github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/compliance/spec/mapper.go

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/compliance/spec/mapper.go (about)

     1  package spec
     2  
     3  import (
     4  	"golang.org/x/exp/slices"
     5  
     6  	"github.com/devseccon/trivy/pkg/types"
     7  )
     8  
     9  // MapSpecCheckIDToFilteredResults map spec check id to filtered scan results
    10  func MapSpecCheckIDToFilteredResults(result types.Result, checkIDs map[types.Scanner][]string) map[string]types.Results {
    11  	mapCheckByID := make(map[string]types.Results)
    12  	for _, vuln := range result.Vulnerabilities {
    13  		// Skip irrelevant check IDs
    14  		if !slices.Contains(checkIDs[types.VulnerabilityScanner], vuln.GetID()) {
    15  			continue
    16  		}
    17  		mapCheckByID[vuln.GetID()] = append(mapCheckByID[vuln.GetID()], types.Result{
    18  			Target:          result.Target,
    19  			Class:           result.Class,
    20  			Type:            result.Type,
    21  			Vulnerabilities: []types.DetectedVulnerability{vuln},
    22  		})
    23  	}
    24  	for _, m := range result.Misconfigurations {
    25  		// Skip irrelevant check IDs
    26  		if !slices.Contains(checkIDs[types.MisconfigScanner], m.GetID()) {
    27  			continue
    28  		}
    29  
    30  		mapCheckByID[m.GetID()] = append(mapCheckByID[m.GetID()], types.Result{
    31  			Target:            result.Target,
    32  			Class:             result.Class,
    33  			Type:              result.Type,
    34  			MisconfSummary:    misconfigSummary(m),
    35  			Misconfigurations: []types.DetectedMisconfiguration{m},
    36  		})
    37  	}
    38  
    39  	// Evaluate custom IDs
    40  	mapCustomIDsToFilteredResults(result, checkIDs, mapCheckByID)
    41  
    42  	return mapCheckByID
    43  }
    44  
    45  func misconfigSummary(misconfig types.DetectedMisconfiguration) *types.MisconfSummary {
    46  	rms := types.MisconfSummary{}
    47  	switch misconfig.Status {
    48  	case types.StatusPassed:
    49  		rms.Successes = 1
    50  	case types.StatusFailure:
    51  		rms.Failures = 1
    52  	case types.StatusException:
    53  		rms.Exceptions = 1
    54  	}
    55  	return &rms
    56  }
    57  
    58  // AggregateAllChecksBySpecID aggregates all scan results and map it to spec ids
    59  func AggregateAllChecksBySpecID(multiResults []types.Results, cs ComplianceSpec) map[string]types.Results {
    60  	checkIDs := cs.CheckIDs()
    61  	complianceArr := make(map[string]types.Results, 0)
    62  	for _, resResult := range multiResults {
    63  		for _, result := range resResult {
    64  			m := MapSpecCheckIDToFilteredResults(result, checkIDs)
    65  			for id, checks := range m {
    66  				complianceArr[id] = append(complianceArr[id], checks...)
    67  			}
    68  		}
    69  	}
    70  	return complianceArr
    71  }