Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ New vulnmgmt resources #2654

Merged
merged 16 commits into from
Dec 11, 2023
Merged

✨ New vulnmgmt resources #2654

merged 16 commits into from
Dec 11, 2023

Conversation

czunker
Copy link
Contributor

@czunker czunker commented Nov 27, 2023

This moves the vuln scanning server-side and adds new resources.

E.g.:

cnspec> vulnmgmt.advisories
vulnmgmt.advisories: [
  0: vuln.advisory id="USN-5181-1"
  1: vuln.advisory id="USN-5181-1"
  2: vuln.advisory id="USN-5181-1"
  3: vuln.advisory id="USN-5181-1"
]

@czunker
Copy link
Contributor Author

czunker commented Nov 27, 2023

This requires mondoohq/mondoo-go#10

@czunker czunker force-pushed the christian/gql_vulns branch from 64afd6a to 7e2abf6 Compare November 27, 2023 13:14

This comment has been minimized.

@czunker czunker force-pushed the christian/gql_vulns branch from 7e2abf6 to 31170b9 Compare November 27, 2023 16:08

This comment has been minimized.

@@ -0,0 +1,208 @@
package gql
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The GQL queries are in core cnquery, because I assume we need to use them in different providers. Currently it is only os, but vsphere will follow and perhaps more.

@czunker czunker force-pushed the christian/gql_vulns branch from f4387f5 to 77491b1 Compare November 30, 2023 13:36
@czunker czunker marked this pull request as ready for review November 30, 2023 13:50
@czunker czunker force-pushed the christian/gql_vulns branch from 4049cd3 to c6a7a55 Compare December 5, 2023 11:01
@czunker czunker requested a review from imilchev December 5, 2023 12:18
@czunker czunker force-pushed the christian/gql_vulns branch from c6a7a55 to 9fa7001 Compare December 8, 2023 10:02
}

// get new gql client
mondooClient, err := gql.NewClient(mcc.UpstreamConfig, mcc.HttpClient)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you are creating a new GQL client in multiple functions. Isn't it better to make the GQL client part of the connection or part of the mqlVulnmgmt instead?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice idea.
I added it to a cache, so we can re-use it, but do not need to create it upfront.

}

func (v *mqlVulnmgmt) stats() (*mqlAuditCvss, error) {
return nil, v.populateData()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't that return also the actual value?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not needed. That's some MQL black magic: https://github.com/mondoohq/cnquery/blob/main/providers/os/resources/command.go#L58

But a comment might also be helpful here. I added it.

providers/os/resources/vulnmgmt.go Outdated Show resolved Hide resolved
providers/vsphere/resources/vsphere.lr Outdated Show resolved Hide resolved
@czunker czunker force-pushed the christian/gql_vulns branch 2 times, most recently from 3a70b52 to ee06411 Compare December 11, 2023 12:45
czunker and others added 14 commits December 11, 2023 13:55
Signed-off-by: Christian Zunker <[email protected]>
Signed-off-by: Christian Zunker <[email protected]>
Signed-off-by: Christian Zunker <[email protected]>
Signed-off-by: Christian Zunker <[email protected]>
Signed-off-by: Christian Zunker <[email protected]>
Signed-off-by: Christian Zunker <[email protected]>
Signed-off-by: Christian Zunker <[email protected]>
Signed-off-by: Christian Zunker <[email protected]>
Signed-off-by: Christian Zunker <[email protected]>
Signed-off-by: Christian Zunker <[email protected]>
Signed-off-by: Christian Zunker <[email protected]>
Signed-off-by: Christian Zunker <[email protected]>
@czunker czunker force-pushed the christian/gql_vulns branch from ee06411 to 7a0e9f7 Compare December 11, 2023 12:56
@czunker czunker merged commit a8c6437 into main Dec 11, 2023
11 checks passed
@czunker czunker deleted the christian/gql_vulns branch December 11, 2023 13:08
@github-actions github-actions bot locked and limited conversation to collaborators Dec 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants