From 01c8da68ed36a423b9fd78c5cec1aa4a85b86639 Mon Sep 17 00:00:00 2001
From: ashish sonam <ashishsonam@devtron.ai>
Date: Thu, 25 Apr 2024 16:56:15 +0530
Subject: [PATCH 1/5] fix

---
 pkg/security/ImageScanService.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/pkg/security/ImageScanService.go b/pkg/security/ImageScanService.go
index 4ea46968..b4775c0e 100644
--- a/pkg/security/ImageScanService.go
+++ b/pkg/security/ImageScanService.go
@@ -396,6 +396,7 @@ func (impl *ImageScanServiceImpl) ConvertEndStepOutputAndSaveVulnerabilities(ste
 
 	allCvesMap := make([]*repository.CveStore, 0, len(vulnerabilities))
 	cvesToBeSaved := make([]*repository.CveStore, 0, len(vulnerabilities))
+	cvesToBeUpdated := make([]*repository.CveStore, 0, len(vulnerabilities))
 	uniqueVulnerabilityMap := make(map[string]*bean.ImageScanOutputObject)
 	allCvesNames := make([]string, 0, len(vulnerabilities))
 	for _, vul := range vulnerabilities {
@@ -423,10 +424,18 @@ func (impl *ImageScanServiceImpl) ConvertEndStepOutputAndSaveVulnerabilities(ste
 	}
 	for _, vul := range uniqueVulnerabilityMap {
 		var cve *repository.CveStore
+		hasCVEInfoChanged := false
 		if val, ok := allSavedCvesMap[vul.Name]; ok {
+			lowerCaseSeverity := bean.ConvertToLowerCase(vul.Severity)
+			severityInDevtron := bean.ConvertToSeverityUtility(lowerCaseSeverity)
+			// check if some info has changed in cve
+			if vul.Package != val.Package || vul.FixedInVersion != val.FixedVersion || severityInDevtron != val.Severity {
+				hasCVEInfoChanged = true
+				cvesToBeUpdated = append(cvesToBeUpdated, val)
+			}
 			cve = val
 		}
-		if cve == nil {
+		if cve == nil || hasCVEInfoChanged {
 			cve = &repository.CveStore{
 				Name:         vul.Name,
 				Package:      vul.Package,

From 4961ebe30f776fa0644f93e991be3502b4944a8a Mon Sep 17 00:00:00 2001
From: ashish sonam <ashishsonam@devtron.ai>
Date: Thu, 25 Apr 2024 17:26:03 +0530
Subject: [PATCH 2/5] fix

---
 internal/sql/repository/CveStoreRepository.go |  5 +++++
 pkg/security/ImageScanService.go              | 10 +++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/internal/sql/repository/CveStoreRepository.go b/internal/sql/repository/CveStoreRepository.go
index a05bdbb8..f35aac15 100644
--- a/internal/sql/repository/CveStoreRepository.go
+++ b/internal/sql/repository/CveStoreRepository.go
@@ -25,6 +25,7 @@ type CveStoreRepository interface {
 	FindByCveNames(names []string) ([]*CveStore, error)
 	FindByName(name string) (*CveStore, error)
 	Update(model *CveStore) error
+	UpdateInBatch(models []*CveStore, tx *pg.Tx) error
 }
 
 type CveStoreRepositoryImpl struct {
@@ -75,3 +76,7 @@ func (impl CveStoreRepositoryImpl) Update(team *CveStore) error {
 	err := impl.dbConnection.Update(team)
 	return err
 }
+
+func (impl CveStoreRepositoryImpl) UpdateInBatch(models []*CveStore, tx *pg.Tx) error {
+	return tx.Update(&models)
+}
diff --git a/pkg/security/ImageScanService.go b/pkg/security/ImageScanService.go
index b4775c0e..3bcdfb1d 100644
--- a/pkg/security/ImageScanService.go
+++ b/pkg/security/ImageScanService.go
@@ -432,8 +432,9 @@ func (impl *ImageScanServiceImpl) ConvertEndStepOutputAndSaveVulnerabilities(ste
 			if vul.Package != val.Package || vul.FixedInVersion != val.FixedVersion || severityInDevtron != val.Severity {
 				hasCVEInfoChanged = true
 				cvesToBeUpdated = append(cvesToBeUpdated, val)
+			} else {
+				cve = val
 			}
-			cve = val
 		}
 		if cve == nil || hasCVEInfoChanged {
 			cve = &repository.CveStore{
@@ -477,6 +478,13 @@ func (impl *ImageScanServiceImpl) ConvertEndStepOutputAndSaveVulnerabilities(ste
 			return err
 		}
 	}
+	if len(cvesToBeUpdated) > 0 {
+		err = impl.cveStoreRepository.UpdateInBatch(cvesToBeUpdated, tx)
+		if err != nil {
+			impl.logger.Errorw("error in updating cves in batch", "err", err)
+			return err
+		}
+	}
 	if len(imageScanExecutionResults) > 0 {
 		err = impl.scanResultRepository.SaveInBatch(imageScanExecutionResults, tx)
 		if err != nil {

