From 4a9a82eac2c8ebdea8a44aa8002920f0b7661c8d Mon Sep 17 00:00:00 2001
From: Matteo Mortari <matteo.mortari@gmail.com>
Date: Wed, 28 Aug 2024 10:23:02 +0200
Subject: [PATCH] cve: fix Double-count in "All Images" for CVE image scan
 report (#2856)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* WIP: CVE scan double-counting CVEs total

baseline

Signed-off-by: tarilabs <matteo.mortari@gmail.com>

* fixed to avoid double-counting with demo

Signed-off-by: tarilabs <matteo.mortari@gmail.com>

* remove demo files

Signed-off-by: tarilabs <matteo.mortari@gmail.com>

---------

Signed-off-by: tarilabs <matteo.mortari@gmail.com>
Signed-off-by: Patrick Schönthaler <patrick.schoenthaler@itsc.de>
---
 hack/trivy_scan.py | 34 ++++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/hack/trivy_scan.py b/hack/trivy_scan.py
index 91da390394..3e2213eaa5 100644
--- a/hack/trivy_scan.py
+++ b/hack/trivy_scan.py
@@ -275,6 +275,7 @@ def extract_images(version):
 )
 
 # Initialize counters
+unique_images = {} # unique set of images across all WGs
 total_images = 0
 total_low = 0
 total_medium = 0
@@ -309,12 +310,9 @@ def extract_images(version):
     high = sum(entry["severity_counts"]["HIGH"] for entry in data)
     critical = sum(entry["severity_counts"]["CRITICAL"] for entry in data)
 
-    # Update the total counts
-    total_images += image_count
-    total_low += low
-    total_medium += medium
-    total_high += high
-    total_critical += critical
+    # Update unique_images for the total counts later
+    for d in data:
+        unique_images[d["image"]] = d
 
     # Create the output for this file
     file_data = {
@@ -328,15 +326,23 @@ def extract_images(version):
     # Update merged_data with filename as key
     merged_data[filename] = file_data
 
-    # Add total counts to merged_data
-    merged_data["total"] = {
-        "images": total_images,
-        "LOW": total_low,
-        "MEDIUM": total_medium,
-        "HIGH": total_high,
-        "CRITICAL": total_critical,
-    }
 
+# Update the total counts
+unique_images = unique_images.values() # keep the set of values
+total_images += len(unique_images)
+total_low += sum(entry["severity_counts"]["LOW"] for entry in unique_images)
+total_medium += sum(entry["severity_counts"]["MEDIUM"] for entry in unique_images)
+total_high += sum(entry["severity_counts"]["HIGH"] for entry in unique_images)
+total_critical += sum(entry["severity_counts"]["CRITICAL"] for entry in unique_images)
+
+# Add total counts to merged_data
+merged_data["total"] = {
+    "images": total_images,
+    "LOW": total_low,
+    "MEDIUM": total_medium,
+    "HIGH": total_high,
+    "CRITICAL": total_critical,
+}
 
 log("Summary in Json Format:")
 log(json.dumps(merged_data, indent=4))