Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-11-14 00:07:08 +00:00
Code Issues Projects Releases Packages Wiki Activity

presenter: cyclonedx document updates to pass schema validation

Browse source 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
This commit is contained in:
Alfredo Deza 2020-09-21 10:51:32 -04:00
parent 4f78b57a63
commit 2d448390d6
1 changed files with 17 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
grype/presenter/cyclonedx/document.go
View file

@ -73,7 +73,15 @@ func NewVulnerability(m match.Match, p vulnerability.MetadataProvider) (Vulnerab
} }
rating.Score = score rating.Score = score
rating.Severity = metadata.Severity
// The schema does not allow "Negligible", only allowing the following:
// 'None', 'Low', 'Medium', 'High', 'Critical', 'Unknown'
severity := metadata.Severity
if metadata.Severity == "Negligible" {
severity = "Low"
}
rating.Severity = severity
v := Vulnerability{ v := Vulnerability{
Ref: uuid.New().URN(), Ref: uuid.New().URN(),
@ -93,7 +101,7 @@ func NewVulnerability(m match.Match, p vulnerability.MetadataProvider) (Vulnerab
} }
// NewDocumentFromCatalog returns a CycloneDX Document object populated with the vulnerability contents. // NewDocumentFromCatalog returns a CycloneDX Document object populated with the vulnerability contents.
func NewDocumentFromCatalog(catalog *pkg.Catalog, matches match.Matches, provider vulnerability.MetadataProvider) Document { func NewDocumentFromCatalog(catalog *pkg.Catalog, matches match.Matches, provider vulnerability.MetadataProvider) (Document, error) {
bom := NewDocument() bom := NewDocument()
for p := range catalog.Enumerate() { for p := range catalog.Enumerate() {
// make a new compoent (by value) // make a new compoent (by value)
@ -121,24 +129,27 @@ func NewDocumentFromCatalog(catalog *pkg.Catalog, matches match.Matches, provide
pkgMatches := matches.GetByPkgID(p.ID()) pkgMatches := matches.GetByPkgID(p.ID())
if len(pkgMatches) > 0 { if len(pkgMatches) > 0 {
var vulnerabilities []Vulnerability
for _, m := range pkgMatches { for _, m := range pkgMatches {
// Sort of eating up the error here, we are appending only when there is // Sort of eating up the error here, we are appending only when there is
// no error. When there is one, we ignore it and move to the next vuln // no error. When there is one, we ignore it and move to the next vuln
// An error is only possible if it metadata can't be produced // An error is only possible if it metadata can't be produced
v, err := NewVulnerability(m, provider) v, err := NewVulnerability(m, provider)
if err == nil { if err != nil {
component.Vulnerabilities = append(component.Vulnerabilities, v) return Document{}, err
} }
vulnerabilities = append(vulnerabilities, v)
} }
component.Vulnerabilities = &vulnerabilities
} }
// add a *copy* of the component to the bom document // add a *copy* of the component to the bom document
bom.Components = append(bom.Components, component) bom.Components = append(bom.Components, component)
} }
bom.BomDescriptor = syftCDX.NewBomDescriptor() bom.BomDescriptor = NewBomDescriptor()
return bom return bom, nil
} }
func makeURL(id string) string { func makeURL(id string) string {