15254 oval scan err (#15499)

This commit is contained in:
Tim Lee 2023-12-14 10:39:28 -07:00 committed by GitHub
parent c326a496e5
commit 27073720c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 25 additions and 11 deletions

View File

@ -0,0 +1 @@
- resolved scan error during oval vulnerability processing

View File

@ -553,9 +553,9 @@ func testSoftwareList(t *testing.T, ds *Datastore) {
})
vulns := []fleet.SoftwareVulnerability{
{SoftwareID: host1.Software[0].ID, CVE: "CVE-2022-0001", ResolvedInVersion: "2.0.0"},
{SoftwareID: host1.Software[0].ID, CVE: "CVE-2022-0002", ResolvedInVersion: "2.0.0"},
{SoftwareID: host3.Software[0].ID, CVE: "CVE-2022-0003", ResolvedInVersion: "2.0.0"},
{SoftwareID: host1.Software[0].ID, CVE: "CVE-2022-0001", ResolvedInVersion: ptr.String("2.0.0")},
{SoftwareID: host1.Software[0].ID, CVE: "CVE-2022-0002", ResolvedInVersion: ptr.String("2.0.0")},
{SoftwareID: host3.Software[0].ID, CVE: "CVE-2022-0003", ResolvedInVersion: ptr.String("2.0.0")},
}
for _, v := range vulns {
@ -1864,19 +1864,31 @@ func testInsertSoftwareVulnerability(t *testing.T, ds *Datastore) {
vuln := fleet.SoftwareVulnerability{
SoftwareID: host.Software[0].ID,
CVE: "cve-3",
ResolvedInVersion: "1.2.3",
ResolvedInVersion: ptr.String("1.2.3"),
}
inserted, err := ds.InsertSoftwareVulnerability(ctx, vuln, fleet.UbuntuOVALSource)
require.NoError(t, err)
require.True(t, inserted)
// vulnerability with no ResolvedInVersion
vuln = fleet.SoftwareVulnerability{
SoftwareID: host.Software[0].ID,
CVE: "cve-4",
}
inserted, err = ds.InsertSoftwareVulnerability(ctx, vuln, fleet.UbuntuOVALSource)
require.NoError(t, err)
require.True(t, inserted)
storedVulns, err := ds.ListSoftwareVulnerabilitiesByHostIDsSource(ctx, []uint{host.ID}, fleet.UbuntuOVALSource)
require.NoError(t, err)
require.Len(t, storedVulns[host.ID], 1)
require.Len(t, storedVulns[host.ID], 2)
require.Equal(t, "cve-3", storedVulns[host.ID][0].CVE)
require.Equal(t, "1.2.3", storedVulns[host.ID][0].ResolvedInVersion)
require.Equal(t, "1.2.3", *storedVulns[host.ID][0].ResolvedInVersion)
require.Equal(t, "cve-4", storedVulns[host.ID][1].CVE)
require.Nil(t, storedVulns[host.ID][1].ResolvedInVersion)
})
}

View File

@ -49,9 +49,9 @@ type SoftwareCPE struct {
// SoftwareVulnerability is a vulnerability on a software.
// Represents an entry in the `software_cve` table.
type SoftwareVulnerability struct {
SoftwareID uint `db:"software_id"`
CVE string `db:"cve"`
ResolvedInVersion string `db:"resolved_in_version"`
SoftwareID uint `db:"software_id"`
CVE string `db:"cve"`
ResolvedInVersion *string `db:"resolved_in_version"`
}
// String implements fmt.Stringer.

View File

@ -3415,7 +3415,7 @@ func (s *integrationEnterpriseTestSuite) TestListSoftware() {
ctx, fleet.SoftwareVulnerability{
SoftwareID: bar.ID,
CVE: "cve-123",
ResolvedInVersion: "1.2.3",
ResolvedInVersion: ptr.String("1.2.3"),
}, fleet.NVDSource,
)
require.NoError(t, err)

View File

@ -22,6 +22,7 @@ import (
"github.com/facebookincubator/nvdtools/wfn"
"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/fleetdm/fleet/v4/server/ptr"
nvdsync "github.com/fleetdm/fleet/v4/server/vulnerabilities/nvd/sync"
"github.com/go-kit/log"
kitlog "github.com/go-kit/log"
@ -322,7 +323,7 @@ func checkCVEs(
vuln := fleet.SoftwareVulnerability{
SoftwareID: softwareCPE.SoftwareID,
CVE: matches.CVE.ID(),
ResolvedInVersion: resolvedVersion,
ResolvedInVersion: ptr.String(resolvedVersion),
}
mu.Lock()