Add vulnmgmt to vSphere

Signed-off-by: Christian Zunker <[email protected]>
mondoohq · Dec 4, 2023 · a37a388 · a37a388
1 parent 8b2fecb
commit a37a388
Show file tree

Hide file tree

Showing 6 changed files with 849 additions and 7 deletions.
diff --git a/providers/os/resources/os.lr b/providers/os/resources/os.lr
@@ -62,6 +62,7 @@ platform {
   vulnerabilityReport() dict
 }
 
+// Vulnerability Information
 extend vulnmgmt {
   // List of all CVEs affecting the asset
   cves() []vuln.cve

diff --git a/providers/os/resources/vulnmgmt.go b/providers/os/resources/vulnmgmt.go
@@ -184,12 +184,6 @@ func (v *mqlVulnmgmt) getReport() (*gql.VulnReport, error) {
 }
 
 func (v *mqlVulnmgmt) getIncognitoReport(mondooClient *gql.MondooClient) (*gql.VulnReport, error) {
-	// FIXCME: when we don't have a MRN, we need to:
-	// - creeate asset
-	// - create packages
-	// - get "incognito" vulnReport
-	// - procede as usual
-
 	conn := v.MqlRuntime.Connection.(shared.Connection)
 	platform := conn.Asset().Platform
 

diff --git a/providers/vsphere/resources/vsphere.lr b/providers/vsphere/resources/vsphere.lr
@@ -9,7 +9,8 @@ extend asset {
   // Common Platform Enumeration (CPE) for the asset
   cpes() []core.cpe
   // Advisory & vulnerability report
-  // Will be deprecated; Full advisory & vulnerability report  
+  // Will be deprecated in version 10.0; Full advisory & vulnerability report  
+  // use vulnmgmt instead
   vulnerabilityReport() dict
 }
 
@@ -19,6 +20,72 @@ platform {
   vulnerabilityReport() dict
 }
 
+// Vulnerability Information
+extend vulnmgmt {
+  // List of all CVEs affecting the asset
+  cves() []vuln.cve
+  // List of all Advisories affecting the asset
+  advisories() []vuln.advisory
+  // List of all packages affected by vulnerabilities
+  packages() []vuln.package
+  // Last time the vulnerability information was updated
+  lastAssessment() time
+}
+
+// CVE information
+private vuln.cve @defaults("id") {
+  // CVE ID
+  id string
+  // CVE state
+  state     string
+  // Summary description
+  summary   string
+  // Whether the CVE has a CVSS score
+  unscored  bool
+  // Publication date
+  published   time
+  // Last modification date
+  modified    time
+  // Worst CVSS score of all assigned CVEs
+  worstScore    audit.cvss
+}
+
+// Advisory information
+private vuln.advisory @defaults("id") {
+  // Advisory ID
+  id string  
+  // Title of the advisory
+  title string
+  // Description of the advisory
+  description string
+  // Advisory publication date
+  published   time
+  // Last modification date
+  modified    time
+  // Worst CVSS score of all assigned CVEs
+  worstScore    audit.cvss
+}
+
+// Package information relevant for vulnerability management
+private vuln.package @defaults("name version") {
+  // Package name
+  name string
+  // Package version
+  version string
+  // Available package version
+  available string
+  // Architecture of this package
+  arch string
+}
+
+// Common Vulnerability Scoring System (CVSS) score
+private audit.cvss {
+  // CVSS score ranging from 0.0 to 10.0
+  score   float
+  // CVSS score represented as a vector string
+  vector  string
+}
+
 // VMware vSphere resource
 vsphere {
   // System information including the name, type, version, and build number