Skip to content

Commit

Permalink
refactor: keep advisor, vulndb urls constant
Browse files Browse the repository at this point in the history
  • Loading branch information
@mcombuechen
mcombuechen committed Nov 28, 2024
1 parent 5b23f91 commit 405f5ad
Show file tree
Hide file tree
Showing 6 changed files with 40 additions and 43 deletions.
10 changes: 3 additions & 7 deletions lib/snyk/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,16 +17,12 @@
package snyk

type Config struct {
SnykAdvisorWebURL string
SnykVulnerabilityDBWebURL string
SnykAPIURL string
APIToken string
SnykAPIURL string
APIToken string
}

func DefaultConfig() *Config {
return &Config{
SnykAdvisorWebURL: "https://snyk.io/advisor",
SnykVulnerabilityDBWebURL: "https://security.snyk.io",
SnykAPIURL: "https://api.snyk.io",
SnykAPIURL: "https://api.snyk.io",
}
}
11 changes: 8 additions & 3 deletions lib/snyk/enrich.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,17 @@ import (
"github.com/snyk/parlay/lib/sbom"
)

func EnrichSBOM(conf *Config, doc *sbom.SBOMDocument, logger *zerolog.Logger) *sbom.SBOMDocument {
const (
snykAdvisorWebURL = "https://snyk.io/advisor"
snykVulnerabilityDBWebURL = "https://security.snyk.io"
)

func EnrichSBOM(cfg *Config, doc *sbom.SBOMDocument, logger *zerolog.Logger) *sbom.SBOMDocument {
switch bom := doc.BOM.(type) {
case *cdx.BOM:
enrichCycloneDX(conf, bom, logger)
enrichCycloneDX(cfg, bom, logger)
case *spdx.Document:
enrichSPDX(conf, bom, logger)
enrichSPDX(cfg, bom, logger)
}

return doc
Expand Down
20 changes: 10 additions & 10 deletions lib/snyk/enrich_cyclonedx.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,8 @@ var cdxEnrichers = []cdxEnricher{
enrichCDXSnykVulnerabilityDBData,
}

func enrichCDXSnykVulnerabilityDBData(conf *Config, component *cdx.Component, purl *packageurl.PackageURL) {
url := SnykVulnURL(conf, purl)
func enrichCDXSnykVulnerabilityDBData(cfg *Config, component *cdx.Component, purl *packageurl.PackageURL) {
url := SnykVulnURL(cfg, purl)
if url != "" {
ext := cdx.ExternalReference{
URL: url,
Expand All @@ -54,8 +54,8 @@ func enrichCDXSnykVulnerabilityDBData(conf *Config, component *cdx.Component, pu
}
}

func enrichCDXSnykAdvisorData(conf *Config, component *cdx.Component, purl *packageurl.PackageURL) {
url := SnykAdvisorURL(conf, purl)
func enrichCDXSnykAdvisorData(cfg *Config, component *cdx.Component, purl *packageurl.PackageURL) {
url := SnykAdvisorURL(cfg, purl)
if url != "" {
ext := cdx.ExternalReference{
URL: url,
Expand All @@ -70,14 +70,14 @@ func enrichCDXSnykAdvisorData(conf *Config, component *cdx.Component, purl *pack
}
}

func enrichCycloneDX(conf *Config, bom *cdx.BOM, logger *zerolog.Logger) *cdx.BOM {
auth, err := AuthFromToken(conf.APIToken)
func enrichCycloneDX(cfg *Config, bom *cdx.BOM, logger *zerolog.Logger) *cdx.BOM {
auth, err := AuthFromToken(cfg.APIToken)
if err != nil {
logger.Fatal().Err(err).Msg("Failed to authenticate")
return nil
}

orgID, err := SnykOrgID(conf, auth)
orgID, err := SnykOrgID(cfg, auth)
if err != nil {
logger.Error().Err(err).Msg("Failed to infer preferred Snyk organization")
return nil
Expand Down Expand Up @@ -105,9 +105,9 @@ func enrichCycloneDX(conf *Config, bom *cdx.BOM, logger *zerolog.Logger) *cdx.BO
return
}
for _, enrichFunc := range cdxEnrichers {
enrichFunc(conf, component, &purl)
enrichFunc(cfg, component, &purl)
}
resp, err := GetPackageVulnerabilities(conf, &purl, auth, orgID)
resp, err := GetPackageVulnerabilities(cfg, &purl, auth, orgID)
if err != nil {
l.Err(err).
Str("purl", purl.ToString()).
Expand Down Expand Up @@ -206,7 +206,7 @@ func enrichCycloneDX(conf *Config, bom *cdx.BOM, logger *zerolog.Logger) *cdx.BO
for _, sev := range *issue.Attributes.Severities {
source := cdx.Source{
Name: "Snyk",
URL: snykVulnDBServer,
URL: snykVulnerabilityDBWebURL,
}
if sev.Score != nil {
score := float64(*sev.Score)
Expand Down
20 changes: 10 additions & 10 deletions lib/snyk/enrich_spdx.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,8 @@ var spdxEnrichers = []spdxEnricher{
enrichSPDXSnykVulnerabilityDBData,
}

func enrichSPDXSnykAdvisorData(conf *Config, component *spdx_2_3.Package, purl *packageurl.PackageURL) {
url := SnykAdvisorURL(conf, purl)
func enrichSPDXSnykAdvisorData(cfg *Config, component *spdx_2_3.Package, purl *packageurl.PackageURL) {
url := SnykAdvisorURL(cfg, purl)
if url != "" {
ext := &spdx_2_3.PackageExternalReference{
Locator: url,
Expand All @@ -56,8 +56,8 @@ func enrichSPDXSnykAdvisorData(conf *Config, component *spdx_2_3.Package, purl *
}
}

