diff --git a/pkg/cli/client/gql_queries.go b/pkg/cli/client/gql_queries.go index 1d38349b..de861d5f 100644 --- a/pkg/cli/client/gql_queries.go +++ b/pkg/cli/client/gql_queries.go @@ -78,7 +78,7 @@ func DerivedImageListQuery() GQLQuery { func CVEListForImageQuery() GQLQuery { return GQLQuery{ Name: "CVEListForImage", - Args: []string{"image", "requestedPage", "searchedCVE", "excludedCVE"}, + Args: []string{"image", "requestedPage", "searchedCVE", "excludedCVE", "severity"}, ReturnType: CVEResultForImage(), } } diff --git a/pkg/extensions/search/cve/cve.go b/pkg/extensions/search/cve/cve.go index f188e7a3..cbdd4454 100644 --- a/pkg/extensions/search/cve/cve.go +++ b/pkg/extensions/search/cve/cve.go @@ -21,7 +21,7 @@ import ( type CveInfo interface { GetImageListForCVE(ctx context.Context, repo, cveID string) ([]cvemodel.TagInfo, error) GetImageListWithCVEFixed(ctx context.Context, repo, cveID string) ([]cvemodel.TagInfo, error) - GetCVEListForImage(ctx context.Context, repo, tag string, searchedCVE string, excludedCVE string, + GetCVEListForImage(ctx context.Context, repo, tag string, searchedCVE string, excludedCVE string, severity string, pageinput cvemodel.PageInput) ([]cvemodel.CVE, cvemodel.ImageCVESummary, zcommon.PageInfo, error) GetCVESummaryForImageMedia(ctx context.Context, repo, digestStr, mediaType string) (cvemodel.ImageCVESummary, error) } @@ -329,10 +329,16 @@ func getConfigAndDigest(metaDB mTypes.MetaDB, manifestDigestStr string) (ispec.I return manifestData.Manifests[0].Config, manifestDigest, err } -func filterCVEList(cveMap map[string]cvemodel.CVE, searchedCVE, excludedCVE string, pageFinder *CvePageFinder) { +func filterCVEList( + cveMap map[string]cvemodel.CVE, searchedCVE, excludedCVE, severity string, pageFinder *CvePageFinder, +) { searchedCVE = strings.ToUpper(searchedCVE) for _, cve := range cveMap { + if severity != "" && (cvemodel.CompareSeverities(cve.Severity, severity) != 0) { + continue + } + if excludedCVE != "" && cve.ContainsStr(excludedCVE) { continue } @@ -344,7 +350,7 @@ func filterCVEList(cveMap map[string]cvemodel.CVE, searchedCVE, excludedCVE stri } func (cveinfo BaseCveInfo) GetCVEListForImage(ctx context.Context, repo, ref string, searchedCVE string, - excludedCVE string, pageInput cvemodel.PageInput, + excludedCVE string, severity string, pageInput cvemodel.PageInput, ) ( []cvemodel.CVE, cvemodel.ImageCVESummary, zcommon.PageInfo, error, ) { @@ -373,7 +379,7 @@ func (cveinfo BaseCveInfo) GetCVEListForImage(ctx context.Context, repo, ref str return []cvemodel.CVE{}, imageCVESummary, zcommon.PageInfo{}, err } - filterCVEList(cveMap, searchedCVE, excludedCVE, pageFinder) + filterCVEList(cveMap, searchedCVE, excludedCVE, severity, pageFinder) cveList, pageInfo := pageFinder.Page() diff --git a/pkg/extensions/search/cve/cve_test.go b/pkg/extensions/search/cve/cve_test.go index 498a824f..f13eef24 100644 --- a/pkg/extensions/search/cve/cve_test.go +++ b/pkg/extensions/search/cve/cve_test.go @@ -1192,7 +1192,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo ctx := context.Background() // Image is found - cveList, cveSummary, pageInfo, err := cveInfo.GetCVEListForImage(ctx, repo1, "0.1.0", "", "", pageInput) + cveList, cveSummary, pageInfo, err := cveInfo.GetCVEListForImage(ctx, repo1, "0.1.0", "", "", "", pageInput) So(err, ShouldBeNil) So(len(cveList), ShouldEqual, 1) So(cveList[0].ID, ShouldEqual, "CVE1") @@ -1206,7 +1206,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo So(cveSummary.CriticalCount, ShouldEqual, 0) So(cveSummary.MaxSeverity, ShouldEqual, "MEDIUM") - cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo1, "1.0.0", "", "", pageInput) + cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo1, "1.0.0", "", "", "", pageInput) So(err, ShouldBeNil) So(len(cveList), ShouldEqual, 3) So(cveList[0].ID, ShouldEqual, "CVE2") @@ -1222,7 +1222,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo So(cveSummary.CriticalCount, ShouldEqual, 0) So(cveSummary.MaxSeverity, ShouldEqual, "HIGH") - cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo1, "1.0.1", "", "", pageInput) + cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo1, "1.0.1", "", "", "", pageInput) So(err, ShouldBeNil) So(len(cveList), ShouldEqual, 2) So(cveList[0].ID, ShouldEqual, "CVE1") @@ -1237,7 +1237,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo So(cveSummary.CriticalCount, ShouldEqual, 0) So(cveSummary.MaxSeverity, ShouldEqual, "MEDIUM") - cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo1, "1.1.0", "", "", pageInput) + cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo1, "1.1.0", "", "", "", pageInput) So(err, ShouldBeNil) So(len(cveList), ShouldEqual, 1) So(cveList[0].ID, ShouldEqual, "CVE3") @@ -1251,7 +1251,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo So(cveSummary.CriticalCount, ShouldEqual, 0) So(cveSummary.MaxSeverity, ShouldEqual, "LOW") - cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo6, "1.0.0", "", "", pageInput) + cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo6, "1.0.0", "", "", "", pageInput) So(err, ShouldBeNil) So(len(cveList), ShouldEqual, 0) So(pageInfo.ItemCount, ShouldEqual, 0) @@ -1264,7 +1264,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo So(cveSummary.CriticalCount, ShouldEqual, 0) So(cveSummary.MaxSeverity, ShouldEqual, "NONE") - cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo8, "1.0.0", "", "", pageInput) + cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo8, "1.0.0", "", "", "", pageInput) So(err, ShouldBeNil) So(len(cveList), ShouldEqual, 7) So(pageInfo.ItemCount, ShouldEqual, 7) @@ -1278,7 +1278,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL") // Image is multiarch - cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repoMultiarch, "tagIndex", "", "", pageInput) + cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repoMultiarch, "tagIndex", "", "", "", pageInput) So(err, ShouldBeNil) So(len(cveList), ShouldEqual, 1) So(cveList[0].ID, ShouldEqual, "CVE1") @@ -1293,7 +1293,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo So(cveSummary.MaxSeverity, ShouldEqual, "MEDIUM") // Image is not scannable - cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo2, "1.0.0", "", "", pageInput) + cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo2, "1.0.0", "", "", "", pageInput) So(err, ShouldEqual, zerr.ErrScanNotSupported) So(len(cveList), ShouldEqual, 0) So(pageInfo.ItemCount, ShouldEqual, 0) @@ -1307,7 +1307,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo So(cveSummary.MaxSeverity, ShouldEqual, "") // Tag is not found - cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo3, "1.0.0", "", "", pageInput) + cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo3, "1.0.0", "", "", "", pageInput) So(err, ShouldEqual, zerr.ErrTagMetaNotFound) So(len(cveList), ShouldEqual, 