github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/flag/vulnerability_flags.go

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/flag/vulnerability_flags.go (about)

     1  package flag
     2  
     3  import (
     4  	"github.com/samber/lo"
     5  
     6  	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
     7  	"github.com/devseccon/trivy/pkg/log"
     8  	"github.com/devseccon/trivy/pkg/types"
     9  )
    10  
    11  var (
    12  	VulnTypeFlag = Flag{
    13  		Name:       "vuln-type",
    14  		ConfigName: "vulnerability.type",
    15  		Default: []string{
    16  			types.VulnTypeOS,
    17  			types.VulnTypeLibrary,
    18  		},
    19  		Values: []string{
    20  			types.VulnTypeOS,
    21  			types.VulnTypeLibrary,
    22  		},
    23  		Usage: "comma-separated list of vulnerability types",
    24  	}
    25  	IgnoreUnfixedFlag = Flag{
    26  		Name:       "ignore-unfixed",
    27  		ConfigName: "vulnerability.ignore-unfixed",
    28  		Default:    false,
    29  		Usage:      "display only fixed vulnerabilities",
    30  	}
    31  	IgnoreStatusFlag = Flag{
    32  		Name:       "ignore-status",
    33  		ConfigName: "vulnerability.ignore-status",
    34  		Default:    []string{},
    35  		Values:     dbTypes.Statuses,
    36  		Usage:      "comma-separated list of vulnerability status to ignore",
    37  	}
    38  )
    39  
    40  type VulnerabilityFlagGroup struct {
    41  	VulnType      *Flag
    42  	IgnoreUnfixed *Flag
    43  	IgnoreStatus  *Flag
    44  }
    45  
    46  type VulnerabilityOptions struct {
    47  	VulnType       []string
    48  	IgnoreStatuses []dbTypes.Status
    49  }
    50  
    51  func NewVulnerabilityFlagGroup() *VulnerabilityFlagGroup {
    52  	return &VulnerabilityFlagGroup{
    53  		VulnType:      &VulnTypeFlag,
    54  		IgnoreUnfixed: &IgnoreUnfixedFlag,
    55  		IgnoreStatus:  &IgnoreStatusFlag,
    56  	}
    57  }
    58  
    59  func (f *VulnerabilityFlagGroup) Name() string {
    60  	return "Vulnerability"
    61  }
    62  
    63  func (f *VulnerabilityFlagGroup) Flags() []*Flag {
    64  	return []*Flag{
    65  		f.VulnType,
    66  		f.IgnoreUnfixed,
    67  		f.IgnoreStatus,
    68  	}
    69  }
    70  
    71  func (f *VulnerabilityFlagGroup) ToOptions() VulnerabilityOptions {
    72  	// Just convert string to dbTypes.Status as the validated values are passed here.
    73  	ignoreStatuses := lo.Map(getStringSlice(f.IgnoreStatus), func(s string, _ int) dbTypes.Status {
    74  		return dbTypes.NewStatus(s)
    75  	})
    76  	ignoreUnfixed := getBool(f.IgnoreUnfixed)
    77  
    78  	switch {
    79  	case ignoreUnfixed && len(ignoreStatuses) > 0:
    80  		log.Logger.Warn("'--ignore-unfixed' is ignored because '--ignore-status' is specified")
    81  	case ignoreUnfixed:
    82  		// '--ignore-unfixed' is a shorthand of '--ignore-status'.
    83  		ignoreStatuses = lo.FilterMap(dbTypes.Statuses, func(s string, _ int) (dbTypes.Status, bool) {
    84  			fixed := dbTypes.StatusFixed
    85  			if s == fixed.String() {
    86  				return 0, false
    87  			}
    88  			return dbTypes.NewStatus(s), true
    89  		})
    90  	case len(ignoreStatuses) == 0:
    91  		ignoreStatuses = nil
    92  	}
    93  	log.Logger.Debugw("Ignore statuses", "statuses", ignoreStatuses)
    94  
    95  	return VulnerabilityOptions{
    96  		VulnType:       getStringSlice(f.VulnType),
    97  		IgnoreStatuses: ignoreStatuses,
    98  	}
    99  }