1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-16 11:09:33 +02:00
sap-jenkins-library/pkg/protecode/analysis.go
Christopher Fenner b59bac7892
fix(protecode): respect failOnSevereVulnerabilities parameter (#1969)
* fix redundant type issues

* cleanup

* extract report function for protecode package

* use speaking status constant for API results

* remove unconsidered return value

* correct switch statement

* handle severe vulnerabilities

* Apply suggestions from code review

Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>

* correct test name

* return errors from WriteReport function

* expose ReportData struct

* set Error Category

* refactor constant visibility

* change type name

* describe type

* change type name

* fail after report generation

* do not fail on report write errors

* add error as return value

* fix typo

* use require statements

* assert major vulnerabilities

Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
2020-09-02 10:41:12 +02:00

41 lines
1.1 KiB
Go

package protecode
import "strconv"
const (
vulnerabilitySeverityThreshold = 7.0
)
//HasFailed checks the return status of the provided result
func HasFailed(result ResultData) bool {
//TODO: check this in PollForResult and return error once
return len(result.Result.Status) > 0 && result.Result.Status == statusFailed
}
//HasSevereVulnerabilities checks if any non-historic, non-triaged, non-excluded vulnerability has a CVSS score above the defined threshold
func HasSevereVulnerabilities(result Result, excludeCVEs string) bool {
for _, component := range result.Components {
for _, vulnerability := range component.Vulns {
if isSevere(vulnerability) &&
!isTriaged(vulnerability) &&
!isExcluded(vulnerability, excludeCVEs) &&
isExact(vulnerability) {
return true
}
}
}
return false
}
func isSevere(vulnerability Vulnerability) bool {
cvss3, _ := strconv.ParseFloat(vulnerability.Vuln.Cvss3Score, 64)
if cvss3 >= vulnerabilitySeverityThreshold {
return true
}
// CVSS v3 not set, fallback to CVSS v2
if cvss3 == 0 && vulnerability.Vuln.Cvss >= vulnerabilitySeverityThreshold {
return true
}
return false
}