0) So(pageInfo.ItemCount, ShouldEqual, 0) @@ -1321,7 +1321,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo So(cveSummary.MaxSeverity, ShouldEqual, "") // Scan failed - cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo7, "1.0.0", "", "", pageInput) + cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo7, "1.0.0", "", "", "", pageInput) So(err, ShouldEqual, ErrFailedScan) So(len(cveList), ShouldEqual, 0) So(pageInfo.ItemCount, ShouldEqual, 0) @@ -1335,7 +1335,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo So(cveSummary.MaxSeverity, ShouldEqual, "") // Tag is not found - cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo-with-bad-tag-digest", "tag", "", "", pageInput) + cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo-with-bad-tag-digest", "tag", "", "", "", pageInput) So(err, ShouldEqual, zerr.ErrImageMetaNotFound) So(len(cveList), ShouldEqual, 0) So(pageInfo.ItemCount, ShouldEqual, 0) @@ -1349,7 +1349,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo So(cveSummary.MaxSeverity, ShouldEqual, "") // Repo is not found - cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo100, "1.0.0", "", "", pageInput) + cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo100, "1.0.0", "", "", "", pageInput) So(err, ShouldEqual, zerr.ErrRepoMetaNotFound) So(len(cveList), ShouldEqual, 0) So(pageInfo.ItemCount, ShouldEqual, 0) @@ -1580,7 +1580,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo So(cveSummary.CriticalCount, ShouldEqual, 0) So(cveSummary.MaxSeverity, ShouldEqual, "") - cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo1, "0.1.0", "", "", pageInput) + cveList, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, repo1, "0.1.0", "", "", "", pageInput) So(err, ShouldNotBeNil) So(cveList, ShouldBeEmpty) So(pageInfo.ItemCount, ShouldEqual, 0) diff --git a/pkg/extensions/search/cve/pagination_test.go b/pkg/extensions/search/cve/pagination_test.go index 10173981..49cc28fc 100644 --- a/pkg/extensions/search/cve/pagination_test.go +++ b/pkg/extensions/search/cve/pagination_test.go @@ -140,7 +140,8 @@ func TestCVEPagination(t *testing.T) { Convey("Page", func() { Convey("defaults", func() { // By default expect unlimitted results sorted by severity - cves, cveSummary, pageInfo, err := cveInfo.GetCVEListForImage(ctx, "repo1", "0.1.0", "", "", cvemodel.PageInput{}) + cves, cveSummary, pageInfo, err := cveInfo.GetCVEListForImage(ctx, "repo1", "0.1.0", "", "", + "", cvemodel.PageInput{}) So(err, ShouldBeNil) So(len(cves), ShouldEqual, 5) So(pageInfo.ItemCount, ShouldEqual, 5) @@ -158,7 +159,8 @@ func TestCVEPagination(t *testing.T) { previousSeverity = severityToInt[cve.Severity] } - cves, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo1", "1.0.0", "", "", cvemodel.PageInput{}) + cves, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo1", "1.0.0", "", "", "", + cvemodel.PageInput{}) So(err, ShouldBeNil) So(len(cves), ShouldEqual, 30) So(pageInfo.ItemCount, ShouldEqual, 30) @@ -183,7 +185,7 @@ func TestCVEPagination(t *testing.T) { cveIds = append(cveIds, fmt.Sprintf("CVE%d", i)) } - cves, cveSummary, pageInfo, err := cveInfo.GetCVEListForImage(ctx, "repo1", "0.1.0", "", "", + cves, cveSummary, pageInfo, err := cveInfo.GetCVEListForImage(ctx, "repo1", "0.1.0", "", "", "", cvemodel.PageInput{SortBy: cveinfo.AlphabeticAsc}) So(err, ShouldBeNil) So(len(cves), ShouldEqual, 5) @@ -201,7 +203,7 @@ func TestCVEPagination(t *testing.T) { } sort.Strings(cveIds) - cves, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo1", "1.0.0", "", "", + cves, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo1", "1.0.0", "", "", "", cvemodel.PageInput{SortBy: cveinfo.AlphabeticAsc}) So(err, ShouldBeNil) So(len(cves), ShouldEqual, 30) @@ -219,7 +221,7 @@ func TestCVEPagination(t *testing.T) { } sort.Sort(sort.Reverse(sort.StringSlice(cveIds))) - cves, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo1", "1.0.0", "", "", + cves, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo1", "1.0.0", "", "", "", cvemodel.PageInput{SortBy: cveinfo.AlphabeticDsc}) So(err, ShouldBeNil) So(len(cves), ShouldEqual, 30) @@ -236,7 +238,7 @@ func TestCVEPagination(t *testing.T) { So(cve.ID, ShouldEqual, cveIds[i]) } - cves, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo1", "1.0.0", "", "", + cves, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo1", "1.0.0", "", "", "", cvemodel.PageInput{SortBy: cveinfo.SeverityDsc}) So(err, ShouldBeNil) So(len(cves), ShouldEqual, 30) @@ -262,7 +264,7 @@ func TestCVEPagination(t *testing.T) { cveIds = append(cveIds, fmt.Sprintf("CVE%d", i)) } - cves, cveSummary, pageInfo, err := cveInfo.GetCVEListForImage(ctx, "repo1", "0.1.0", "", "", cvemodel.PageInput{ + cves, cveSummary, pageInfo, err := cveInfo.GetCVEListForImage(ctx, "repo1", "0.1.0", "", "", "", cvemodel.PageInput{ Limit: 3, Offset: 1, SortBy: cveinfo.AlphabeticAsc, @@ -283,7 +285,7 @@ func TestCVEPagination(t *testing.T) { So(cveSummary.CriticalCount, ShouldEqual, 1) So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL") - cves, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo1", "0.1.0", "", "", cvemodel.PageInput{ + cves, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo1", "0.1.0", "", "", "", cvemodel.PageInput{ Limit: 2, Offset: 1, SortBy: cveinfo.AlphabeticDsc, @@ -303,7 +305,7 @@ func TestCVEPagination(t *testing.T) { So(cveSummary.CriticalCount, ShouldEqual, 1) So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL") - cves, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo1", "0.1.0", "", "", cvemodel.PageInput{ + cves, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo1", "0.1.0", "", "", "", cvemodel.PageInput{ Limit: 3, Offset: 1, SortBy: cveinfo.SeverityDsc, @@ -327,7 +329,7 @@ func TestCVEPagination(t *testing.T) { } sort.Strings(cveIds) - cves, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo1", "1.0.0", "", "", cvemodel.PageInput{ + cves, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo1", "1.0.0", "", "", "", cvemodel.PageInput{ Limit: 5, Offset: 20, SortBy: cveinfo.AlphabeticAsc, @@ -350,7 +352,7 @@ func TestCVEPagination(t *testing.T) { }) Convey("limit > len(cves)", func() { - cves, cveSummary, pageInfo, err := cveInfo.GetCVEListForImage(ctx, "repo1", "0.1.0", "", "", cvemodel.PageInput{ + cves, cveSummary, pageInfo, err := cveInfo.GetCVEListForImage(ctx, "repo1", "0.1.0", "", "", "", cvemodel.PageInput{ Limit: 6, Offset: 3, SortBy: cveinfo.AlphabeticAsc, @@ -370,7 +372,7 @@ func TestCVEPagination(t *testing.T) { So(cveSummary.CriticalCount, ShouldEqual, 1) So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL") - cves, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo1", "0.1.0", "", "", cvemodel.PageInput{ + cves, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo1", "0.1.0", "", "", "", cvemodel.PageInput{ Limit: 6, Offset: 3, SortBy: cveinfo.AlphabeticDsc, @@ -390,7 +392,7 @@ func TestCVEPagination(t *testing.T) { So(cveSummary.CriticalCount, ShouldEqual, 1) So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL") - cves, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo1", "0.1.0", "", "", cvemodel.PageInput{ + cves, cveSummary, pageInfo, err = cveInfo.GetCVEListForImage(ctx, "repo1", "0.1.0", "", "", "", cvemodel.PageInput{ Limit: 6, Offset: 3, SortBy: cveinfo.SeverityDsc, diff --git a/pkg/extensions/search/gql_generated/generated.go b/pkg/extensions/search/gql_generated/generated.go index 33ba9a40..675b17cf 100644 --- a/pkg/extensions/search/gql_generated/generated.go +++ b/pkg/extensions/search/gql_generated/generated.go @@ -170,7 +170,7 @@ type ComplexityRoot struct { Query struct { BaseImageList func(childComplexity int, image string, digest *string, requestedPage *PageInput) int BookmarkedRepos func(childComplexity int, requestedPage *PageInput) int - CVEListForImage func(childComplexity int, image string, requestedPage *PageInput, searchedCve *string, excludedCve *string) int + CVEListForImage func(childComplexity int, image string, requestedPage *PageInput, searchedCve *string, excludedCve *string, severity *string) int DerivedImageList func(childComplexity int, image string, digest *string, requestedPage *PageInput) int ExpandedRepoInfo func(childComplexity int, repo string) int GlobalSearch func(childComplexity int, query string, filter *Filter, requestedPage *PageInput) int @@ -219,7 +219,7 @@ type ComplexityRoot struct { } type QueryResolver interface { - CVEListForImage(ctx context.Context, image string, requestedPage *PageInput, searchedCve *string, excludedCve *string) (*CVEResultForImage, error) + CVEListForImage(ctx context.Context, image string, requestedPage *PageInput, searchedCve *string, excludedCve *string, severity *string) (*CVEResultForImage, error) ImageListForCve(ctx context.Context, id string, filter *Filter, requestedPage *PageInput) (*PaginatedImagesResult, error) ImageListWithCVEFixed(ctx context.Context, id string, image string, filter *Filter, requestedPage *PageInput) (*PaginatedImagesResult, error) ImageListForDigest(ctx context.Context, id string, requestedPage *PageInput) (*PaginatedImagesResult, error) @@ -827,7 +827,7 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return 0, false } - return e.complexity.Query.CVEListForImage(childComplexity, args["image"].(string), args["requestedPage"].(*PageInput), args["searchedCVE"].(*string), args["excludedCVE"].(*string)), true + return e.complexity.Query.CVEListForImage(childComplexity, args["image"].(string), args["requestedPage"].(*PageInput), args["searchedCVE"].(*string), args["excludedCVE"].(*string), args["severity"].(*string)), true case "Query.DerivedImageList": if e.complexity.Query.DerivedImageList == nil { @@ -1839,6 +1839,8 @@ type Query { searchedCVE: String "Search term that must not be present in the returned results" excludedCVE: String + "Severity of the CVEs that should be present in the returned results" + severity: String ): CVEResultForImage! """ @@ -2075,6 +2077,15 @@ func (ec *executionContext) field_Query_CVEListForImage_args(ctx context.Context } } args["excludedCVE"] = arg3 + var arg4 *string + if tmp, ok := rawArgs["severity"]; ok { + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("severity")) + arg4, err = ec.unmarshalOString2áš–string(ctx, tmp) + if err != nil { + return nil, err + } + } + args["severity"] = arg4 return args, nil } @@ -5936,7 +5947,7 @@ func (ec *executionContext) _Query_CVEListForImage(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().CVEListForImage(rctx, fc.Args["image"].