Skip to content

Commit

Permalink
feat: add verbose mode for cves for image listing (#2308)
Browse files Browse the repository at this point in the history
Signed-off-by: Vishwas Rajashekar <[email protected]>
  • Loading branch information
vrajashkr authored Mar 12, 2024
1 parent 413514c commit c7472a2
Show file tree
Hide file tree
Showing 4 changed files with 214 additions and 9 deletions.
37 changes: 37 additions & 0 deletions pkg/cli/client/cve_cmd_internal_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,43 @@ func TestSearchCVECmd(t *testing.T) {
So(err, ShouldBeNil)
})

Convey("Test CVE by image name - in text format - in verbose mode", t, func() {
args := []string{"list", "dummyImageName:tag", "--url", baseURL, "--verbose"}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
cveCmd := NewCVECommand(new(mockService))
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
cveCmd.SetErr(buff)
cveCmd.SetArgs(args)
err := cveCmd.Execute()

outputLines := strings.Split(buff.String(), "\n")
expected := []string{
"CRITICAL 0, HIGH 1, MEDIUM 0, LOW 0, UNKNOWN 0, TOTAL 1",
"",
"dummyCVEID",
"Severity: HIGH",
"Title: Title of that CVE",
"Description:",
"Description of the CVE",
"",
"Vulnerable Packages:",
" Package Name: packagename",
" Package Path: ",
" Installed Version: installedver",
" Fixed Version: fixedver",
"",
"",
}

for index, expectedLine := range expected {
So(outputLines[index], ShouldEqual, expectedLine)
}

So(err, ShouldBeNil)
})

Convey("Test CVE by image name - in json format", t, func() {
args := []string{"list", "dummyImageName:tag", "--url", baseURL, "-f", "json"}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
Expand Down
10 changes: 6 additions & 4 deletions pkg/cli/client/search_functions.go
Original file line number Diff line number Diff line change
Expand Up @@ -253,11 +253,13 @@ func SearchCVEForImageGQL(config SearchConfig, image, searchedCveID string) erro

fmt.Fprint(config.ResultWriter, statsStr)

printCVETableHeader(&builder)
fmt.Fprint(config.ResultWriter, builder.String())
if !config.Verbose {
printCVETableHeader(&builder)
fmt.Fprint(config.ResultWriter, builder.String())
}
}

out, err := cveList.string(config.OutputFormat)
out, err := cveList.string(config.OutputFormat, config.Verbose)
if err != nil {
return err
}
Expand Down Expand Up @@ -303,7 +305,7 @@ func SearchCVEDiffList(config SearchConfig, minuend, subtrahend ImageIdentifier)
fmt.Fprint(config.ResultWriter, builder.String())
}

out, err := result.string(config.OutputFormat)
out, err := result.string(config.OutputFormat, config.Verbose)
if err != nil {
return err
}
Expand Down
126 changes: 125 additions & 1 deletion pkg/cli/client/search_functions_internal_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -322,7 +322,7 @@ func TestSearchImagesForDigestGQL(t *testing.T) {
}

func TestSearchCVEForImageGQL(t *testing.T) {
Convey("SearchCVEForImageGQL", t, func() {
Convey("SearchCVEForImageGQL normal mode", t, func() {
buff := bytes.NewBufferString("")
searchConfig := getMockSearchConfig(buff, mockService{
getCveByImageGQLFn: func(ctx context.Context, config SearchConfig, username string, password string,
Expand Down Expand Up @@ -403,6 +403,130 @@ func TestSearchCVEForImageGQL(t *testing.T) {
}
})

Convey("SearchCVEForImageGQL verbose mode", t, func() {
buff := bytes.NewBufferString("")
searchConfig := getMockSearchConfig(buff, mockService{
getCveByImageGQLFn: func(ctx context.Context, config SearchConfig, username string, password string,
imageName string, searchedCVE string) (*cveResult, error,
) {
return &cveResult{
Data: cveData{
CVEListForImage: cveListForImage{
CVEList: []cve{
{
ID: "CVE-100",
Description: "",
Title: "CVE-100 Title",
Severity: "HIGH",
PackageList: []packageList{},
},
{
ID: "CVE-101",
Description: "Desc 101\n",
Title: "CVE-101 Title",
Severity: "HIGH",
PackageList: []packageList{
{
Name: "Pkg1",
FixedVersion: "2.0.0",
InstalledVersion: "1.0.0",
},
},
},
{
ID: "CVE-102",
Description: "Desc 102",
Title: "CVE-102 Title",
Severity: "HIGH",
PackageList: []packageList{
{
Name: "dummy-java",
PackagePath: "/usr/bin/dummy.jar",
FixedVersion: "4.0.0",
InstalledVersion: "3.0.0",
},
{
Name: "dummy-ruby",
PackagePath: "/usr/bin/dummy.gem",
FixedVersion: "5.0.0",
InstalledVersion: "1.0.0",
},
},
},
},
Summary: common.ImageVulnerabilitySummary{
Count: 3,
UnknownCount: 0,
LowCount: 0,
MediumCount: 0,
HighCount: 3,
CriticalCount: 0,
MaxSeverity: "HIGH",
},
},
},
}, nil
},
})

