Add EPSS score in lookup vulnerabilities api (#2294)

deepfence · Sep 2, 2024 · 24577dc · 24577dc
1 parent dbadcb0
commit 24577dc
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/deepfence_server/model/scans.go b/deepfence_server/model/scans.go
@@ -376,6 +376,8 @@ type Vulnerability struct {
 	Resources              []BasicNode `json:"resources" required:"false"`
 	RuleID                 string      `json:"rule_id" required:"true"`
 	Namespace              string      `json:"namespace" required:"true"`
+	CISAKEV                bool        `json:"cisa_kev" required:"true"`
+	EPSSScore              float64     `json:"epss_score" required:"true"`
 }
 
 func (Vulnerability) NodeType() string {

diff --git a/deepfence_utils/threatintel/vulndb.go b/deepfence_utils/threatintel/vulndb.go
@@ -569,7 +569,7 @@ func saveVulnerabilityRulesInNeo4j(ctx context.Context, vulnerabilityRules []map
 	session := driver.NewSession(ctx, neo4j.SessionConfig{AccessMode: neo4j.AccessModeWrite})
 	defer session.Close(ctx)
 
-	tx, err := session.BeginTransaction(ctx, neo4j.WithTxTimeout(30*time.Second))
+	tx, err := session.BeginTransaction(ctx, neo4j.WithTxTimeout(600*time.Second))
 	if err != nil {
 		log.Error().Msg(err.Error())
 		return err

diff --git a/deepfence_worker/ingesters/vulnerabilites.go b/deepfence_worker/ingesters/vulnerabilites.go
@@ -43,7 +43,7 @@ func CommitFuncVulnerabilities(ctx context.Context, ns string, data []ingestersU
 	res, err := tx.Run(ctx, `
 		UNWIND $batch as row WITH row.data as data
 		MATCH (v:VulnerabilityStub{node_id:data.cve_id})
-		RETURN v.package_names, v.namespaces, v.cve_types, v.cve_attack_vectors, v.cve_fixed_ins, v.cve_cvss_scores, v.parsed_attack_vectors`,
+		RETURN v.package_names, v.namespaces, v.cve_types, v.cve_attack_vectors, v.cve_fixed_ins, v.cve_cvss_scores, v.parsed_attack_vectors, v.cisa_kev, v.epss_score`,
 		map[string]interface{}{"batch": dataMap})
 	if err != nil {
 		log.Error().Msgf(err.Error())
@@ -64,13 +64,17 @@ func CommitFuncVulnerabilities(ctx context.Context, ns string, data []ingestersU
 		cve_fixed_ins := rec.Values[4].([]any)
 		cve_cvss_scores := rec.Values[5].([]any)
 		parsed_attack_vectors := rec.Values[6].([]any)
+		cisa_kev := rec.Values[7].(bool)
+		epss_score := rec.Values[8].(any)
 
 		data := dataMap[i]["data"].(map[string]any)
 		data["cve_type"] = cve_types[0]
 		data["cve_attack_vector"] = cve_attack_vectors[0]
 		data["cve_fixed_in"] = cve_fixed_ins[0]
 		data["cve_cvss_score"] = cve_cvss_scores[0]
 		data["parsed_attack_vector"] = parsed_attack_vectors[0]
+		data["cisa_kev"] = cisa_kev
+		data["epss_score"] = epss_score
 		for j := range package_names {
 			if data["cve_caused_by_package"].(string) == package_names[j].(string) {
 				if data["namespace"].(string) == namespaces[j].(string) {