github.com/ouraigua/jenkins-library@v0.0.0-20231028010029-fbeaf2f3aa9b/pkg/reporting/securityVulnerability.go (about) 1 package reporting 2 3 import ( 4 "bytes" 5 "fmt" 6 "text/template" 7 "time" 8 9 "github.com/SAP/jenkins-library/pkg/orchestrator" 10 11 "golang.org/x/text/cases" 12 "golang.org/x/text/language" 13 ) 14 15 // VulnerabilityReport represents metadata for a report on a vulnerability 16 type VulnerabilityReport struct { 17 ProjectName string 18 ProjectVersion string 19 BlackDuckProjectLink string 20 ArtifactID string 21 Branch string 22 CommitID string 23 Description string 24 DependencyType string 25 Footer string 26 Group string 27 PackageURL string 28 PipelineName string 29 PipelineLink string 30 PublishDate string 31 Resolution string 32 Score float64 33 Severity string 34 Version string 35 VulnerabilityLink string 36 VulnerabilityName string 37 Origin string 38 } 39 40 const vulnerabilityMdTemplate string = `# {{title .Severity }} ({{ .Score }}) Vulnerability {{ .VulnerabilityName }} - {{ .ArtifactID }} 41 42 **Vulnerability link:** [{{ .VulnerabilityLink }}]({{ .VulnerabilityLink }}) 43 44 {{if .Resolution -}} 45 ## Fix 46 47 **{{ .Resolution }}** 48 {{- end}} 49 50 ## Context 51 52 {{if .PipelineLink -}} 53 ### Pipeline 54 55 Pipeline run: [{{ .PipelineName }}]({{ .PipelineLink }}) 56 {{- end}} 57 58 ### Detected in 59 60 **Project Version:** [{{ .ProjectName }} {{ .ProjectVersion }}]({{ .BlackDuckProjectLink }}) 61 {{if .Branch}}**Branch:** {{ .Branch }}{{- end}} 62 {{if .CommitID}}**CommitId:** {{ .CommitID }}{{- end}} 63 {{if .Group}}**Group:** {{ .Group }}{{- end}} 64 {{if .PublishDate}}**Publishing date:** {{.PublishDate }}{{- end}} 65 66 {{if .ArtifactID}}**ArtifactId:** {{ .ArtifactID }}{{- end}} 67 {{if .Version}}**Version:** {{ .Version }}{{- end}} 68 {{if .Origin}}**Origin:** {{ .Origin }}{{- end}} 69 {{if .DependencyType}}**Dependency:** {{ .DependencyType }}{{- end}} 70 {{if .PackageURL}}**Package URL:** {{ .PackageURL }}{{- end}} 71 72 ## Description 73 74 {{ .Description }} 75 76 --- 77 78 {{.Footer}} 79 ` 80 81 // ToMarkdown creates a vulnerability in markdown format which can be used in GitHub issues 82 func (v *VulnerabilityReport) ToMarkdown() ([]byte, error) { 83 funcMap := template.FuncMap{ 84 "date": func(t time.Time) string { 85 return t.Format("2006-01-02") 86 }, 87 "title": func(s string) string { 88 caser := cases.Title(language.AmericanEnglish) 89 return caser.String(s) 90 }, 91 } 92 93 // only fill with orchestrator information if orchestrator can be identified properly 94 if provider, err := orchestrator.NewOrchestratorSpecificConfigProvider(); err == nil { 95 // only add information if not yet provided 96 if len(v.CommitID) == 0 { 97 v.CommitID = provider.GetCommit() 98 } 99 if len(v.PipelineLink) == 0 { 100 v.PipelineLink = provider.GetJobURL() 101 v.PipelineName = provider.GetJobName() 102 } 103 104 if len(v.Branch) == 0 { 105 v.Branch = provider.GetBranch() 106 } 107 } 108 109 md := []byte{} 110 tmpl, err := template.New("report").Funcs(funcMap).Parse(vulnerabilityMdTemplate) 111 if err != nil { 112 return md, fmt.Errorf("failed to create markdown issue template: %w", err) 113 } 114 buf := new(bytes.Buffer) 115 err = tmpl.Execute(buf, v) 116 if err != nil { 117 return md, fmt.Errorf("failed to execute markdown issue template: %w", err) 118 } 119 md = buf.Bytes() 120 return md, nil 121 }