVulnerabilityWith(vulnerability.ID(existingVuln.ID)), + ).Only(h.ctx) if err != nil { - return HandleEntError(err, "release vulnerability") + if !ent.IsNotFound(err) { + return HandleEntError(err, "query release vulnerability") + } + dbRelVuln, err = tx.ReleaseVulnerability.Create(). + SetRelease(dbRelease). + SetVulnerability(existingVuln). + SetScan(codeScan). + SetComponent(relComp). + Save(h.ctx) + if err != nil { + return HandleEntError(err, "create release vulnerability") + } + } + if vuln.Patch != nil { + _, err := tx.VulnerabilityReview.Create(). + SetName(*vuln.Patch.Message). + SetDecision(vulnerabilityreview.DecisionPatched). + SetVulnerability(existingVuln). + AddInstanceIDs(dbRelVuln.ID). + Save(h.ctx) + if err != nil { + return HandleEntError(err, "create vulnerability patch") + } } } }