From f4387f58e3262aa6671311a46fa653141bf127ce Mon Sep 17 00:00:00 2001 From: Christian Zunker Date: Thu, 30 Nov 2023 09:31:03 +0100 Subject: [PATCH] Only one API call Signed-off-by: Christian Zunker --- .github/actions/spelling/expect.txt | 2 +- .vscode/launch.json | 5 +- providers-sdk/v1/upstream/gql/vulnmgmt_gql.go | 3 - providers/os/resources/os.lr | 1 - providers/os/resources/vulnmgmt.go | 77 ++++++++++++------- 5 files changed, 51 insertions(+), 37 deletions(-) diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index cf2f3c995c..904080aca0 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -65,4 +65,4 @@ vdcs Vtpm vulnerabilityassessmentsettings wil -vulnmgmt \ No newline at end of file +vulnmgmt diff --git a/.vscode/launch.json b/.vscode/launch.json index c591d8be22..3f02d20160 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -44,10 +44,9 @@ "cwd": "${workspaceRoot}/", "args": [ "run", + // "local", "-c", - "vulnmgmt.advisories", - "--config", - "/home/christian/demo.agent.credentials.json" + "asset.eol" ], }, { diff --git a/providers-sdk/v1/upstream/gql/vulnmgmt_gql.go b/providers-sdk/v1/upstream/gql/vulnmgmt_gql.go index 97bb4c79a2..635fe14861 100644 --- a/providers-sdk/v1/upstream/gql/vulnmgmt_gql.go +++ b/providers-sdk/v1/upstream/gql/vulnmgmt_gql.go @@ -1,4 +1,3 @@ -// FIXME: ??? should this file move to the resources inside the provider ??? package gql import ( @@ -7,8 +6,6 @@ import ( mondoogql "go.mondoo.com/mondoo-go" ) -// FIXME: move these to the provider - // LastAssessment fetches the las update time of the packages query // This is also the lst time the vuln report was updated func (c *MondooClient) LastAssessment(mrn string) (string, error) { diff --git a/providers/os/resources/os.lr b/providers/os/resources/os.lr index 13a86da510..0422828dd7 100644 --- a/providers/os/resources/os.lr +++ b/providers/os/resources/os.lr @@ -63,7 +63,6 @@ platform { } extend vulnmgmt { - // TODO: fill all the fields at once, see os stdout, stderr example // List of all CVEs affecting the asset cves() []vuln.cve // List of all Advisories affecting the asset diff --git a/providers/os/resources/vulnmgmt.go b/providers/os/resources/vulnmgmt.go index 2a1a1a2bbe..25c2ab72c1 100644 --- a/providers/os/resources/vulnmgmt.go +++ b/providers/os/resources/vulnmgmt.go @@ -9,6 +9,7 @@ import ( "github.com/rs/zerolog/log" "go.mondoo.com/cnquery/v9/llx" + "go.mondoo.com/cnquery/v9/providers-sdk/v1/plugin" "go.mondoo.com/cnquery/v9/providers-sdk/v1/resources" "go.mondoo.com/cnquery/v9/providers-sdk/v1/upstream/gql" "go.mondoo.com/cnquery/v9/providers/os/connection/shared" @@ -55,53 +56,67 @@ func (v *mqlVulnmgmt) lastAssessment() (*time.Time, error) { } func (v *mqlVulnmgmt) cves() ([]interface{}, error) { - vulnReport, err := v.getReport() - if err != nil { - return nil, err - } + return nil, v.populateData() +} - mqlVulnCves := make([]interface{}, len(vulnReport.Cves)) - for i, c := range vulnReport.Cves { - mqlVulnCve, err := CreateResource(v.MqlRuntime, "vuln.cve", map[string]*llx.RawData{ - "id": llx.StringData(c.Id), - "cvss": llx.IntData(int64(c.CvssScore.Value)), - "cvssVector": llx.StringData(c.CvssScore.Vector), - }) - if err != nil { - return nil, err - } - mqlVulnCves[i] = mqlVulnCve - } +func (v *mqlVulnmgmt) advisories() ([]interface{}, error) { + return nil, v.populateData() +} - return mqlVulnCves, nil +func (v *mqlVulnmgmt) packages() ([]interface{}, error) { + return nil, v.populateData() } -func (v *mqlVulnmgmt) advisories() ([]interface{}, error) { +func (v *mqlVulnmgmt) populateData() error { vulnReport, err := v.getReport() if err != nil { - return nil, err + return err } mqlVulAdvisories := make([]interface{}, len(vulnReport.Advisories)) for i, a := range vulnReport.Advisories { + parsedPublished, err := time.Parse(time.RFC3339, a.PublishedAt) + if err != nil { + return err + } + parsedModifed, err := time.Parse(time.RFC3339, a.ModifiedAt) + if err != nil { + return err + } mqlVulnAdvisory, err := CreateResource(v.MqlRuntime, "vuln.advisory", map[string]*llx.RawData{ "id": llx.StringData(a.Id), "title": llx.StringData(a.Title), "description": llx.StringData(a.Description), + "published": llx.TimeData(parsedPublished), + "modified": llx.TimeData(parsedModifed), + "worstScore": llx.IntData(int64(a.CvssScore.Value)), }) if err != nil { - return nil, err + return err } mqlVulAdvisories[i] = mqlVulnAdvisory } - return mqlVulAdvisories, nil -} - -func (v *mqlVulnmgmt) packages() ([]interface{}, error) { - vulnReport, err := v.getReport() - if err != nil { - return nil, err + mqlVulnCves := make([]interface{}, len(vulnReport.Cves)) + for i, c := range vulnReport.Cves { + parsedPublished, err := time.Parse(time.RFC3339, c.PublishedAt) + if err != nil { + return err + } + parsedModifed, err := time.Parse(time.RFC3339, c.ModifiedAt) + if err != nil { + return err + } + mqlVulnCve, err := CreateResource(v.MqlRuntime, "vuln.cve", map[string]*llx.RawData{ + "id": llx.StringData(c.Id), + "worstScore": llx.IntData(int64(c.CvssScore.Value)), + "published": llx.TimeData(parsedPublished), + "modified": llx.TimeData(parsedModifed), + }) + if err != nil { + return err + } + mqlVulnCves[i] = mqlVulnCve } mqlVulnPackages := make([]interface{}, len(vulnReport.Packages)) @@ -113,12 +128,16 @@ func (v *mqlVulnmgmt) packages() ([]interface{}, error) { "arch": llx.StringData(p.Arch), }) if err != nil { - return nil, err + return err } mqlVulnPackages[i] = mqlVulnPackage } - return mqlVulnPackages, nil + v.Advisories = plugin.TValue[[]interface{}]{Data: mqlVulAdvisories, State: plugin.StateIsSet} + v.Cves = plugin.TValue[[]interface{}]{Data: mqlVulnCves, State: plugin.StateIsSet} + v.Packages = plugin.TValue[[]interface{}]{Data: mqlVulnPackages, State: plugin.StateIsSet} + + return nil } func (v *mqlVulnmgmt) getReport() (*gql.VulnReport, error) {