Bugfixes vSphere and added stats to vulnmgmt

Signed-off-by: Christian Zunker <[email protected]>
mondoohq · Dec 5, 2023 · c6a7a55 · c6a7a55
1 parent 41292c2
commit c6a7a55
Show file tree

Hide file tree

Showing 12 changed files with 105 additions and 74 deletions.
diff --git a/providers/core/resources/core.lr b/providers/core/resources/core.lr
@@ -58,9 +58,6 @@ asset.eol @defaults("date") {
   date time
 }
 
-// Vulnerability Information
-vulnmgmt {}
-
 // Date and time functions
 time {
   // The current time on the local system

diff --git a/providers/core/resources/core.lr.go b/providers/core/resources/core.lr.go
diff --git a/providers/core/resources/core.resources.json b/providers/core/resources/core.resources.json
diff --git a/providers/os/resources/asset_vuln.go b/providers/os/resources/asset_vuln.go
@@ -5,14 +5,15 @@ package resources
 
 import (
 	"context"
+	"errors"
 	"time"
 
-	"github.com/mitchellh/mapstructure"
 	"github.com/rs/zerolog/log"
 	"go.mondoo.com/cnquery/v9/llx"
 	"go.mondoo.com/cnquery/v9/logger"
 	"go.mondoo.com/cnquery/v9/providers-sdk/v1/plugin"
 	"go.mondoo.com/cnquery/v9/providers-sdk/v1/resources"
+	"go.mondoo.com/cnquery/v9/providers-sdk/v1/upstream/gql"
 	"go.mondoo.com/cnquery/v9/providers-sdk/v1/upstream/mvd"
 	"go.mondoo.com/cnquery/v9/providers-sdk/v1/upstream/mvd/cvss"
 	"go.mondoo.com/cnquery/v9/providers-sdk/v1/util/convert"
@@ -115,31 +116,30 @@ func (p *mqlAsset) vulnerabilityReport() (interface{}, error) {
 }
 
 func getAdvisoryReport(runtime *plugin.Runtime) (*mvd.VulnReport, error) {
-	obj, err := CreateResource(runtime, "asset", map[string]*llx.RawData{})
-	if err != nil {
-		return nil, err
+	mcc := runtime.Upstream
+	if mcc == nil || mcc.ApiEndpoint == "" {
+		return nil, resources.MissingUpstreamError{}
 	}
-	asset := obj.(*mqlAsset)
 
-	r := asset.GetVulnerabilityReport()
-	if r.Error != nil {
-		return nil, r.Error
+	// get new gql client
+	mondooClient, err := gql.NewClient(mcc.UpstreamConfig, mcc.HttpClient)
+	if err != nil {
+		return nil, err
 	}
-	rawReport := r.Data
 
-	var vulnReport mvd.VulnReport
-	cfg := &mapstructure.DecoderConfig{
-		Metadata: nil,
-		Result:   &vulnReport,
-		TagName:  "json",
-	}
-	decoder, _ := mapstructure.NewDecoder(cfg)
-	err = decoder.Decode(rawReport)
+	gqlVulnReport, err := mondooClient.GetVulnCompactReport(runtime.Upstream.AssetMrn)
 	if err != nil {
 		return nil, err
 	}
 
-	return &vulnReport, nil
+	log.Debug().Interface("gqlReport", gqlVulnReport).Msg("search for asset vuln report")
+	if gqlVulnReport == nil {
+		return nil, errors.New("no vulnerability report available")
+	}
+
+	vulnReport := gql.ConvertToMvdVulnReport(gqlVulnReport)
+
+	return vulnReport, nil
 }
 
 func (a *mqlPlatformAdvisories) id() (string, error) {

diff --git a/providers/os/resources/os.lr b/providers/os/resources/os.lr
@@ -63,7 +63,7 @@ platform {
 }
 
 // Vulnerability Information
-extend vulnmgmt {
+vulnmgmt {
   // List of all CVEs affecting the asset
   cves() []vuln.cve
   // List of all Advisories affecting the asset
@@ -72,6 +72,8 @@ extend vulnmgmt {
   packages() []vuln.package
   // Last time the vulnerability information was updated
   lastAssessment() time
+  // Statistics about the vulnerabilities
+  stats() audit.cvss
 }
 
 // CVE information

diff --git a/providers/os/resources/os.lr.go b/providers/os/resources/os.lr.go
diff --git a/providers/os/resources/os.lr.manifest.yaml b/providers/os/resources/os.lr.manifest.yaml
@@ -925,6 +925,7 @@ resources:
       cves: {}
       lastAssessment: {}
       packages: {}
+      stats: {}
     min_mondoo_version: latest
   windows:
     fields:

diff --git a/providers/os/resources/vulnmgmt.go b/providers/os/resources/vulnmgmt.go
@@ -67,6 +67,10 @@ func (v *mqlVulnmgmt) packages() ([]interface{}, error) {
 	return nil, v.populateData()
 }
 
