Skip to content

[CNVM] Index updates #1176

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jeniawhite merged 8 commits into from
Aug 15, 2023
+18 −24
Merged

[CNVM] Index updates #1176

Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
dbb55eb
Moving fields
jeniawhite Aug 1, 2023
ca3cf92
Update capitalization according to discussion
jeniawhite Aug 13, 2023
6ffbaab
Fixing capitalization
jeniawhite Aug 13, 2023
0147ba3
Fix package test
jeniawhite Aug 13, 2023
57456af
Revert breaking changes
jeniawhite Aug 15, 2023
35eef7c
Fix leftover
jeniawhite Aug 15, 2023
bf078bf
Scanner fix
jeniawhite Aug 15, 2023
ab14b98
Merge branch 'main' into evgb-VulnIndexPatch
jeniawhite Aug 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 18 additions & 24 deletions vulnerability/events_creator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,19 +67,20 @@ type Vulnerability struct {
type CloudSection struct {
Service Service `json:"service,omitempty"`
Machine Machine `json:"machine,omitempty"`
Tags map[string]string `json:"tags,omitempty"`
Tags map[string]string `json:"Tags,omitempty"`
AvailabilityZone *string `json:"availability_zone,omitempty"`
Region string `json:"region,omitempty"`
Instance Instance `json:"instance,omitempty"`
Security Security `json:"Security,omitempty"`
}

type NetworkSection struct {
PrivateIp *string `json:"private_ip,omitempty"`
PublicIp *string `json:"public_ip,omitempty"`
MacAddresses []string `json:"mac_addresses,omitempty"`
PrivateIp *string `json:"Private_ip,omitempty"`
PublicIp *string `json:"Public_ip,omitempty"`
MacAddresses []string `json:"Mac_addresses,omitempty"`
}

type SecuritySection struct {
type Security struct {
SecurityGroups []ec2.SecurityGroupInfo `json:"security_groups,omitempty"`
}

Expand Down Expand Up @@ -107,9 +108,9 @@ type Instance struct {

type Machine struct {
Type string `json:"type,omitempty"`
Authentication AuthInfo `json:"authentication,omitempty"`
LaunchTime *time.Time `json:"launch_time,omitempty"`
Image *string `json:"image,omitempty"`
Authentication AuthInfo `json:"Authentication,omitempty"`
LaunchTime *time.Time `json:"Launch_time,omitempty"`
Image *string `json:"Image,omitempty"`
}

type AuthInfo struct {
Expand All @@ -132,11 +133,11 @@ type DataSource struct {
}

type Package struct {
FixedVersion string `json:"fixed_version,omitempty"`
Version string `json:"version,omitempty"`
Name string `json:"name,omitempty"`
Type string `json:"type,omitempty"`
Path string `json:"path,omitempty"`
FixedVersion string `json:"fixed_version,omitempty"`
}

type Scanner struct {
Expand Down Expand Up @@ -235,6 +236,9 @@ func (e EventsCreator) generateEvent(reportResult trivyTypes.Result, vul trivyTy
AvailabilityZone: getAvailabilityZone(snap.Instance),
Region: snap.Instance.Region,
Tags: snap.Instance.GetResourceTags(),
Security: Security{
SecurityGroups: snap.Instance.GetResourceSecurityGroups(),
},
})

// TODO: Should we fail the event if we can't enrich the cloud section?
Expand Down Expand Up @@ -271,15 +275,6 @@ func (e EventsCreator) generateEvent(reportResult trivyTypes.Result, vul trivyTy
e.log.Errorf("failed to enrich network section: %v", err)
}

securitySec, err := convertStructToMapStr(SecuritySection{
SecurityGroups: snap.Instance.GetResourceSecurityGroups(),
})

// TODO: Should we fail the event if we can't enrich the security section?
if err != nil {
e.log.Errorf("failed to enrich security section: %v", err)
}

event := beat.Event{
// TODO: Maybe configure or get from somewhere else?
Meta: mapstr.M{libevents.FieldMetaIndex: vulIndex},
Expand All @@ -294,11 +289,11 @@ func (e EventsCreator) generateEvent(reportResult trivyTypes.Result, vul trivyTy
Name: snap.Instance.GetResourceName(),
},
"package": Package{
FixedVersion: vul.FixedVersion,
Path: reportResult.Target,
Type: reportResult.Type,
Name: vul.PkgName,
Version: vul.InstalledVersion,
FixedVersion: vul.FixedVersion,
},
"vulnerability": Vulnerability{
// TODO: Replace sequence with more generic approach
Expand All @@ -319,9 +314,9 @@ func (e EventsCreator) generateEvent(reportResult trivyTypes.Result, vul trivyTy
Version: e.getCVSSVersion(vul),
},
Package: Package{ // kept for backward compatibility, new obj is under root
FixedVersion: vul.FixedVersion,
Name: vul.PkgName,
Version: vul.InstalledVersion,
FixedVersion: vul.FixedVersion,
},
Cwe: vul.CweIDs,
ID: vul.VulnerabilityID,
Expand All @@ -334,10 +329,9 @@ func (e EventsCreator) generateEvent(reportResult trivyTypes.Result, vul trivyTy
PublishedDate: vul.PublishedDate,
},
// TODO: These sections might be overridden by the enricher of proccessor
"cloud": cloudSec,
"host": hostSec,
"network": networkSec,
"security": securitySec,
"cloud": cloudSec,
"host": hostSec,
"network": networkSec,
},
}

Expand Down