From 53ad8c2f357d874fa9c96ebe3511b30ac6df2f25 Mon Sep 17 00:00:00 2001 From: knqyf263 Date: Wed, 8 May 2019 15:25:35 +0900 Subject: [PATCH] Output description and references to JSON --- pkg/report/writer.go | 11 ++++++++++- pkg/scanner/scan.go | 40 ++++++++++++++++++++++++-------------- pkg/types/vulnerability.go | 6 ++++-- 3 files changed, 39 insertions(+), 18 deletions(-) diff --git a/pkg/report/writer.go b/pkg/report/writer.go index 475bbdd5c87d..7b5797cc6841 100644 --- a/pkg/report/writer.go +++ b/pkg/report/writer.go @@ -42,8 +42,17 @@ func (tw TableWriter) write(result Result) { severityCount := map[string]int{} for _, v := range result.Vulnerabilities { severityCount[v.Severity]++ + + title := v.Title + if title == "" { + title = v.Description + } + splittedTitle := strings.Split(title, " ") + if len(splittedTitle) >= 12 { + title = strings.Join(splittedTitle[:12], " ") + "..." + } table.Append([]string{v.PkgName, v.VulnerabilityID, vulnerability.ColorizeSeverity(v.Severity), - v.InstalledVersion, v.FixedVersion, v.Title}) + v.InstalledVersion, v.FixedVersion, title}) } var results []string diff --git a/pkg/scanner/scan.go b/pkg/scanner/scan.go index fc77af74179a..19415c47d6c5 100644 --- a/pkg/scanner/scan.go +++ b/pkg/scanner/scan.go @@ -6,7 +6,6 @@ import ( "fmt" "os" "sort" - "strings" "github.com/knqyf263/trivy/pkg/log" @@ -101,13 +100,15 @@ func ScanFile(f *os.File, severities []vulnerability.Severity) (report.Result, e func processVulnerabilties(vulns []types.Vulnerability, severities []vulnerability.Severity, ignoreUnfixed bool) []types.Vulnerability { var vulnerabilities []types.Vulnerability for _, vuln := range vulns { - sev, title := getDetail(vuln.VulnerabilityID) + sev, title, description, references := getDetail(vuln.VulnerabilityID) // Filter vulnerabilities by severity for _, s := range severities { if s == sev { vuln.Severity = fmt.Sprint(sev) vuln.Title = title + vuln.Description = description + vuln.References = references // Ignore unfixed vulnerabilities if ignoreUnfixed && vuln.FixedVersion == "" { @@ -139,24 +140,15 @@ func openStream(path string) (*os.File, error) { return os.Open(path) } -func getDetail(vulnID string) (vulnerability.Severity, string) { +func getDetail(vulnID string) (vulnerability.Severity, string, string, []string) { details, err := vulnerability.Get(vulnID) if err != nil { log.Logger.Debug(err) - return vulnerability.SeverityUnknown, "" + return vulnerability.SeverityUnknown, "", "", nil } else if len(details) == 0 { - return vulnerability.SeverityUnknown, "" + return vulnerability.SeverityUnknown, "", "", nil } - severity := getSeverity(details) - title := getTitle(details) - if title == "" { - title = getDescription(details) - } - splittedTitle := strings.Split(title, " ") - if len(splittedTitle) >= 12 { - title = strings.Join(splittedTitle[:12], " ") + "..." - } - return severity, title + return getSeverity(details), getTitle(details), getDescription(details), getReferences(details) } func getSeverity(details map[string]vulnerability.Vulnerability) vulnerability.Severity { @@ -204,6 +196,24 @@ func getDescription(details map[string]vulnerability.Vulnerability) string { return "" } +func getReferences(details map[string]vulnerability.Vulnerability) []string { + references := map[string]struct{}{} + for _, source := range sources { + d, ok := details[source] + if !ok { + continue + } + for _, ref := range d.References { + references[ref] = struct{}{} + } + } + var refs []string + for ref := range references { + refs = append(refs, ref) + } + return refs +} + func scoreToSeverity(score float64) vulnerability.Severity { if score >= 9.0 { return vulnerability.SeverityCritical diff --git a/pkg/types/vulnerability.go b/pkg/types/vulnerability.go index 625e4b8f7f42..6413d9477e85 100644 --- a/pkg/types/vulnerability.go +++ b/pkg/types/vulnerability.go @@ -6,6 +6,8 @@ type Vulnerability struct { InstalledVersion string FixedVersion string - Title string - Severity string + Title string + Description string + Severity string + References []string }