zotregistry.dev/zot@v1.4.4-0.20240314164342-eec277e14d20/pkg/extensions/search/convert/cve.go

zotregistry.dev/zot@v1.4.4-0.20240314164342-eec277e14d20/pkg/extensions/search/convert/cve.go (about)

     1  package convert
     2  
     3  import (
     4  	"context"
     5  
     6  	"github.com/99designs/gqlgen/graphql"
     7  	ispec "github.com/opencontainers/image-spec/specs-go/v1"
     8  	"github.com/vektah/gqlparser/v2/gqlerror"
     9  
    10  	cveinfo "zotregistry.dev/zot/pkg/extensions/search/cve"
    11  	cvemodel "zotregistry.dev/zot/pkg/extensions/search/cve/model"
    12  	"zotregistry.dev/zot/pkg/extensions/search/gql_generated"
    13  )
    14  
    15  func updateRepoSummaryVulnerabilities(
    16  	ctx context.Context,
    17  	repoSummary *gql_generated.RepoSummary,
    18  	skip SkipQGLField,
    19  	cveInfo cveinfo.CveInfo,
    20  ) {
    21  	if repoSummary == nil {
    22  		return
    23  	}
    24  
    25  	updateImageSummaryVulnerabilities(ctx, repoSummary.NewestImage, skip, cveInfo)
    26  }
    27  
    28  func updateImageSummaryVulnerabilities(
    29  	ctx context.Context,
    30  	imageSummary *gql_generated.ImageSummary,
    31  	skip SkipQGLField,
    32  	cveInfo cveinfo.CveInfo,
    33  ) {
    34  	if imageSummary == nil {
    35  		return
    36  	}
    37  
    38  	imageCveSummary := cvemodel.ImageCVESummary{}
    39  
    40  	imageSummary.Vulnerabilities = &gql_generated.ImageVulnerabilitySummary{
    41  		MaxSeverity:   &imageCveSummary.MaxSeverity,
    42  		UnknownCount:  &imageCveSummary.UnknownCount,
    43  		LowCount:      &imageCveSummary.LowCount,
    44  		MediumCount:   &imageCveSummary.MediumCount,
    45  		HighCount:     &imageCveSummary.HighCount,
    46  		CriticalCount: &imageCveSummary.CriticalCount,
    47  		Count:         &imageCveSummary.Count,
    48  	}
    49  
    50  	// Check if vulnerability scanning is disabled
    51  	if cveInfo == nil || skip.Vulnerabilities {
    52  		return
    53  	}
    54  
    55  	imageCveSummary, err := cveInfo.GetCVESummaryForImageMedia(ctx, *imageSummary.RepoName, *imageSummary.Digest,
    56  		*imageSummary.MediaType)
    57  	if err != nil {
    58  		// Log the error, but we should still include the image in results
    59  		graphql.AddError(
    60  			ctx,
    61  			gqlerror.Errorf(
    62  				"unable to run vulnerability scan on tag %s in repo %s: error: %s",
    63  				*imageSummary.Tag, *imageSummary.RepoName, err.Error(),
    64  			),
    65  		)
    66  	}
    67  
    68  	imageSummary.Vulnerabilities.MaxSeverity = &imageCveSummary.MaxSeverity
    69  	imageSummary.Vulnerabilities.UnknownCount = &imageCveSummary.UnknownCount
    70  	imageSummary.Vulnerabilities.LowCount = &imageCveSummary.LowCount
    71  	imageSummary.Vulnerabilities.MediumCount = &imageCveSummary.MediumCount
    72  	imageSummary.Vulnerabilities.HighCount = &imageCveSummary.HighCount
    73  	imageSummary.Vulnerabilities.CriticalCount = &imageCveSummary.CriticalCount
    74  	imageSummary.Vulnerabilities.Count = &imageCveSummary.Count
    75  
    76  	for _, manifestSummary := range imageSummary.Manifests {
    77  		updateManifestSummaryVulnerabilities(ctx, manifestSummary, *imageSummary.RepoName, skip, cveInfo)
    78  	}
    79  }
    80  
    81  func updateManifestSummaryVulnerabilities(
    82  	ctx context.Context,
    83  	manifestSummary *gql_generated.ManifestSummary,
    84  	repoName string,
    85  	skip SkipQGLField,
    86  	cveInfo cveinfo.CveInfo,
    87  ) {
    88  	if manifestSummary == nil {
    89  		return
    90  	}
    91  
    92  	imageCveSummary := cvemodel.ImageCVESummary{}
    93  
    94  	manifestSummary.Vulnerabilities = &gql_generated.ImageVulnerabilitySummary{
    95  		MaxSeverity:   &imageCveSummary.MaxSeverity,
    96  		UnknownCount:  &imageCveSummary.UnknownCount,
    97  		LowCount:      &imageCveSummary.LowCount,
    98  		MediumCount:   &imageCveSummary.MediumCount,
    99  		HighCount:     &imageCveSummary.HighCount,
   100  		CriticalCount: &imageCveSummary.CriticalCount,
   101  		Count:         &imageCveSummary.Count,
   102  	}
   103  
   104  	// Check if vulnerability scanning is disabled
   105  	if cveInfo == nil || skip.Vulnerabilities {
   106  		return
   107  	}
   108  
   109  	imageCveSummary, err := cveInfo.GetCVESummaryForImageMedia(ctx, repoName, *manifestSummary.Digest,
   110  		ispec.MediaTypeImageManifest)
   111  	if err != nil {
   112  		// Log the error, but we should still include the manifest in results
   113  		graphql.AddError(
   114  			ctx,
   115  			gqlerror.Errorf(
   116  				"unable to run vulnerability scan in repo %s: manifest digest: %s, error: %s",
   117  				repoName, *manifestSummary.Digest, err.Error(),
   118  			),
   119  		)
   120  	}
   121  
   122  	manifestSummary.Vulnerabilities.MaxSeverity = &imageCveSummary.MaxSeverity
   123  	manifestSummary.Vulnerabilities.UnknownCount = &imageCveSummary.UnknownCount
   124  	manifestSummary.Vulnerabilities.LowCount = &imageCveSummary.LowCount
   125  	manifestSummary.Vulnerabilities.MediumCount = &imageCveSummary.MediumCount
   126  	manifestSummary.Vulnerabilities.HighCount = &imageCveSummary.HighCount
   127  	manifestSummary.Vulnerabilities.CriticalCount = &imageCveSummary.CriticalCount
   128  	manifestSummary.Vulnerabilities.Count = &imageCveSummary.Count
   129  }