Skip to content

Commit e0f2054

Browse files
gshanbhag525gshanbhag525
authoredNov 21, 2024··
feat: add cvss v4 score and vector in scan response (#7968)
·
v0.60.0v0.58.0
1 parent de523ff commit e0f2054

File tree

4 files changed

+185
-143
lines changed

4 files changed

+185
-143
lines changed
 

‎pkg/rpc/convert.go

+18-14
Original file line numberDiff line numberDiff line change
@@ -276,15 +276,17 @@ func ConvertToRPCVulns(vulns []types.DetectedVulnerability) []*common.Vulnerabil
276276
cvssMap := make(map[string]*common.CVSS) // This is needed because protobuf generates a map[string]*CVSS type
277277
for vendor, vendorSeverity := range vuln.CVSS {
278278
cvssMap[string(vendor)] = &common.CVSS{
279-
V2Vector: vendorSeverity.V2Vector,
280-
V3Vector: vendorSeverity.V3Vector,
281-
V2Score: vendorSeverity.V2Score,
282-
V3Score: vendorSeverity.V3Score,
279+
V2Vector: vendorSeverity.V2Vector,
280+
V3Vector: vendorSeverity.V3Vector,
281+
V40Vector: vendorSeverity.V40Vector,
282+
V2Score: vendorSeverity.V2Score,
283+
V3Score: vendorSeverity.V3Score,
284+
V40Score: vendorSeverity.V40Score,
283285
}
284286
}
285-
vensorSeverityMap := make(map[string]common.Severity)
287+
vendorSeverityMap := make(map[string]common.Severity)
286288
for vendor, vendorSeverity := range vuln.VendorSeverity {
287-
vensorSeverityMap[string(vendor)] = common.Severity(vendorSeverity)
289+
vendorSeverityMap[string(vendor)] = common.Severity(vendorSeverity)
288290
}
289291

290292
var lastModifiedDate, publishedDate *timestamppb.Timestamp
@@ -317,7 +319,7 @@ func ConvertToRPCVulns(vulns []types.DetectedVulnerability) []*common.Vulnerabil
317319
Title: vuln.Title,
318320
Description: vuln.Description,
319321
Severity: common.Severity(severity),
320-
VendorSeverity: vensorSeverityMap,
322+
VendorSeverity: vendorSeverityMap,
321323
References: vuln.References,
322324
Layer: ConvertToRPCLayer(vuln.Layer),
323325
Cvss: cvssMap,
@@ -571,15 +573,17 @@ func ConvertFromRPCVulns(rpcVulns []*common.Vulnerability) []types.DetectedVulne
571573
cvssMap := make(dbTypes.VendorCVSS) // This is needed because protobuf generates a map[string]*CVSS type
572574
for vendor, vendorSeverity := range vuln.Cvss {
573575
cvssMap[dbTypes.SourceID(vendor)] = dbTypes.CVSS{
574-
V2Vector: vendorSeverity.V2Vector,
575-
V3Vector: vendorSeverity.V3Vector,
576-
V2Score: vendorSeverity.V2Score,
577-
V3Score: vendorSeverity.V3Score,
576+
V2Vector: vendorSeverity.V2Vector,
577+
V3Vector: vendorSeverity.V3Vector,
578+
V40Vector: vendorSeverity.V40Vector,
579+
V2Score: vendorSeverity.V2Score,
580+
V3Score: vendorSeverity.V3Score,
581+
V40Score: vendorSeverity.V40Score,
578582
}
579583
}
580-
vensorSeverityMap := make(dbTypes.VendorSeverity)
584+
vendorSeverityMap := make(dbTypes.VendorSeverity)
581585
for vendor, vendorSeverity := range vuln.VendorSeverity {
582-
vensorSeverityMap[dbTypes.SourceID(vendor)] = dbTypes.Severity(vendorSeverity)
586+
vendorSeverityMap[dbTypes.SourceID(vendor)] = dbTypes.Severity(vendorSeverity)
583587
}
584588

585589
var lastModifiedDate, publishedDate *time.Time
@@ -610,7 +614,7 @@ func ConvertFromRPCVulns(rpcVulns []*common.Vulnerability) []types.DetectedVulne
610614
LastModifiedDate: lastModifiedDate,
611615
PublishedDate: publishedDate,
612616
Custom: vuln.CustomVulnData.AsInterface(),
613-
VendorSeverity: vensorSeverityMap,
617+
VendorSeverity: vendorSeverityMap,
614618
},
615619
Layer: ConvertFromRPCLayer(vuln.Layer),
616620
SeveritySource: dbTypes.SourceID(vuln.SeveritySource),

‎pkg/rpc/convert_test.go

+16
Original file line numberDiff line numberDiff line change
@@ -299,6 +299,14 @@ func TestConvertToRpcVulns(t *testing.T) {
299299
V2Score: 7.2,
300300
V3Score: 7.8,
301301
},
302+
vulnerability.NVD: {
303+
V2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
304+
V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
305+
V40Vector: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/U:Green",
306+
V2Score: 7.2,
307+
V3Score: 7.8,
308+
V40Score: 8.7,
309+
},
302310
},
303311
References: []string{"http://example.com"},
304312
PublishedDate: &fixedPublishedDate,
@@ -335,6 +343,14 @@ func TestConvertToRpcVulns(t *testing.T) {
335343
V2Score: 7.2,
336344
V3Score: 7.8,
337345
},
346+
"nvd": {
347+
V2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
348+
V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
349+
V40Vector: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/U:Green",
350+
V2Score: 7.2,
351+
V3Score: 7.8,
352+
V40Score: 8.7,
353+
},
338354
},
339355
References: []string{"http://example.com"},
340356
Layer: &common.Layer{

‎rpc/common/service.pb.go

+149-129
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎rpc/common/service.proto

+2
Original file line numberDiff line numberDiff line change
@@ -177,6 +177,8 @@ message CVSS {
177177
string v3_vector = 2;
178178
double v2_score = 3;
179179
double v3_score = 4;
180+
string v40_vector = 5;
181+
double v40_score = 6;
180182
}
181183

182184
message CustomResource {

0 commit comments

Comments
 (0)
Please sign in to comment.