mirror of
https://github.com/project-zot/zot.git
synced 2025-01-06 22:40:28 -05:00
110 lines
2.9 KiB
Go
110 lines
2.9 KiB
Go
|
package convert
|
||
|
|
||
|
import (
|
||
|
"context"
|
||
|
|
||
|
"github.com/99designs/gqlgen/graphql"
|
||
|
ispec "github.com/opencontainers/image-spec/specs-go/v1"
|
||
|
"github.com/vektah/gqlparser/v2/gqlerror"
|
||
|
|
||
|
cveinfo "zotregistry.io/zot/pkg/extensions/search/cve"
|
||
|
cvemodel "zotregistry.io/zot/pkg/extensions/search/cve/model"
|
||
|
"zotregistry.io/zot/pkg/extensions/search/gql_generated"
|
||
|
)
|
||
|
|
||
|
func updateRepoSummaryVulnerabilities(
|
||
|
ctx context.Context,
|
||
|
repoSummary *gql_generated.RepoSummary,
|
||
|
skip SkipQGLField,
|
||
|
cveInfo cveinfo.CveInfo,
|
||
|
) {
|
||
|
if repoSummary == nil {
|
||
|
return
|
||
|
}
|
||
|
|
||
|
updateImageSummaryVulnerabilities(ctx, repoSummary.NewestImage, skip, cveInfo)
|
||
|
}
|
||
|
|
||
|
func updateImageSummaryVulnerabilities(
|
||
|
ctx context.Context,
|
||
|
imageSummary *gql_generated.ImageSummary,
|
||
|
skip SkipQGLField,
|
||
|
cveInfo cveinfo.CveInfo,
|
||
|
) {
|
||
|
if imageSummary == nil {
|
||
|
return
|
||
|
}
|
||
|
|
||
|
imageCveSummary := cvemodel.ImageCVESummary{}
|
||
|
|
||
|
imageSummary.Vulnerabilities = &gql_generated.ImageVulnerabilitySummary{
|
||
|
MaxSeverity: &imageCveSummary.MaxSeverity,
|
||
|
Count: &imageCveSummary.Count,
|
||
|
}
|
||
|
|
||
|
// Check if vulnerability scanning is disabled
|
||
|
if cveInfo == nil || skip.Vulnerabilities {
|
||
|
return
|
||
|
}
|
||
|
|
||
|
imageCveSummary, err := cveInfo.GetCVESummaryForImageMedia(*imageSummary.RepoName, *imageSummary.Digest,
|
||
|
*imageSummary.MediaType)
|
||
|
if err != nil {
|
||
|
// Log the error, but we should still include the image in results
|
||
|
graphql.AddError(
|
||
|
ctx,
|
||
|
gqlerror.Errorf(
|
||
|
"unable to run vulnerability scan on tag %s in repo %s: error: %s",
|
||
|
*imageSummary.Tag, *imageSummary.RepoName, err.Error(),
|
||
|
),
|
||
|
)
|
||
|
}
|
||
|
|
||
|
imageSummary.Vulnerabilities.MaxSeverity = &imageCveSummary.MaxSeverity
|
||
|
imageSummary.Vulnerabilities.Count = &imageCveSummary.Count
|
||
|
|
||
|
for _, manifestSummary := range imageSummary.Manifests {
|
||
|
updateManifestSummaryVulnerabilities(ctx, manifestSummary, *imageSummary.RepoName, skip, cveInfo)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func updateManifestSummaryVulnerabilities(
|
||
|
ctx context.Context,
|
||
|
manifestSummary *gql_generated.ManifestSummary,
|
||
|
repoName string,
|
||
|
skip SkipQGLField,
|
||
|
cveInfo cveinfo.CveInfo,
|
||
|
) {
|
||
|
if manifestSummary == nil {
|
||
|
return
|
||
|
}
|
||
|
|
||
|
imageCveSummary := cvemodel.ImageCVESummary{}
|
||
|
|
||
|
manifestSummary.Vulnerabilities = &gql_generated.ImageVulnerabilitySummary{
|
||
|
MaxSeverity: &imageCveSummary.MaxSeverity,
|
||
|
Count: &imageCveSummary.Count,
|
||
|
}
|
||
|
|
||
|
// Check if vulnerability scanning is disabled
|
||
|
if cveInfo == nil || skip.Vulnerabilities {
|
||
|
return
|
||
|
}
|
||
|
|
||
|
imageCveSummary, err := cveInfo.GetCVESummaryForImageMedia(repoName, *manifestSummary.Digest,
|
||
|
ispec.MediaTypeImageManifest)
|
||
|
if err != nil {
|
||
|
// Log the error, but we should still include the manifest in results
|
||
|
graphql.AddError(
|
||
|
ctx,
|
||
|
gqlerror.Errorf(
|
||
|
"unable to run vulnerability scan in repo %s: manifest digest: %s, error: %s",
|
||
|
repoName, *manifestSummary.Digest, err.Error(),
|
||
|
),
|
||
|
)
|
||
|
}
|
||
|
|
||
|
manifestSummary.Vulnerabilities.MaxSeverity = &imageCveSummary.MaxSeverity
|
||
|
manifestSummary.Vulnerabilities.Count = &imageCveSummary.Count
|
||
|
}
|