+func (v *mqlVulnmgmt) stats() (*mqlAuditCvss, error) {
+	return nil, v.populateData()
+}
+
 func (v *mqlVulnmgmt) populateData() error {
 	vulnReport, err := v.getReport()
 	if err != nil {
@@ -147,9 +151,19 @@ func (v *mqlVulnmgmt) populateData() error {
 		mqlVulnPackages[i] = mqlVulnPackage
 	}
 
+	res, err := CreateResource(v.MqlRuntime, "audit.cvss", map[string]*llx.RawData{
+		"score":  llx.FloatData(float64(vulnReport.Stats.Score.Value) / 10),
+		"vector": llx.StringData(vulnReport.Stats.Score.Vector),
+	})
+	if err != nil {
+		return err
+	}
+	statsCvssScore := res.(*mqlAuditCvss)
+
 	v.Advisories = plugin.TValue[[]interface{}]{Data: mqlVulAdvisories, State: plugin.StateIsSet}
 	v.Cves = plugin.TValue[[]interface{}]{Data: mqlVulnCves, State: plugin.StateIsSet}
 	v.Packages = plugin.TValue[[]interface{}]{Data: mqlVulnPackages, State: plugin.StateIsSet}
+	v.Stats = plugin.TValue[*mqlAuditCvss]{Data: statsCvssScore, State: plugin.StateIsSet}
 
 	return nil
 }

diff --git a/providers/vsphere/resources/vsphere.lr b/providers/vsphere/resources/vsphere.lr
@@ -21,7 +21,7 @@ platform {
 }
 
 // Vulnerability Information
-extend vulnmgmt {
+vulnmgmt {
   // List of all CVEs affecting the asset
   cves() []vuln.cve
   // List of all Advisories affecting the asset
@@ -30,6 +30,8 @@ extend vulnmgmt {
   packages() []vuln.package
   // Last time the vulnerability information was updated
   lastAssessment() time
+  // Statistics about the vulnerabilities
+  stats() audit.cvss
 }
 
 // CVE information

diff --git a/providers/vsphere/resources/vsphere.lr.go b/providers/vsphere/resources/vsphere.lr.go
diff --git a/providers/vsphere/resources/vsphere.lr.manifest.yaml b/providers/vsphere/resources/vsphere.lr.manifest.yaml
@@ -331,4 +331,5 @@ resources:
       cves: {}
       lastAssessment: {}
       packages: {}
+      stats: {}
     min_mondoo_version: latest
diff --git a/providers/vsphere/resources/vulnmgmt.go b/providers/vsphere/resources/vulnmgmt.go
@@ -12,7 +12,7 @@ import (
 	"go.mondoo.com/cnquery/v9/providers-sdk/v1/plugin"
 	"go.mondoo.com/cnquery/v9/providers-sdk/v1/resources"
 	"go.mondoo.com/cnquery/v9/providers-sdk/v1/upstream/gql"
-	"go.mondoo.com/cnquery/v9/providers/os/connection/shared"
+	"go.mondoo.com/cnquery/v9/providers/vsphere/connection"
 	mondoogql "go.mondoo.com/mondoo-go"
 )
 
@@ -67,6 +67,10 @@ func (v *mqlVulnmgmt) packages() ([]interface{}, error) {
 	return nil, v.populateData()
 }
 
+func (v *mqlVulnmgmt) stats() (*mqlAuditCvss, error) {
+	return nil, v.populateData()
+}
+
 func (v *mqlVulnmgmt) populateData() error {
 	vulnReport, err := v.getReport()
 	if err != nil {
@@ -133,8 +137,18 @@ func (v *mqlVulnmgmt) populateData() error {
 		mqlVulnCves[i] = mqlVulnCve
 	}
 
+	res, err := CreateResource(v.MqlRuntime, "audit.cvss", map[string]*llx.RawData{
+		"score":  llx.FloatData(float64(vulnReport.Stats.Score.Value) / 10),
+		"vector": llx.StringData(vulnReport.Stats.Score.Vector),
+	})
+	if err != nil {
+		return err
+	}
+	statsCvssScore := res.(*mqlAuditCvss)
+
 	v.Advisories = plugin.TValue[[]interface{}]{Data: mqlVulAdvisories, State: plugin.StateIsSet}
 	v.Cves = plugin.TValue[[]interface{}]{Data: mqlVulnCves, State: plugin.StateIsSet}
+	v.Stats = plugin.TValue[*mqlAuditCvss]{Data: statsCvssScore, State: plugin.StateIsSet}
 
 	return nil
 }
@@ -169,8 +183,7 @@ func (v *mqlVulnmgmt) getReport() (*gql.VulnReport, error) {
 }
 
 func (v *mqlVulnmgmt) getIncognitoReport(mondooClient *gql.MondooClient) (*gql.VulnReport, error) {
-	// FIXME: wrong connection
-	conn := v.MqlRuntime.Connection.(shared.Connection)
+	conn := v.MqlRuntime.Connection.(*connection.VsphereConnection)
 	platform := conn.Asset().Platform
 
 	gqlVulnReport, err := mondooClient.GetIncognitoVulnReport(mondoogql.PlatformInput{