searchConfig.Verbose = true
err := SearchCVEForImageGQL(searchConfig, "repo-test", "dummyCVEID")
So(err, ShouldBeNil)
bufferContent := buff.String()
bufferLines := strings.Split(bufferContent, "\n")

// Expected result - each row indicates a line in the output
expected := []string{
"CRITICAL 0, HIGH 3, MEDIUM 0, LOW 0, UNKNOWN 0, TOTAL 3",
"",
"CVE-100",
"Severity: HIGH",
"Title: CVE-100 Title",
"Description:",
"Not Specified",
"",
"Vulnerable Packages:",
"No Vulnerable Packages",
"",
"",
"CVE-101",
"Severity: HIGH",
"Title: CVE-101 Title",
"Description:",
"Desc 101",
"",
"Vulnerable Packages:",
" Package Name: Pkg1",
" Package Path: ",
" Installed Version: 1.0.0",
" Fixed Version: 2.0.0",
"",
"",
"CVE-102",
"Severity: HIGH",
"Title: CVE-102 Title",
"Description:",
"Desc 102",
"",
"Vulnerable Packages:",
" Package Name: dummy-java",
" Package Path: /usr/bin/dummy.jar",
" Installed Version: 3.0.0",
" Fixed Version: 4.0.0",
"",
" Package Name: dummy-ruby",
" Package Path: /usr/bin/dummy.gem",
" Installed Version: 1.0.0",
" Fixed Version: 5.0.0",
"",
"",
}

for index, expectedLine := range expected {
So(bufferLines[index], ShouldEqual, expectedLine)
}
})

Convey("SearchCVEForImageGQL with injected error", t, func() {
buff := bytes.NewBufferString("")
searchConfig := getMockSearchConfig(buff, mockService{
Expand Down
50 changes: 46 additions & 4 deletions pkg/cli/client/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -817,10 +817,19 @@ type cveData struct {
CVEListForImage cveListForImage `json:"cveListForImage"`
}

func (cve cveResult) string(format string) (string, error) {
func (cve cveResult) string(format string, verbose bool) (string, error) {
switch strings.ToLower(format) {
case "", defaultOutputFormat:
return cve.stringPlainText()
{
var out string
if verbose {
out = cve.stringPlainTextDetailed()
} else {
out = cve.stringPlainText()
}

return out, nil
}
case jsonFormat:
return cve.stringJSON()
case ymlFormat, yamlFormat:
Expand All @@ -830,7 +839,40 @@ func (cve cveResult) string(format string) (string, error) {
}
}

func (cve cveResult) stringPlainText() (string, error) {
func (cve cveResult) stringPlainTextDetailed() string {
var builder strings.Builder

for _, cveListItem := range cve.Data.CVEListForImage.CVEList {
cveDesc := strings.TrimSpace(cveListItem.Description)
if len(cveDesc) == 0 {
cveDesc = "Not Specified"
}
cveMetaData := fmt.Sprintf(
"%s\nSeverity: %s\nTitle: %s\nDescription:\n%s\n\n",
cveListItem.ID, cveListItem.Severity, cveListItem.Title, cveDesc,
)
fmt.Fprint(&builder, cveMetaData)
fmt.Fprint(&builder, "Vulnerable Packages:\n")

for _, pkg := range cveListItem.PackageList {
pkgMetaData := fmt.Sprintf(
" Package Name: %s\n Package Path: %s\n Installed Version: %s\n Fixed Version: %s\n\n",
pkg.Name, pkg.PackagePath, pkg.InstalledVersion, pkg.FixedVersion,
)
fmt.Fprint(&builder, pkgMetaData)
}

if len(cveListItem.PackageList) == 0 {
fmt.Fprintf(&builder, "No Vulnerable Packages\n\n")
}

fmt.Fprint(&builder, "\n")
}

return builder.String()
}

func (cve cveResult) stringPlainText() string {
var builder strings.Builder

table := getCVETableWriter(&builder)
Expand All @@ -849,7 +891,7 @@ func (cve cveResult) stringPlainText() (string, error) {

table.Render()

return builder.String(), nil
return builder.String()
}

func (cve cveResult) stringJSON() (string, error) {
Expand Down

0 comments on commit c7472a2

Please sign in to comment.