fix(api): add type on vulnerabilities (#3269)

sguiheux · yesnault · commit aa188a851568 · 2018-08-28T15:32:20.000Z
diff --git a/contrib/plugins/plugin-clair/clair.go b/contrib/plugins/plugin-clair/clair.go
@@ -99,6 +99,7 @@ func (d ClairPlugin) Run(a plugin.IJob) plugin.Result {
 	report := sdk.VulnerabilityWorkerReport{
 		Vulnerabilities: vulnerabilities,
 		Summary:         summary,
+		Type:            "docker",
 	}
 	if err := plugin.SendVulnerabilityReport(a, report); err != nil {
 		_ = plugin.SendLog(a, "Unable to send report: %s", err)
diff --git a/contrib/plugins/plugin-npm-audit-parser/npm-audit-parser.go b/contrib/plugins/plugin-npm-audit-parser/npm-audit-parser.go
@@ -94,6 +94,7 @@ func (d NpmAuditParserPlugin) Run(j plugin.IJob) plugin.Result {
 
 		}
 	}
+	report.Type = "js"
 	report.Summary = summary
 	if err := plugin.SendVulnerabilityReport(j, report); err != nil {
 		_ = plugin.SendLog(j, "Unable to send report: %s", err)
diff --git a/engine/api/application/application_vunerability.go b/engine/api/application/application_vunerability.go
@@ -9,12 +9,13 @@ import (
 )
 
 // InsertVulnerabilities Insert vulnerabilities
-func InsertVulnerabilities(db gorp.SqlExecutor, vs []sdk.Vulnerability, appID int64) error {
-	if _, err := db.Exec("DELETE FROM application_vulnerability WHERE application_id = $1", appID); err != nil {
+func InsertVulnerabilities(db gorp.SqlExecutor, vs []sdk.Vulnerability, appID int64, t string) error {
+	if _, err := db.Exec("DELETE FROM application_vulnerability WHERE application_id = $1 AND type = $2", appID, t); err != nil {
 		return sdk.WrapError(err, "InsertVulnerability> Unable to remove old vulnerabilities")
 	}
 	for _, v := range vs {
 		v.ApplicationID = appID
+		v.Type = t
 		dbVuln := dbApplicationVulnerability(v)
 		if err := db.Insert(&dbVuln); err != nil {
 			return sdk.WrapError(err, "InsertVulnerability> Unable to insert vulnerabilities")
diff --git a/engine/api/application_vulnerability_test.go b/engine/api/application_vulnerability_test.go
@@ -36,7 +36,7 @@ func Test_postVulnerabilityHandler(t *testing.T) {
 	v := sdk.Vulnerability{}
 	v.ApplicationID = app.ID
 
-	assert.NoError(t, application.InsertVulnerabilities(db, []sdk.Vulnerability{v}, app.ID))
+	assert.NoError(t, application.InsertVulnerabilities(db, []sdk.Vulnerability{v}, app.ID, "docker"))
 
 	vulns, err := application.LoadVulnerabilities(db, app.ID)
 	assert.NoError(t, err)
diff --git a/engine/api/workflow/dao_node_run_vulnerability.go b/engine/api/workflow/dao_node_run_vulnerability.go
@@ -74,7 +74,7 @@ func HandleVulnerabilityReport(ctx context.Context, db gorp.SqlExecutor, cache c
 	// If we are on default branch, save report on application
 	if defaultBranch != "" && defaultBranch == nr.VCSBranch {
 		// Save vulnerabilities
-		if err := application.InsertVulnerabilities(db, currentNodeRunReport.Report.Vulnerabilities, nr.ApplicationID); err != nil {
+		if err := application.InsertVulnerabilities(db, currentNodeRunReport.Report.Vulnerabilities, nr.ApplicationID, workerReport.Type); err != nil {
 			return sdk.WrapError(err, "HandleVulnerabilityReport> Unable to insert vulnerability")
 		}
 	}
@@ -126,7 +126,7 @@ func createNewVulnerabilityReport(db gorp.SqlExecutor, cache cache.Store, proj *
 
 	// If we are on default branch, save report on application
 	if defaultBranch != "" && defaultBranch == nr.VCSBranch {
-		if err := application.InsertVulnerabilities(db, nodeRunReport.Report.Vulnerabilities, nr.ApplicationID); err != nil {
+		if err := application.InsertVulnerabilities(db, nodeRunReport.Report.Vulnerabilities, nr.ApplicationID, workerReport.Type); err != nil {
 			return sdk.WrapError(err, "HandleVulnerabilityReport> Unable to update vulnerability")
 		}
 	}
diff --git a/engine/sql/124_application_vulnerability_type.sql b/engine/sql/124_application_vulnerability_type.sql
@@ -0,0 +1,6 @@
+-- +migrate Up
+TRUNCATE TABLE application_vulnerability;
+ALTER TABLE application_vulnerability ADD COLUMN type VARCHAR(50);
+
+-- +migrate Down
+ALTER TABLE application_vulnerability DROP COLUMN type;
diff --git a/sdk/application_vulnerability.go b/sdk/application_vulnerability.go
@@ -6,6 +6,7 @@ import "strings"
 type VulnerabilityWorkerReport struct {
 	Summary         map[string]int64 `json:"summary"`
 	Vulnerabilities []Vulnerability  `json:"vulnerabilities"`
+	Type            string           `json:"type"`
 }
 
