zotregistry.io/zot@v1.4.4-0.20231124084042-02a8ed785457/pkg/extensions/search/convert/cve.go

zotregistry.io/zot@v1.4.4-0.20231124084042-02a8ed785457/pkg/extensions/search/convert/cve.go (about)

     1  package convert
     2  
     3  import (
     4  	"context"
     5  
     6  	"github.com/99designs/gqlgen/graphql"
     7  	ispec "github.com/opencontainers/image-spec/specs-go/v1"
     8  	"github.com/vektah/gqlparser/v2/gqlerror"
     9  
    10  	cveinfo "zotregistry.io/zot/pkg/extensions/search/cve"
    11  	cvemodel "zotregistry.io/zot/pkg/extensions/search/cve/model"
    12  	"zotregistry.io/zot/pkg/extensions/search/gql_generated"
    13  )
    14  
    15  func updateRepoSummaryVulnerabilities(
    16  	ctx context.Context,
    17  	repoSummary *gql_generated.RepoSummary,
    18  	skip SkipQGLField,
    19  	cveInfo cveinfo.CveInfo,
    20  ) {
    21  	if repoSummary == nil {
    22  		return
    23  	}
    24  
    25  	updateImageSummaryVulnerabilities(ctx, repoSummary.NewestImage, skip, cveInfo)
    26  }
    27  
    28  func updateImageSummaryVulnerabilities(
    29  	ctx context.Context,
    30  	imageSummary *gql_generated.ImageSummary,
    31  	skip SkipQGLField,
    32  	cveInfo cveinfo.CveInfo,
    33  ) {
    34  	if imageSummary == nil {
    35  		return
    36  	}
    37  
    38  	imageCveSummary := cvemodel.ImageCVESummary{}
    39  
    40  	imageSummary.Vulnerabilities = &gql_generated.ImageVulnerabilitySummary{
    41  		MaxSeverity: &imageCveSummary.MaxSeverity,
    42  		Count:       &imageCveSummary.Count,
    43  	}
    44  
    45  	// Check if vulnerability scanning is disabled
    46  	if cveInfo == nil || skip.Vulnerabilities {
    47  		return
    48  	}
    49  
    50  	imageCveSummary, err := cveInfo.GetCVESummaryForImageMedia(ctx, *imageSummary.RepoName, *imageSummary.Digest,
    51  		*imageSummary.MediaType)
    52  	if err != nil {
    53  		// Log the error, but we should still include the image in results
    54  		graphql.AddError(
    55  			ctx,
    56  			gqlerror.Errorf(
    57  				"unable to run vulnerability scan on tag %s in repo %s: error: %s",
    58  				*imageSummary.Tag, *imageSummary.RepoName, err.Error(),
    59  			),
    60  		)
    61  	}
    62  
    63  	imageSummary.Vulnerabilities.MaxSeverity = &imageCveSummary.MaxSeverity
    64  	imageSummary.Vulnerabilities.Count = &imageCveSummary.Count
    65  
    66  	for _, manifestSummary := range imageSummary.Manifests {
    67  		updateManifestSummaryVulnerabilities(ctx, manifestSummary, *imageSummary.RepoName, skip, cveInfo)
    68  	}
    69  }
    70  
    71  func updateManifestSummaryVulnerabilities(
    72  	ctx context.Context,
    73  	manifestSummary *gql_generated.ManifestSummary,
    74  	repoName string,
    75  	skip SkipQGLField,
    76  	cveInfo cveinfo.CveInfo,
    77  ) {
    78  	if manifestSummary == nil {
    79  		return
    80  	}
    81  
    82  	imageCveSummary := cvemodel.ImageCVESummary{}
    83  
    84  	manifestSummary.Vulnerabilities = &gql_generated.ImageVulnerabilitySummary{
    85  		MaxSeverity: &imageCveSummary.MaxSeverity,
    86  		Count:       &imageCveSummary.Count,
    87  	}
    88  
    89  	// Check if vulnerability scanning is disabled
    90  	if cveInfo == nil || skip.Vulnerabilities {
    91  		return
    92  	}
    93  
    94  	imageCveSummary, err := cveInfo.GetCVESummaryForImageMedia(ctx, repoName, *manifestSummary.Digest,
    95  		ispec.MediaTypeImageManifest)
    96  	if err != nil {
    97  		// Log the error, but we should still include the manifest in results
    98  		graphql.AddError(
    99  			ctx,
   100  			gqlerror.Errorf(
   101  				"unable to run vulnerability scan in repo %s: manifest digest: %s, error: %s",
   102  				repoName, *manifestSummary.Digest, err.Error(),
   103  			),
   104  		)
   105  	}
   106  
   107  	manifestSummary.Vulnerabilities.MaxSeverity = &imageCveSummary.MaxSeverity
   108  	manifestSummary.Vulnerabilities.Count = &imageCveSummary.Count
   109  }