(string), fc.Args["requestedPage"].(*PageInput), fc.Args["searchedCVE"].(*string), fc.Args["excludedCVE"].(*string)) + return ec.resolvers.Query().CVEListForImage(rctx, fc.Args["image"].(string), fc.Args["requestedPage"].(*PageInput), fc.Args["searchedCVE"].(*string), fc.Args["excludedCVE"].(*string), fc.Args["severity"].(*string)) }) if err != nil { ec.Error(ctx, err) diff --git a/pkg/extensions/search/resolver.go b/pkg/extensions/search/resolver.go index 15814530..da7ea2c8 100644 --- a/pkg/extensions/search/resolver.go +++ b/pkg/extensions/search/resolver.go @@ -197,6 +197,7 @@ func getCVEListForImage( requestedPage *gql_generated.PageInput, searchedCVE string, excludedCVE string, + severity string, log log.Logger, //nolint:unparam // may be used by devs for debugging ) (*gql_generated.CVEResultForImage, error) { if requestedPage == nil { @@ -218,7 +219,7 @@ func getCVEListForImage( } cveList, imageCveSummary, pageInfo, err := cveInfo.GetCVEListForImage(ctx, repo, ref, - searchedCVE, excludedCVE, pageInput) + searchedCVE, excludedCVE, severity, pageInput) if err != nil { return &gql_generated.CVEResultForImage{}, err } diff --git a/pkg/extensions/search/resolver_test.go b/pkg/extensions/search/resolver_test.go index f62a8709..efe30a7e 100644 --- a/pkg/extensions/search/resolver_test.go +++ b/pkg/extensions/search/resolver_test.go @@ -1166,10 +1166,10 @@ func TestCVEResolvers(t *testing.T) { //nolint:gocyclo dig := godigest.FromString("dig") repoWithDigestRef := fmt.Sprintf("repo@%s", dig) - _, err := getCVEListForImage(responseContext, repoWithDigestRef, cveInfo, pageInput, "", "", log) + _, err := getCVEListForImage(responseContext, repoWithDigestRef, cveInfo, pageInput, "", "", "", log) So(err, ShouldBeNil) - cveResult, err := getCVEListForImage(responseContext, "repo1:1.0.0", cveInfo, pageInput, "", "", log) + cveResult, err := getCVEListForImage(responseContext, "repo1:1.0.0", cveInfo, pageInput, "", "", "", log) So(err, ShouldBeNil) So(*cveResult.Tag, ShouldEqual, "1.0.0") @@ -1181,7 +1181,7 @@ func TestCVEResolvers(t *testing.T) { //nolint:gocyclo } // test searching CVE by id in results - cveResult, err = getCVEListForImage(responseContext, "repo1:1.0.0", cveInfo, pageInput, "CVE3", "", log) + cveResult, err = getCVEListForImage(responseContext, "repo1:1.0.0", cveInfo, pageInput, "CVE3", "", "", log) So(err, ShouldBeNil) So(*cveResult.Tag, ShouldEqual, "1.0.0") @@ -1193,13 +1193,13 @@ func TestCVEResolvers(t *testing.T) { //nolint:gocyclo } // test searching CVE by id in results - no matches - cveResult, err = getCVEListForImage(responseContext, "repo1:1.0.0", cveInfo, pageInput, "CVE100", "", log) + cveResult, err = getCVEListForImage(responseContext, "repo1:1.0.0", cveInfo, pageInput, "CVE100", "", "", log) So(err, ShouldBeNil) So(*cveResult.Tag, ShouldEqual, "1.0.0") So(len(cveResult.CVEList), ShouldEqual, 0) // test searching CVE by id in results - partial name - cveResult, err = getCVEListForImage(responseContext, "repo1:1.0.0", cveInfo, pageInput, "VE3", "", log) + cveResult, err = getCVEListForImage(responseContext, "repo1:1.0.0", cveInfo, pageInput, "VE3", "", "", log) So(err, ShouldBeNil) So(*cveResult.Tag, ShouldEqual, "1.0.0") @@ -1211,7 +1211,7 @@ func TestCVEResolvers(t *testing.T) { //nolint:gocyclo } // test searching CVE by title in results - cveResult, err = getCVEListForImage(responseContext, "repo1:1.0.0", cveInfo, pageInput, "Title CVE", "", log) + cveResult, err = getCVEListForImage(responseContext, "repo1:1.0.0", cveInfo, pageInput, "Title CVE", "", "", log) So(err, ShouldBeNil) So(*cveResult.Tag, ShouldEqual, "1.0.0") @@ -1222,7 +1222,7 @@ func TestCVEResolvers(t *testing.T) { //nolint:gocyclo So(expectedCves, ShouldContain, *cve.ID) } - cveResult, err = getCVEListForImage(responseContext, "repo1:1.0.1", cveInfo, pageInput, "", "", log) + cveResult, err = getCVEListForImage(responseContext, "repo1:1.0.1", cveInfo, pageInput, "", "", "", log) So(err, ShouldBeNil) So(*cveResult.Tag, ShouldEqual, "1.0.1") @@ -1233,7 +1233,7 @@ func TestCVEResolvers(t *testing.T) { //nolint:gocyclo So(expectedCves, ShouldContain, *cve.ID) } - cveResult, err = getCVEListForImage(responseContext, "repo1:1.1.0", cveInfo, pageInput, "", "", log) + cveResult, err = getCVEListForImage(responseContext, "repo1:1.1.0", cveInfo, pageInput, "", "", "", log) So(err, ShouldBeNil) So(*cveResult.Tag, ShouldEqual, "1.1.0") @@ -1254,7 +1254,7 @@ func TestCVEResolvers(t *testing.T) { //nolint:gocyclo graphql.DefaultRecover) cveResult, err := getCVEListForImage(responseContext, "repo1:1.0.0", cveInfo, pageInput, "Title CVE", - "Title CVE2", log) + "Title CVE2", "", log) So(err, ShouldBeNil) So(*cveResult.Tag, ShouldEqual, "1.0.0") @@ -1266,7 +1266,7 @@ func TestCVEResolvers(t *testing.T) { //nolint:gocyclo } cveResult, err = getCVEListForImage(responseContext, "repo1:1.0.0", cveInfo, pageInput, "Description", - "Description CVE2", log) + "Description CVE2", "", log) So(err, ShouldBeNil) So(*cveResult.Tag, ShouldEqual, "1.0.0") @@ -1278,6 +1278,39 @@ func TestCVEResolvers(t *testing.T) { //nolint:gocyclo } }) + Convey("Unpaginated request to get all CVEs in an image filtered by severity", func() { + pageInput := &gql_generated.PageInput{ + SortBy: ref(gql_generated.SortCriteriaAlphabeticAsc), + } + + responseContext := graphql.WithResponseContext(ctx, graphql.DefaultErrorPresenter, + graphql.DefaultRecover) + + cveResult, err := getCVEListForImage(responseContext, "repo1:1.0.0", cveInfo, pageInput, "", + "", "HIGH", log) + So(err, ShouldBeNil) + So(*cveResult.Tag, ShouldEqual, "1.0.0") + + expectedCves := []string{"CVE1"} + So(len(cveResult.CVEList), ShouldEqual, len(expectedCves)) + + for _, cve := range cveResult.CVEList { + So(expectedCves, ShouldContain, *cve.ID) + } + + cveResult, err = getCVEListForImage(responseContext, "repo1:1.0.0", cveInfo, pageInput, "Description", + "Description CVE2", "LOW", log) + So(err, ShouldBeNil) + So(*cveResult.Tag, ShouldEqual, "1.0.0") + + expectedCves = []string{"CVE3", "CVE34"} + So(len(cveResult.CVEList), ShouldEqual, len(expectedCves)) + + for _, cve := range cveResult.CVEList { + So(expectedCves, ShouldContain, *cve.ID) + } + }) + Convey("paginated fail", func() { pageInput := &gql_generated.PageInput{ Limit: ref(-1), @@ -1286,7 +1319,7 @@ func TestCVEResolvers(t *testing.T) { //nolint:gocyclo responseContext := graphql.WithResponseContext(ctx, graphql.DefaultErrorPresenter, graphql.DefaultRecover) - _, err = getCVEListForImage(responseContext, "repo1:1.1.0", cveInfo, pageInput, "", "", log) + _, err = getCVEListForImage(responseContext, "repo1:1.1.0", cveInfo, pageInput, "", "", "", log) So(err, ShouldNotBeNil) }) }) diff --git a/pkg/extensions/search/schema.graphql b/pkg/extensions/search/schema.graphql index 45ca4291..5ea81629 100644 --- a/pkg/extensions/search/schema.graphql +++ b/pkg/extensions/search/schema.graphql @@ -637,6 +637,8 @@ type Query { searchedCVE: String "Search term that must not be present in the returned results" excludedCVE: String + "Severity of the CVEs that should be present in the returned results" + severity: String ): CVEResultForImage! """ diff --git a/pkg/extensions/search/schema.resolvers.go b/pkg/extensions/search/schema.resolvers.go index f6abb49c..4e7d0b70 100644 --- a/pkg/extensions/search/schema.resolvers.go +++ b/pkg/extensions/search/schema.resolvers.go @@ -15,12 +15,12 @@ import ( ) // CVEListForImage is the resolver for the CVEListForImage field. -func (r *queryResolver) CVEListForImage(ctx context.Context, image string, requestedPage *gql_generated.PageInput, searchedCve *string, excludedCve *string) (*gql_generated.CVEResultForImage, error) { +func (r *queryResolver) CVEListForImage(ctx context.Context, image string, requestedPage *gql_generated.PageInput, searchedCve *string, excludedCve *string, severity *string) (*gql_generated.CVEResultForImage, error) { if r.cveInfo == nil { return &gql_generated.CVEResultForImage{}, zerr.ErrCVESearchDisabled } - return getCVEListForImage(ctx, image, r.cveInfo, requestedPage, deref(searchedCve, ""), deref(excludedCve, ""), r.log) + return getCVEListForImage(ctx, image, r.cveInfo, requestedPage, deref(searchedCve, ""), deref(excludedCve, ""), deref(severity, ""), r.log) } // ImageListForCve is the resolver for the ImageListForCVE field. diff --git a/pkg/test/mocks/cve_mock.go b/pkg/test/mocks/cve_mock.go index 944fe7ff..f7f66c4d 100644 --- a/pkg/test/mocks/cve_mock.go +++ b/pkg/test/mocks/cve_mock.go @@ -10,7 +10,7 @@ import ( type CveInfoMock struct { GetImageListForCVEFn func(ctx context.Context, repo, cveID string) ([]cvemodel.TagInfo, error) GetImageListWithCVEFixedFn func(ctx context.Context, repo, cveID string) ([]cvemodel.TagInfo, error) - GetCVEListForImageFn func(ctx context.Context, repo, reference, searchedCVE, excludedCVE string, + GetCVEListForImageFn func(ctx context.Context, repo, reference, searchedCVE, excludedCVE, severity string, pageInput cvemodel.PageInput) ([]cvemodel.CVE, cvemodel.ImageCVESummary, common.PageInfo, error) GetCVESummaryForImageMediaFn func(ctx context.Context, repo string, digest, mediaType string, ) (cvemodel.ImageCVESummary, error) @@ -34,7 +34,7 @@ func (cveInfo CveInfoMock) GetImageListWithCVEFixed(ctx context.Context, repo, c } func (cveInfo CveInfoMock) GetCVEListForImage(ctx context.Context, repo string, reference string, - searchedCVE string, excludedCVE string, pageInput cvemodel.PageInput, + searchedCVE string, excludedCVE string, severity string, pageInput cvemodel.PageInput, ) ( []cvemodel.CVE, cvemodel.ImageCVESummary, @@ -42,7 +42,7 @@ func (cveInfo CveInfoMock) GetCVEListForImage(ctx context.Context, repo string, error, ) { if cveInfo.GetCVEListForImageFn != nil { - return cveInfo.GetCVEListForImageFn(ctx, repo, reference, searchedCVE, excludedCVE, pageInput) + return cveInfo.GetCVEListForImageFn(ctx, repo, reference, searchedCVE, excludedCVE, severity, pageInput) } return []cvemodel.CVE{}, cvemodel.ImageCVESummary{}, common.PageInfo{}, nil