Only one API call

Signed-off-by: Christian Zunker <[email protected]>
mondoohq · Nov 30, 2023 · f4387f5 · f4387f5
1 parent 6a0a7d8
commit f4387f5
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 37 deletions.
diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt
@@ -65,4 +65,4 @@ vdcs
 Vtpm
 vulnerabilityassessmentsettings
 wil
-vulnmgmt
+vulnmgmt
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -44,10 +44,9 @@
       "cwd": "${workspaceRoot}/",
       "args": [
         "run",
+        // "local",
         "-c",
-        "vulnmgmt.advisories",
-        "--config",
-        "/home/christian/demo.agent.credentials.json"
+        "asset.eol"
       ],
     },
     {

diff --git a/providers-sdk/v1/upstream/gql/vulnmgmt_gql.go b/providers-sdk/v1/upstream/gql/vulnmgmt_gql.go
@@ -1,4 +1,3 @@
-// FIXME: ??? should this file move to the resources inside the provider ???
 package gql
 
 import (
@@ -7,8 +6,6 @@ import (
 	mondoogql "go.mondoo.com/mondoo-go"
 )
 
-// FIXME: move these to the provider
-
 // LastAssessment fetches the las update time of the packages query
 // This is also the lst time the vuln report was updated
 func (c *MondooClient) LastAssessment(mrn string) (string, error) {

diff --git a/providers/os/resources/os.lr b/providers/os/resources/os.lr
@@ -63,7 +63,6 @@ platform {
 }
 
 extend vulnmgmt {
-  // TODO: fill all the fields at once, see os stdout, stderr example
   // List of all CVEs affecting the asset
   cves() []vuln.cve
   // List of all Advisories affecting the asset

diff --git a/providers/os/resources/vulnmgmt.go b/providers/os/resources/vulnmgmt.go
@@ -9,6 +9,7 @@ import (
 
 	"github.com/rs/zerolog/log"
 	"go.mondoo.com/cnquery/v9/llx"
+	"go.mondoo.com/cnquery/v9/providers-sdk/v1/plugin"
 	"go.mondoo.com/cnquery/v9/providers-sdk/v1/resources"
 	"go.mondoo.com/cnquery/v9/providers-sdk/v1/upstream/gql"
 	"go.mondoo.com/cnquery/v9/providers/os/connection/shared"
@@ -55,53 +56,67 @@ func (v *mqlVulnmgmt) lastAssessment() (*time.Time, error) {
 }
 
 func (v *mqlVulnmgmt) cves() ([]interface{}, error) {
-	vulnReport, err := v.getReport()
-	if err != nil {
-		return nil, err
-	}
+	return nil, v.populateData()
+}
 
-	mqlVulnCves := make([]interface{}, len(vulnReport.Cves))
-	for i, c := range vulnReport.Cves {
-		mqlVulnCve, err := CreateResource(v.MqlRuntime, "vuln.cve", map[string]*llx.RawData{
-			"id":         llx.StringData(c.Id),
-			"cvss":       llx.IntData(int64(c.CvssScore.Value)),
-			"cvssVector": llx.StringData(c.CvssScore.Vector),
-		})
-		if err != nil {
-			return nil, err
-		}
-		mqlVulnCves[i] = mqlVulnCve
-	}
+func (v *mqlVulnmgmt) advisories() ([]interface{}, error) {
+	return nil, v.populateData()
+}
 
-	return mqlVulnCves, nil
+func (v *mqlVulnmgmt) packages() ([]interface{}, error) {
+	return nil, v.populateData()
 }
 
-func (v *mqlVulnmgmt) advisories() ([]interface{}, error) {
+func (v *mqlVulnmgmt) populateData() error {
 	vulnReport, err := v.getReport()
 	if err != nil {
-		return nil, err
+		return err
 	}
 
 	mqlVulAdvisories := make([]interface{}, len(vulnReport.Advisories))
 	for i, a := range vulnReport.Advisories {
+		parsedPublished, err := time.Parse(time.RFC3339, a.PublishedAt)
+		if err != nil {
+			return err
+		}
+		parsedModifed, err := time.Parse(time.RFC3339, a.ModifiedAt)
+		if err != nil {
+			return err
+		}
 		mqlVulnAdvisory, err := CreateResource(v.MqlRuntime, "vuln.advisory", map[string]*llx.RawData{
 			"id":          llx.StringData(a.Id),
 			"title":       llx.StringData(a.Title),
 			"description": llx.StringData(a.Description),
+			"published":   llx.TimeData(parsedPublished),
+			"modified":    llx.TimeData(parsedModifed),
+			"worstScore":  llx.IntData(int64(a.CvssScore.Value)),
 		})
 		if err != nil {
-			return nil, err
+			return err
 		}
 		mqlVulAdvisories[i] = mqlVulnAdvisory
 	}
 
-	return mqlVulAdvisories, nil
-}
-
-func (v *mqlVulnmgmt) packages() ([]interface{}, error) {
-	vulnReport, err := v.getReport()
-	if err != nil {
-		return nil, err
+	mqlVulnCves := make([]interface{}, len(vulnReport.Cves))
+	for i, c := range vulnReport.Cves {
+		parsedPublished, err := time.Parse(time.RFC3339, c.PublishedAt)
+		if err != nil {
+			return err
+		}
+		parsedModifed, err := time.Parse(time.RFC3339, c.ModifiedAt)
+		if err != nil {
+			return err
+		}
+		mqlVulnCve, err := CreateResource(v.MqlRuntime, "vuln.cve", map[string]*llx.RawData{
+			"id":         llx.StringData(c.Id),
+			"worstScore": llx.IntData(int64(c.CvssScore.Value)),
+			"published":  llx.TimeData(parsedPublished),
+			"modified":   llx.TimeData(parsedModifed),
+		})
+		if err != nil {
+			return err
+		}
+		mqlVulnCves[i] = mqlVulnCve
 	}
 
 	mqlVulnPackages := make([]interface{}, len(vulnReport.Packages))
@@ -113,12 +128,16 @@ func (v *mqlVulnmgmt) packages() ([]interface{}, error) {
 			"arch":      llx.StringData(p.Arch),
 		})
 		if err != nil {
-			return nil, err
+			return err
 		}
 		mqlVulnPackages[i] = mqlVulnPackage
 	}
 
-	return mqlVulnPackages, nil
+	v.Advisories = plugin.TValue[[]interface{}]{Data: mqlVulAdvisories, State: plugin.StateIsSet}
+	v.Cves = plugin.TValue[[]interface{}]{Data: mqlVulnCves, State: plugin.StateIsSet}
+	v.Packages = plugin.TValue[[]interface{}]{Data: mqlVulnPackages, State: plugin.StateIsSet}
+
+	return nil
 }
 
 func (v *mqlVulnmgmt) getReport() (*gql.VulnReport, error) {