mirror of
https://github.com/SAP/jenkins-library.git
synced 2024-12-16 11:09:33 +02:00
b59bac7892
* fix redundant type issues * cleanup * extract report function for protecode package * use speaking status constant for API results * remove unconsidered return value * correct switch statement * handle severe vulnerabilities * Apply suggestions from code review Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com> * correct test name * return errors from WriteReport function * expose ReportData struct * set Error Category * refactor constant visibility * change type name * describe type * change type name * fail after report generation * do not fail on report write errors * add error as return value * fix typo * use require statements * assert major vulnerabilities Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
41 lines
1.1 KiB
Go
41 lines
1.1 KiB
Go
package protecode
|
|
|
|
import "strconv"
|
|
|
|
const (
|
|
vulnerabilitySeverityThreshold = 7.0
|
|
)
|
|
|
|
//HasFailed checks the return status of the provided result
|
|
func HasFailed(result ResultData) bool {
|
|
//TODO: check this in PollForResult and return error once
|
|
return len(result.Result.Status) > 0 && result.Result.Status == statusFailed
|
|
}
|
|
|
|
//HasSevereVulnerabilities checks if any non-historic, non-triaged, non-excluded vulnerability has a CVSS score above the defined threshold
|
|
func HasSevereVulnerabilities(result Result, excludeCVEs string) bool {
|
|
for _, component := range result.Components {
|
|
for _, vulnerability := range component.Vulns {
|
|
if isSevere(vulnerability) &&
|
|
!isTriaged(vulnerability) &&
|
|
!isExcluded(vulnerability, excludeCVEs) &&
|
|
isExact(vulnerability) {
|
|
return true
|
|
}
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func isSevere(vulnerability Vulnerability) bool {
|
|
cvss3, _ := strconv.ParseFloat(vulnerability.Vuln.Cvss3Score, 64)
|
|
if cvss3 >= vulnerabilitySeverityThreshold {
|
|
return true
|
|
}
|
|
// CVSS v3 not set, fallback to CVSS v2
|
|
if cvss3 == 0 && vulnerability.Vuln.Cvss >= vulnerabilitySeverityThreshold {
|
|
return true
|
|
}
|
|
return false
|
|
}
|