feat(report) : Differences between vulnerability patched items (#1157)

* add plusDiff() and minusDiff() * add plusDiff minusDiff test Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>
2021-02-10 06:55:48 +09:00
parent 1c4f231572
commit 4c04acbd9e
11 changed files with 499 additions and 102 deletions
--- a/models/vulninfos.go
+++ b/models/vulninfos.go
@@ -78,16 +78,22 @@ func (v VulnInfos) CountGroupBySeverity() map[string]int {
 }

 // FormatCveSummary summarize the number of CVEs group by CVSSv2 Severity
-func (v VulnInfos) FormatCveSummary() string {
+func (v VulnInfos) FormatCveSummary() (line string) {
 	m := v.CountGroupBySeverity()
-
 	if config.Conf.IgnoreUnscoredCves {
-		return fmt.Sprintf("Total: %d (Critical:%d High:%d Medium:%d Low:%d)",
+		line = fmt.Sprintf("Total: %d (Critical:%d High:%d Medium:%d Low:%d)",
 			m["High"]+m["Medium"]+m["Low"], m["Critical"], m["High"], m["Medium"], m["Low"])
+	} else {
+		line = fmt.Sprintf("Total: %d (Critical:%d High:%d Medium:%d Low:%d ?:%d)",
+			m["High"]+m["Medium"]+m["Low"]+m["Unknown"],
+			m["Critical"], m["High"], m["Medium"], m["Low"], m["Unknown"])
 	}
-	return fmt.Sprintf("Total: %d (Critical:%d High:%d Medium:%d Low:%d ?:%d)",
-		m["High"]+m["Medium"]+m["Low"]+m["Unknown"],
-		m["Critical"], m["High"], m["Medium"], m["Low"], m["Unknown"])
+
+	if config.Conf.DiffMinus || config.Conf.DiffPlus {
+		nPlus, nMinus := v.CountDiff()
+		line = fmt.Sprintf("%s +%d -%d", line, nPlus, nMinus)
+	}
+	return line
 }

 // FormatFixedStatus summarize the number of cves are fixed.
@@ -105,6 +111,18 @@ func (v VulnInfos) FormatFixedStatus(packs Packages) string {
 	return fmt.Sprintf("%d/%d Fixed", fixed, total)
 }

+// CountDiff counts the number of added/removed CVE-ID
+func (v VulnInfos) CountDiff() (nPlus int, nMinus int) {
+	for _, vInfo := range v {
+		if vInfo.DiffStatus == DiffPlus {
+			nPlus++
+		} else if vInfo.DiffStatus == DiffMinus {
+			nMinus++
+		}
+	}
+	return
+}
+
 // PackageFixStatuses is a list of PackageStatus
 type PackageFixStatuses []PackageFixStatus

@@ -159,8 +177,8 @@ type VulnInfo struct {
 	GitHubSecurityAlerts GitHubSecurityAlerts `json:"gitHubSecurityAlerts,omitempty"`
 	WpPackageFixStats    WpPackageFixStats    `json:"wpPackageFixStats,omitempty"`
 	LibraryFixedIns      LibraryFixedIns      `json:"libraryFixedIns,omitempty"`
-
-	VulnType string `json:"vulnType,omitempty"`
+	VulnType             string               `json:"vulnType,omitempty"`
+	DiffStatus           DiffStatus           `json:"diffStatus,omitempty"`
 }

 // Alert has CERT alert information
@@ -236,6 +254,25 @@ func (g WpPackages) Add(pkg WpPackage) WpPackages {
 	return append(g, pkg)
 }

+// DiffStatus keeps a comparison with the previous detection results for this CVE
+type DiffStatus string
+
+const (
+	// DiffPlus is newly detected CVE
+	DiffPlus = DiffStatus("+")
+
+	// DiffMinus is resolved CVE
+	DiffMinus = DiffStatus("-")
+)
+
+// CveIDDiffFormat format CVE-ID for diff mode
+func (v VulnInfo) CveIDDiffFormat(isDiffMode bool) string {
+	if isDiffMode {
+		return fmt.Sprintf("%s %s", v.DiffStatus, v.CveID)
+	}
+	return fmt.Sprintf("%s", v.CveID)
+}
+
 // Titles returns title (TUI)
 func (v VulnInfo) Titles(lang, myFamily string) (values []CveContentStr) {
 	if lang == "ja" {