func enrichSPDXSnykVulnerabilityDBData(conf *Config, component *spdx_2_3.Package, purl *packageurl.PackageURL) {
url := SnykVulnURL(conf, purl)
func enrichSPDXSnykVulnerabilityDBData(cfg *Config, component *spdx_2_3.Package, purl *packageurl.PackageURL) {
url := SnykVulnURL(cfg, purl)
if url != "" {
ext := &spdx_2_3.PackageExternalReference{
Locator: url,
Expand All @@ -73,16 +73,16 @@ func enrichSPDXSnykVulnerabilityDBData(conf *Config, component *spdx_2_3.Package
}
}

func enrichSPDX(conf *Config, bom *spdx.Document, logger *zerolog.Logger) *spdx.Document {
auth, err := AuthFromToken(conf.APIToken)
func enrichSPDX(cfg *Config, bom *spdx.Document, logger *zerolog.Logger) *spdx.Document {
auth, err := AuthFromToken(cfg.APIToken)
if err != nil {
logger.Fatal().
Err(err).
Msg("Failed to authenticate")
return nil
}

orgID, err := SnykOrgID(conf, auth)
orgID, err := SnykOrgID(cfg, auth)
if err != nil {
logger.Fatal().
Err(err).
Expand Down Expand Up @@ -110,9 +110,9 @@ func enrichSPDX(conf *Config, bom *spdx.Document, logger *zerolog.Logger) *spdx.
return
}
for _, enrichFn := range spdxEnrichers {
enrichFn(conf, pkg, purl)
enrichFn(cfg, pkg, purl)
}
resp, err := GetPackageVulnerabilities(conf, purl, auth, orgID)
resp, err := GetPackageVulnerabilities(cfg, purl, auth, orgID)
if err != nil {
l.Err(err).
Str("purl", purl.ToString()).
Expand Down Expand Up @@ -150,7 +150,7 @@ func enrichSPDX(conf *Config, bom *spdx.Document, logger *zerolog.Logger) *spdx.
RefType: spdx.SecurityAdvisory,
Locator: fmt.Sprintf(
"%s/vuln/%s",
conf.SnykVulnerabilityDBWebURL,
snykVulnerabilityDBWebURL,
url.PathEscape(*issue.Id)),
}

Expand Down
18 changes: 7 additions & 11 deletions lib/snyk/package.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,7 @@ import (
"github.com/snyk/parlay/snyk/issues"
)

const (
version = "2023-04-28"
snykAdvisorServer = "https://snyk.io/advisor"
snykVulnDBServer = "https://security.snyk.io"
)
const version = "2023-04-28"

func purlToSnykAdvisor(purl *packageurl.PackageURL) string {
return map[string]string{
Expand All @@ -43,12 +39,12 @@ func purlToSnykAdvisor(purl *packageurl.PackageURL) string {
}[purl.Type]
}

func SnykAdvisorURL(conf *Config, purl *packageurl.PackageURL) string {
func SnykAdvisorURL(cfg *Config, purl *packageurl.PackageURL) string {
ecosystem := purlToSnykAdvisor(purl)
if ecosystem == "" {
return ""
}
url := conf.SnykAdvisorWebURL + "/" + ecosystem + "/"
url := snykAdvisorWebURL + "/" + ecosystem + "/"
if purl.Namespace != "" {
url += purl.Namespace + "/"
}
Expand All @@ -73,21 +69,21 @@ func purlToSnykVulnDB(purl *packageurl.PackageURL) string {
}[purl.Type]
}

func SnykVulnURL(conf *Config, purl *packageurl.PackageURL) string {
func SnykVulnURL(cfg *Config, purl *packageurl.PackageURL) string {
ecosystem := purlToSnykVulnDB(purl)
if ecosystem == "" {
return ""
}
url := conf.SnykVulnerabilityDBWebURL + "/package/" + ecosystem + "/"
url := snykVulnerabilityDBWebURL + "/package/" + ecosystem + "/"
if purl.Namespace != "" {
url += purl.Namespace + "%2F"
}
url += purl.Name
return url
}

func GetPackageVulnerabilities(conf *Config, purl *packageurl.PackageURL, auth *securityprovider.SecurityProviderApiKey, orgID *uuid.UUID) (*issues.FetchIssuesPerPurlResponse, error) {
client, err := issues.NewClientWithResponses(conf.SnykAPIURL, issues.WithRequestEditorFn(auth.Intercept))
func GetPackageVulnerabilities(cfg *Config, purl *packageurl.PackageURL, auth *securityprovider.SecurityProviderApiKey, orgID *uuid.UUID) (*issues.FetchIssuesPerPurlResponse, error) {
client, err := issues.NewClientWithResponses(cfg.SnykAPIURL, issues.WithRequestEditorFn(auth.Intercept))
if err != nil {
return nil, err
}
Expand Down
4 changes: 2 additions & 2 deletions lib/snyk/self.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@ type selfDocument struct {
}
}

func SnykOrgID(conf *Config, auth *securityprovider.SecurityProviderApiKey) (*uuid.UUID, error) {
experimental, err := users.NewClientWithResponses(conf.SnykAPIURL, users.WithRequestEditorFn(auth.Intercept))
func SnykOrgID(cfg *Config, auth *securityprovider.SecurityProviderApiKey) (*uuid.UUID, error) {
experimental, err := users.NewClientWithResponses(cfg.SnykAPIURL, users.WithRequestEditorFn(auth.Intercept))
if err != nil {
return nil, err
}
Expand Down

0 comments on commit 405f5ad

Please sign in to comment.