Skip to content

Commit

Permalink
Fix: Inspector reports should link to CVEs (#6557)
Browse files Browse the repository at this point in the history
  • Loading branch information
@achave11-ucsc
achave11-ucsc committed Sep 11, 2024
1 parent 6e66a5b commit 255666c
Showing 1 changed file with 19 additions and 7 deletions.
26 changes: 19 additions & 7 deletions scripts/export_inspector_findings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@
import logging
import sys

from furl import (
furl,
)

from azul.args import (
AzulArgumentHelpFormatter,
)
Expand Down Expand Up @@ -115,11 +119,13 @@ def main(self) -> None:
if self.args.json:
self.dump_to_json(findings)
parsed_findings = defaultdict(list)
vulnerability_links = defaultdict(furl)
for finding in findings:
vulnerability, summary = self.parse_finding(finding)
vulnerability, source_url, summary = self.parse_finding(finding)
vulnerability_links[vulnerability].url = source_url
parsed_findings[vulnerability].append(summary)
log.info('Found %i unique vulnerabilities', len(parsed_findings))
self.write_to_csv(parsed_findings)
self.write_to_csv(parsed_findings, vulnerability_links)
log.info('Done.')

def dump_to_json(self, findings: JSONs) -> None:
Expand All @@ -128,7 +134,7 @@ def dump_to_json(self, findings: JSONs) -> None:
with open(output_file_name, 'w') as f:
json.dump({'findings': findings}, f, default=str, indent=4)

def parse_finding(self, finding: JSON) -> tuple[str, SummaryType]:
def parse_finding(self, finding: JSON) -> tuple[str, str, SummaryType]:
severity = finding['severity']
# The vulnerabilityId is usually a substring of the finding title (e.g.
# "CVE-2023-44487" vs"CVE-2023-44487 - google.golang.org/grpc,
Expand All @@ -139,6 +145,7 @@ def parse_finding(self, finding: JSON) -> tuple[str, SummaryType]:
assert len(finding['resources']) == 1, finding
resource = finding['resources'][0]
resource_type = resource['type']
source_url = finding['packageVulnerabilityDetails']['sourceUrl']
summary = {
'severity': severity,
'resource_type': resource_type,
Expand All @@ -158,7 +165,7 @@ def parse_finding(self, finding: JSON) -> tuple[str, SummaryType]:
self.instances.add(instance)
else:
assert False, resource
return vulnerability, summary
return vulnerability, source_url, summary

def column_alpha(self, col: int) -> str:
assert col > 0, col
Expand All @@ -174,7 +181,9 @@ def findings_sort(self, item: tuple[str, list[SummaryType]]) -> tuple[int, str]:
score += count * weights.get(summary['severity'], 0)
return score, item[0]

def write_to_csv(self, findings: dict[str, list[SummaryType]]) -> None:
def write_to_csv(self,
findings: dict[str, list[SummaryType]],
vulnerability_links: dict[str, furl]) -> None:
titles = [
'Vulnerability',
'Severity',
Expand All @@ -186,7 +195,8 @@ def write_to_csv(self, findings: dict[str, list[SummaryType]]) -> None:
lookup = dict(zip(titles, range(len(titles))))

rows = [titles]
for vulnerability, summaries in sorted(findings.items(),
findings_vuln_sorted = {vuln: findings[vuln] for vuln in sorted(findings)}
for vulnerability, summaries in sorted(findings_vuln_sorted.items(),
key=self.findings_sort,
reverse=True):
# A mapping of column index to abbreviated severity value
Expand All @@ -198,7 +208,9 @@ def write_to_csv(self, findings: dict[str, list[SummaryType]]) -> None:
row_num = len(rows) + 1
col_range = f'C{row_num}:{last_col}{row_num}'
severity_formula = f'=(COUNTIF({col_range},"C")*10)+(COUNTIF({col_range},"H"))'
row = [vulnerability, severity_formula]
url = vulnerability_links[vulnerability].url
vulnerability_hyperlink = f'=HYPERLINK("{url}","{vulnerability}")'
row = [vulnerability_hyperlink, severity_formula]
for column_index in range(len(row), len(titles) + 1):
row.append(column_values.get(column_index, ''))
rows.append(row)
Expand Down

0 comments on commit 255666c

Please sign in to comment.