0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2025-01-06 22:40:28 -05:00
zot/pkg/extensions/search/convert/cve.go

110 lines
2.9 KiB
Go
Raw Normal View History

package convert
import (
"context"
"github.com/99designs/gqlgen/graphql"
ispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/vektah/gqlparser/v2/gqlerror"
cveinfo "zotregistry.io/zot/pkg/extensions/search/cve"
cvemodel "zotregistry.io/zot/pkg/extensions/search/cve/model"
"zotregistry.io/zot/pkg/extensions/search/gql_generated"
)
func updateRepoSummaryVulnerabilities(
ctx context.Context,
repoSummary *gql_generated.RepoSummary,
skip SkipQGLField,
cveInfo cveinfo.CveInfo,
) {
if repoSummary == nil {
return
}
updateImageSummaryVulnerabilities(ctx, repoSummary.NewestImage, skip, cveInfo)
}
func updateImageSummaryVulnerabilities(
ctx context.Context,
imageSummary *gql_generated.ImageSummary,
skip SkipQGLField,
cveInfo cveinfo.CveInfo,
) {
if imageSummary == nil {
return
}
imageCveSummary := cvemodel.ImageCVESummary{}
imageSummary.Vulnerabilities = &gql_generated.ImageVulnerabilitySummary{
MaxSeverity: &imageCveSummary.MaxSeverity,
Count: &imageCveSummary.Count,
}
// Check if vulnerability scanning is disabled
if cveInfo == nil || skip.Vulnerabilities {
return
}
imageCveSummary, err := cveInfo.GetCVESummaryForImageMedia(*imageSummary.RepoName, *imageSummary.Digest,
*imageSummary.MediaType)
if err != nil {
// Log the error, but we should still include the image in results
graphql.AddError(
ctx,
gqlerror.Errorf(
"unable to run vulnerability scan on tag %s in repo %s: error: %s",
*imageSummary.Tag, *imageSummary.RepoName, err.Error(),
),
)
}
imageSummary.Vulnerabilities.MaxSeverity = &imageCveSummary.MaxSeverity
imageSummary.Vulnerabilities.Count = &imageCveSummary.Count
for _, manifestSummary := range imageSummary.Manifests {
updateManifestSummaryVulnerabilities(ctx, manifestSummary, *imageSummary.RepoName, skip, cveInfo)
}
}
func updateManifestSummaryVulnerabilities(
ctx context.Context,
manifestSummary *gql_generated.ManifestSummary,
repoName string,
skip SkipQGLField,
cveInfo cveinfo.CveInfo,
) {
if manifestSummary == nil {
return
}
imageCveSummary := cvemodel.ImageCVESummary{}
manifestSummary.Vulnerabilities = &gql_generated.ImageVulnerabilitySummary{
MaxSeverity: &imageCveSummary.MaxSeverity,
Count: &imageCveSummary.Count,
}
// Check if vulnerability scanning is disabled
if cveInfo == nil || skip.Vulnerabilities {
return
}
imageCveSummary, err := cveInfo.GetCVESummaryForImageMedia(repoName, *manifestSummary.Digest,
ispec.MediaTypeImageManifest)
if err != nil {
// Log the error, but we should still include the manifest in results
graphql.AddError(
ctx,
gqlerror.Errorf(
"unable to run vulnerability scan in repo %s: manifest digest: %s, error: %s",
repoName, *manifestSummary.Digest, err.Error(),
),
)
}
manifestSummary.Vulnerabilities.MaxSeverity = &imageCveSummary.MaxSeverity
manifestSummary.Vulnerabilities.Count = &imageCveSummary.Count
}