diff --git a/Makefile b/Makefile index 8e90db12..29e51e38 100644 --- a/Makefile +++ b/Makefile @@ -141,4 +141,13 @@ test/lint/golangci-lint/run: prep/tools .PHONY: test/lint/golangci-lint/run/new test/lint/golangci-lint/run/new: prep/tools golangci-lint --version - golangci-lint run --timeout 10m --config .github/.golangci.yml --new-from-rev $(shell git log -n 1 origin/main --pretty=format:"%H") \ No newline at end of file + golangci-lint run --timeout 10m --config .github/.golangci.yml --new-from-rev $(shell git log -n 1 origin/main --pretty=format:"%H") + +license: license/headers/check + +license/headers/check: + copywrite headers --plan + +license/headers/apply: + copywrite headers + diff --git a/apps/cnspec/cmd/vuln.go b/apps/cnspec/cmd/vuln.go index 5a5a07ea..a3fbf5a5 100644 --- a/apps/cnspec/cmd/vuln.go +++ b/apps/cnspec/cmd/vuln.go @@ -143,10 +143,15 @@ var vulnCmdRun = func(cmd *cobra.Command, runtime *providers.Runtime, cliRes *pl } platform := runtime.Provider.Connection.GetAsset().GetPlatform() + family := []*mondoogql.String{} + for _, f := range platform.Family { + family = append(family, mondoogql.NewStringPtr(mondoogql.String(f))) + } inputPlatform := mondoogql.PlatformInput{ Name: mondoogql.NewStringPtr(mondoogql.String(platform.Name)), Release: mondoogql.NewStringPtr(mondoogql.String(platform.Version)), Build: mondoogql.NewStringPtr(mondoogql.String(platform.Build)), + Family: &family, } inputLabels := []*mondoogql.KeyValueInput{} for k := range platform.Labels { @@ -156,10 +161,7 @@ var vulnCmdRun = func(cmd *cobra.Command, runtime *providers.Runtime, cliRes *pl }) } inputPlatform.Labels = &inputLabels - gqlVulnReport, err := mondooClient.GetIncognitoVulnReport(mondoogql.PlatformInput{ - Name: mondoogql.NewStringPtr(mondoogql.String(platform.Name)), - Release: mondoogql.NewStringPtr(mondoogql.String(platform.Version)), - }, gqlPackages) + gqlVulnReport, err := mondooClient.GetIncognitoVulnReport(inputPlatform, gqlPackages) if err != nil { log.Error().Err(err).Msg("could not load advisory report") return diff --git a/cli/components/advisories/report.go b/cli/components/advisories/report.go index 7b9cf5ee..267271de 100644 --- a/cli/components/advisories/report.go +++ b/cli/components/advisories/report.go @@ -207,9 +207,10 @@ func findVulnerablePackageWithoutNamespace(advisory *mvd.Advisory, installedPkg var match *mvd.Package for i := range advisory.Fixed { if advisory.Fixed[i].Name == installedPkg.Name || advisory.Fixed[i].Name == installedPkg.Origin { + // This currently works under the assumption, that the highest version is the last one in the list + // To not re-apply all the version comparison here, we ensure the orderning in the upstream data match = advisory.Fixed[i] - return match } } - return nil + return match } diff --git a/cli/components/advisories/report_test.go b/cli/components/advisories/report_test.go new file mode 100644 index 00000000..c34bbf05 --- /dev/null +++ b/cli/components/advisories/report_test.go @@ -0,0 +1,30 @@ +// Copyright (c) Mondoo, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package advisories + +import ( + "testing" + + "github.com/stretchr/testify/require" + "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream/mvd" +) + +func TestFindVulnerablePackageWithoutNamespace(t *testing.T) { + advisory := &mvd.Advisory{ + Fixed: []*mvd.Package{ + {Name: "pkg1", Version: "1.0.0"}, + {Name: "pkg2", Version: "2.0.0"}, + {Name: "pkg2", Version: "3.0.0"}, + {Name: "pkg3", Version: "3.0.0"}, + }, + } + + installedPkg := &mvd.Package{Name: "pkg2", Version: "2.0.0"} + + match := findVulnerablePackageWithoutNamespace(advisory, installedPkg) + + require.NotNil(t, match) + require.Equal(t, "pkg2", match.Name) + require.Equal(t, "3.0.0", match.Version) +}