 // Vulnerability represents vulnerabilities on an application
@@ -22,6 +23,7 @@ type Vulnerability struct {
 	Severity      string `json:"severity" db:"severity"`
 	FixIn         string `json:"fix_in" db:"fix_in"`
 	Ignored       bool   `json:"ignored" db:"ignored"`
+	Type          string `json:"type" db:"type"`
 }
 
 const (

Original file line number	Diff line number	Diff line change
`@@ -99,6 +99,7 @@ func (d ClairPlugin) Run(a plugin.IJob) plugin.Result {`
`99`	`99`	`report := sdk.VulnerabilityWorkerReport{`
`100`	`100`	`Vulnerabilities: vulnerabilities,`
`101`	`101`	`Summary: summary,`
	`102`	`+ Type: "docker",`
`102`	`103`	`}`
`103`	`104`	`if err := plugin.SendVulnerabilityReport(a, report); err != nil {`
`104`	`105`	`_ = plugin.SendLog(a, "Unable to send report: %s", err)`
Original file line number	Diff line number	Diff line change
`@@ -94,6 +94,7 @@ func (d NpmAuditParserPlugin) Run(j plugin.IJob) plugin.Result {`
`94`	`94`
`95`	`95`	`}`
`96`	`96`	`}`
	`97`	`+ report.Type = "js"`
`97`	`98`	`report.Summary = summary`
`98`	`99`	`if err := plugin.SendVulnerabilityReport(j, report); err != nil {`
`99`	`100`	`_ = plugin.SendLog(j, "Unable to send report: %s", err)`
Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,7 @@ func HandleVulnerabilityReport(ctx context.Context, db gorp.SqlExecutor, cache c`
`74`	`74`	`// If we are on default branch, save report on application`
`75`	`75`	`if defaultBranch != "" && defaultBranch == nr.VCSBranch {`
`76`	`76`	`// Save vulnerabilities`
`77`		`- if err := application.InsertVulnerabilities(db, currentNodeRunReport.Report.Vulnerabilities, nr.ApplicationID); err != nil {`
	`77`	`+ if err := application.InsertVulnerabilities(db, currentNodeRunReport.Report.Vulnerabilities, nr.ApplicationID, workerReport.Type); err != nil {`
`78`	`78`	`return sdk.WrapError(err, "HandleVulnerabilityReport> Unable to insert vulnerability")`
`79`	`79`	`}`
`80`	`80`	`}`
`@@ -126,7 +126,7 @@ func createNewVulnerabilityReport(db gorp.SqlExecutor, cache cache.Store, proj *`
`126`	`126`
`127`	`127`	`// If we are on default branch, save report on application`
`128`	`128`	`if defaultBranch != "" && defaultBranch == nr.VCSBranch {`
`129`		`- if err := application.InsertVulnerabilities(db, nodeRunReport.Report.Vulnerabilities, nr.ApplicationID); err != nil {`
	`129`	`+ if err := application.InsertVulnerabilities(db, nodeRunReport.Report.Vulnerabilities, nr.ApplicationID, workerReport.Type); err != nil {`
`130`	`130`	`return sdk.WrapError(err, "HandleVulnerabilityReport> Unable to update vulnerability")`
`131`	`131`	`}`
`132`	`132`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ import "strings"`
`6`	`6`	`type VulnerabilityWorkerReport struct {`
`7`	`7`	Summary map[string]int64 `json:"summary"`
`8`	`8`	Vulnerabilities []Vulnerability `json:"vulnerabilities"`
	`9`	+ Type string `json:"type"`
`9`	`10`	`}`
`10`	`11`
`11`	`12`	`// Vulnerability represents vulnerabilities on an application`
`@@ -22,6 +23,7 @@ type Vulnerability struct {`
`22`	`23`	Severity string `json:"severity" db:"severity"`
`23`	`24`	FixIn string `json:"fix_in" db:"fix_in"`
`24`	`25`	Ignored bool `json:"ignored" db:"ignored"`
	`26`	+ Type string `json:"type" db:"type"`
`25`	`27`	`}`
`26`	`28`
`27`	`29`	`const (`