Skip to content

Commit

Permalink
ensure we deduplicate vuln rows
Browse files Browse the repository at this point in the history
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
  • Loading branch information
wagoodman committed Dec 17, 2024
1 parent 72d23d4 commit f2baf2b
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 10 deletions.
2 changes: 1 addition & 1 deletion cmd/grype/cli/commands/db_search_pkg.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ func DBSearchPackages(app clio.Application) *cobra.Command {
return app.SetupCommand(&cobra.Command{
Use: "pkg PURL|CPE|NAME...",
Aliases: []string{"package", "packages", "pkgs"},
Short: "get information regarding packages affected by vulnerabilities from the db",
Short: "Search for packages affected by vulnerabilities within the db",
Args: func(_ *cobra.Command, args []string) error {
opts.Package.Names = args
return nil
Expand Down
51 changes: 42 additions & 9 deletions cmd/grype/cli/commands/db_search_vuln.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ func DBSearchVulnerabilities(app clio.Application) *cobra.Command {
return app.SetupCommand(&cobra.Command{
Use: "vuln ID...",
Aliases: []string{"vulnerability", "vulnerabilities", "vulns"},
Short: "get information regarding vulnerabilities from the db",
Short: "Search for vulnerabilities within the DB",
Args: func(_ *cobra.Command, args []string) error {
if len(args) == 0 {
return fmt.Errorf("must specify at least one vulnerability ID")
Expand Down Expand Up @@ -159,7 +159,15 @@ func presentDBSearchVulnerabilities(outputFormat string, structuredRows []dbsear
}

func renderDBSearchVulnerabilitiesTableRows(structuredRows []dbsearch.VulnerabilityRow) [][]string {
var rows [][]string
type row struct {
Vuln string
ProviderWithoutVersions string
PublishedDate string
Severity string
Reference string
}

versionsByRow := make(map[row][]string)
for _, rr := range structuredRows {
// get the first severity value (which is ranked highest)
var sev string
Expand All @@ -168,12 +176,9 @@ func renderDBSearchVulnerabilitiesTableRows(structuredRows []dbsearch.Vulnerabil
}

prov := rr.Provider
if len(rr.OperatingSystems) > 0 {
var versions []string
for _, os := range rr.OperatingSystems {
versions = append(versions, os.Version)
}
prov = fmt.Sprintf("%s (%s)", rr.Provider, strings.Join(versions, ", "))
var versions []string
for _, os := range rr.OperatingSystems {
versions = append(versions, os.Version)
}

var published string
Expand All @@ -186,7 +191,35 @@ func renderDBSearchVulnerabilitiesTableRows(structuredRows []dbsearch.Vulnerabil
ref = rr.References[0].URL
}

rows = append(rows, []string{rr.ID, prov, published, sev, ref})
r := row{
Vuln: rr.ID,
ProviderWithoutVersions: prov,
PublishedDate: published,
Severity: sev,
Reference: ref,
}
versionsByRow[r] = append(versionsByRow[r], versions...)
}

var rows [][]string
for r, versions := range versionsByRow {
prov := r.ProviderWithoutVersions
if len(versions) > 0 {
sort.Strings(versions)
prov = fmt.Sprintf("%s (%s)", r.ProviderWithoutVersions, strings.Join(versions, ", "))
}
rows = append(rows, []string{r.Vuln, prov, r.PublishedDate, r.Severity, r.Reference})
}

// sort rows by each column
sort.Slice(rows, func(i, j int) bool {
for k := range rows[i] {
if rows[i][k] != rows[j][k] {
return rows[i][k] < rows[j][k]
}
}
return false
})

return rows
}

0 comments on commit f2baf2b

Please # to comment.