Skip to content

feat: add metrics #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
malikovmm wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: add metrics #9

malikovmm wants to merge 3 commits into from

Conversation

@malikovmm
Copy link
Collaborator

@malikovmm malikovmm commented Apr 21, 2023
edited by afdesk
Loading

--delimiter sets the delimiter, by default ",".

$ csv-report image alpine:3.14.1 --csv-result result.csv --delimiter "|"

If --include is specified, only the fields specified in this flag will be included.

$ csv-report image alpine:3.14.1 --csv-result result.csv --include "CVSS V3 Vector, CVSS V3 Score, title"

If --exclude is specified, all fields except those specified in the flag will be shown.

$ csv-report image alpine:3.14.1 --csv-result result.csv --exclude "CVSS V3 Vector, CVSS V3 Score, title"

to specify the file in which the result will be saved, you need to specify the --csv-result flag

$ csv-report image alpine:3.14.1 --csv-result result.csv
  • list of available fields: "Target", "Vulnerability Class", "Target Type", "Vulnerability ID", "Severity", "PackageName", "Installed Version", "Fixed Version", "Title", "Description", "Resolution", "Reference", "Additional Reference", "CVSS V3 Score", "CVSS V3 Vector"
  • you cannot use the --include and --exclude flags at the same time
  • if the --csv-result is not specified, will be set the default value "result.csv"

@malikovmm malikovmm requested a review from afdesk April 21, 2023 11:21
@malikovmm malikovmm linked an issue Apr 21, 2023 that may be closed by this pull request
feat: add metrics #8
Open
afdesk
afdesk requested changes Apr 23, 2023
View reviewed changes
csv.tpl Outdated
Comment on lines 13 to 78
{{- if isFieldAvailable "Vulnerability Class" }}
{{- printf "%s" $class | escapeCsv }},
{{- else -}}
{{- end }}
{{- if isFieldAvailable "Target Type" }}
{{- $vulnerabilityType | escapeCsv }},
{{- else -}}
{{- end }}
{{- if isFieldAvailable "Vulnerability ID" }}
{{- .VulnerabilityID | escapeCsv }},
{{- else -}}
{{- end }}
{{- if isFieldAvailable "Severity" }}
{{- .Vulnerability.Severity | escapeCsv }},
{{- else -}}
{{- end }}
{{- if isFieldAvailable "PackageName" }}
{{- .PkgName | escapeCsv }},
{{- else -}}
{{- end }}
{{- if isFieldAvailable "Installed Version" }}
{{- .InstalledVersion | escapeCsv }},
{{- else -}}
{{- end }}
{{- if isFieldAvailable "Fixed Version" }}
{{- .FixedVersion | escapeCsv }},
{{- else -}}
{{- end }}
{{- if isFieldAvailable "Title" }}
{{- if (eq (len .Title) 0) }}
{{- printf "%s: %s - %s severity vulnerability" .PkgName .InstalledVersion .Vulnerability.Severity | escapeCsv }},
{{- else }}
{{- abbrev 100 .Title | escapeCsv }},
{{- end }}
{{- else -}}
{{- end }}
{{- if isFieldAvailable "Description" }}
{{- abbrev 500 .Vulnerability.Description | escapeCsv }},
{{- else -}}
{{- end }}
{{- if isFieldAvailable "Resolution" }}
{{- if .FixedVersion }}
{{- printf "Update %s to version %s or higher." .PkgName .FixedVersion | escapeCsv }},
{{- else }}
{{- printf "No resolution provided." | escapeCsv }},
{{- end }}
{{- else -}}
{{- end }}
{{- if isFieldAvailable "Reference" }}
{{- .PrimaryURL | escapeCsv }},
{{- else -}}
{{- end }}
{{- if isFieldAvailable "Additional Reference" }}
{{- $reference := false }}
{{- range .References }}
{{- if contains "nvd.nist.gov" . }}
{{- . | escapeCsv }}
{{- $reference = true }}
{{- end }}
{{- end }}
{{- if not $reference }}
{{- printf "" | escapeCsv }}
{{- end }},
{{- else -}}
{{- end }}

Copy link
Owner

@afdesk afdesk Apr 23, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it seems this template was copied from Trivy.
csv-report should implement the single feature.
so we can move any logic to main.go, the template will save the table only.
maybe simple formatting only like printf "%.1f"

main.go Outdated
tempTemplateFileName = "csv-report-template-temp.tpl"
templateFileName = "csv.tpl"
availableFields = []string{"Target", "Vulnerability Class", "Target Type", "Vulnerability ID", "Severity", "PackageName", "Installed Version", "Fixed Version", "Title", "Description", "Resolution", "Reference", "Additional Reference", "CVSS V3 Score", "CVSS V3 Vector"}
availableFlags = []string{"--csv-result", "--delimiter", "--include", "--exclude"}
Copy link
Owner

@afdesk afdesk Apr 23, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's use more specific names for the flags: --csv-delimiter, --csv-include, --csv-exclude

@malikovmm malikovmm requested a review from afdesk April 25, 2023 08:52
nikpivkin
nikpivkin requested changes Apr 26, 2023
View reviewed changes
main.go
if availableFieldsMap["cvss v3 vector"] {
fieldValue := ""
if cvssRh.V3Vector != "" {
fieldValue = cvssNvd.V3Vector
Copy link
Collaborator

@nikpivkin nikpivkin Apr 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here should be the following:

fieldValue = cvssRh.V3Vector

main.go
trivyCommand := os.Args[1 : len(os.Args)-1]
outputFileName := os.Args[len(os.Args)-1]
tempFileName := filepath.Join(os.TempDir(), tempJsonFileName)
trivyCommand := excludePluginFlags(os.Args, availableFlags)[1:]
Copy link
Collaborator

@nikpivkin nikpivkin Apr 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

now the plugin and trivy arguments can be obtained using the package github.com/afdesk/trivy-go-plugin/pkg/common

main.go
tempTemplate, err := getChangedDelimiterTemplate()
if err != nil {
panic(err)
return "", nil
Copy link
Collaborator

@nikpivkin nikpivkin Apr 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is nil returned and not an error?

main.go
if delimiter == "," {
ex, err := os.Executable()
if err != nil {
return "", nil
Copy link
Collaborator

@nikpivkin nikpivkin Apr 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is nil returned and not an error?

main.go
availableFieldsMap[strings.ToLower(name)] = true
}

if includeFlagValue != "" {
Copy link
Collaborator

@nikpivkin nikpivkin Apr 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would simplify this by using a single loop

var include bool
var argValue string
if includeFlagValue != "" {
  include = true
  argValue = includeFlagValue
} else if excludeFlagValue != "" {
  include = false
  argValue = excludeFlagValue
} else {
 return
}

for ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nikpivkin nikpivkin nikpivkin requested changes

@afdesk afdesk Awaiting requested review from afdesk

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: add metrics

3 participants

@malikovmm @afdesk @nikpivkin