Skip to content

Commit

Permalink
🧹 add backwards-compatible platform.vulnerabilityReport (#2086)
Browse files Browse the repository at this point in the history
  • Loading branch information
chris-rock authored Oct 4, 2023
1 parent a17b7c6 commit 93f1686
Show file tree
Hide file tree
Showing 4 changed files with 84 additions and 6 deletions.
5 changes: 5 additions & 0 deletions providers/os/resources/os.lr
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,11 @@ platform.eol @defaults("date") {
date time
}

platform {
// Full advisory & vulnerability report
vulnerabilityReport() dict
}

// Returns all platform/package advisories
platform.advisories {
[]audit.advisory
Expand Down
61 changes: 61 additions & 0 deletions providers/os/resources/os.lr.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions providers/os/resources/os.lr.manifest.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -639,6 +639,10 @@ resources:
file: {}
params: {}
min_mondoo_version: 5.15.0
platform:
fields:
vulnerabilityReport: {}
min_mondoo_version: latest
platform.advisories:
fields:
cvss: {}
Expand Down
20 changes: 14 additions & 6 deletions providers/os/resources/platform_advisories.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,9 +53,8 @@ func newAdvisoryScannerHttpClient(mondooapi string, plugins []ranger.ClientPlugi
return sa, nil
}

// fetches the vulnerability report and returns the full report
func (p *mqlAsset) vulnerabilityReport() (interface{}, error) {
mcc := p.MqlRuntime.Upstream
func fetchVulnReport(runtime *plugin.Runtime) (interface{}, error) {
mcc := runtime.Upstream
if mcc == nil || mcc.ApiEndpoint == "" {
return nil, resources.MissingUpstreamError{}
}
Expand All @@ -67,13 +66,13 @@ func (p *mqlAsset) vulnerabilityReport() (interface{}, error) {
return nil, err
}

conn := p.MqlRuntime.Connection.(shared.Connection)
conn := runtime.Connection.(shared.Connection)
apiPackages := []*mvd.Package{}
kernelVersion := ""

// collect pacakges if the platform supports gathering files
if conn.Capabilities().Has(shared.Capability_File) {
obj, err := CreateResource(p.MqlRuntime, "packages", map[string]*llx.RawData{})
obj, err := CreateResource(runtime, "packages", map[string]*llx.RawData{})
if err != nil {
return nil, err
}
Expand All @@ -99,7 +98,7 @@ func (p *mqlAsset) vulnerabilityReport() (interface{}, error) {

// determine the kernel version if possible (just needed for linux at this point)
// therefore we ignore the error because its not important, worst case the user sees to many advisories
objKernel, err := CreateResource(p.MqlRuntime, "kernel", map[string]*llx.RawData{})
objKernel, err := CreateResource(runtime, "kernel", map[string]*llx.RawData{})
if err == nil {
kernelVersion = getKernelVersion(objKernel.(*mqlKernel))
}
Expand All @@ -121,6 +120,15 @@ func (p *mqlAsset) vulnerabilityReport() (interface{}, error) {
return convert.JsonToDict(report)
}

func (p *mqlPlatform) vulnerabilityReport() (interface{}, error) {
return fetchVulnReport(p.MqlRuntime)
}

// fetches the vulnerability report and returns the full report
func (p *mqlAsset) vulnerabilityReport() (interface{}, error) {
return fetchVulnReport(p.MqlRuntime)
}

func getAdvisoryReport(runtime *plugin.Runtime) (*mvd.VulnReport, error) {
obj, err := CreateResource(runtime, "asset", map[string]*llx.RawData{})
if err != nil {
Expand Down

0 comments on commit 93f1686

Please sign in to comment.