From ddae4149d8ef824884cff1da274604076538ae45 Mon Sep 17 00:00:00 2001
From: ashish sonam <ashishsonam@devtron.ai>
Date: Thu, 25 Apr 2024 17:58:33 +0530
Subject: [PATCH 3/5] fixed and refactor

---
 pkg/security/ImageScanService.go | 61 ++++++++++++++++++--------------
 1 file changed, 35 insertions(+), 26 deletions(-)

diff --git a/pkg/security/ImageScanService.go b/pkg/security/ImageScanService.go
index 3bcdfb1d..d7575e69 100644
--- a/pkg/security/ImageScanService.go
+++ b/pkg/security/ImageScanService.go
@@ -187,25 +187,25 @@ func (impl *ImageScanServiceImpl) RegisterScanExecutionHistoryAndState(scanEvent
 		return nil, executionHistoryDirPath, err
 	}
 	// creating folder for storing all details if not exist
-	isExist, err := DoesFileExist(bean.ScanOutputDirectory)
-	if err != nil {
-		impl.logger.Errorw("error in checking if scan output directory exist ", "err", err)
-		return nil, executionHistoryDirPath, err
-	}
-	if !isExist {
-		err = os.Mkdir(bean.ScanOutputDirectory, commonUtil.DefaultFileCreatePermission)
-		if err != nil && !os.IsExist(err) {
-			impl.logger.Errorw("error in creating Output directory", "err", err, "toolId", tool.Id, "executionHistoryDir", executionHistoryDirPath)
-			return nil, executionHistoryDirPath, err
-		}
-	}
+	//isExist, err := DoesFileExist(bean.ScanOutputDirectory)
+	//if err != nil {
+	//	impl.logger.Errorw("error in checking if scan output directory exist ", "err", err)
+	//	return nil, executionHistoryDirPath, err
+	//}
+	//if !isExist {
+	//	err = os.Mkdir(bean.ScanOutputDirectory, commonUtil.DefaultFileCreatePermission)
+	//	if err != nil && !os.IsExist(err) {
+	//		impl.logger.Errorw("error in creating Output directory", "err", err, "toolId", tool.Id, "executionHistoryDir", executionHistoryDirPath)
+	//		return nil, executionHistoryDirPath, err
+	//	}
+	//}
 	// creating folder for storing output data for this execution history data
-	executionHistoryDirPath = impl.createFolderForOutputData(executionHistoryModel.Id)
-	err = os.Mkdir(executionHistoryDirPath, commonUtil.DefaultFileCreatePermission)
-	if err != nil && !os.IsExist(err) {
-		impl.logger.Errorw("error in creating executionHistory directory", "err", err, "executionHistoryId", executionHistoryModel.Id)
-		return nil, executionHistoryDirPath, err
-	}
+	//executionHistoryDirPath = impl.createFolderForOutputData(executionHistoryModel.Id)
+	//err = os.Mkdir(executionHistoryDirPath, commonUtil.DefaultFileCreatePermission)
+	//if err != nil && !os.IsExist(err) {
+	//	impl.logger.Errorw("error in creating executionHistory directory", "err", err, "executionHistoryId", executionHistoryModel.Id)
+	//	return nil, executionHistoryDirPath, err
+	//}
 	executionHistoryMappingModel := &repository.ScanToolExecutionHistoryMapping{
 		ImageScanExecutionHistoryId: executionHistoryModel.Id,
 		ScanToolId:                  tool.Id,
@@ -424,15 +424,10 @@ func (impl *ImageScanServiceImpl) ConvertEndStepOutputAndSaveVulnerabilities(ste
 	}
 	for _, vul := range uniqueVulnerabilityMap {
 		var cve *repository.CveStore
-		hasCVEInfoChanged := false
+		var hasCVEInfoChanged bool
 		if val, ok := allSavedCvesMap[vul.Name]; ok {
-			lowerCaseSeverity := bean.ConvertToLowerCase(vul.Severity)
-			severityInDevtron := bean.ConvertToSeverityUtility(lowerCaseSeverity)
-			// check if some info has changed in cve
-			if vul.Package != val.Package || vul.FixedInVersion != val.FixedVersion || severityInDevtron != val.Severity {
-				hasCVEInfoChanged = true
-				cvesToBeUpdated = append(cvesToBeUpdated, val)
-			} else {
+			hasCVEInfoChanged = checkIfCveInfoHasChanged(val, vul)
+			if !hasCVEInfoChanged {
 				cve = val
 			}
 		}
@@ -450,6 +445,10 @@ func (impl *ImageScanServiceImpl) ConvertEndStepOutputAndSaveVulnerabilities(ste
 			cve.CreatedBy = userId
 			cve.UpdatedOn = time.Now()
 			cve.UpdatedBy = userId
+		}
+		if hasCVEInfoChanged {
+			cvesToBeUpdated = append(cvesToBeUpdated, cve)
+		} else {
 			cvesToBeSaved = append(cvesToBeSaved, cve)
 		}
 		allCvesMap = append(allCvesMap, cve)
@@ -500,6 +499,16 @@ func (impl *ImageScanServiceImpl) ConvertEndStepOutputAndSaveVulnerabilities(ste
 	return nil
 }
 
+func checkIfCveInfoHasChanged(oldCve *repository.CveStore, newCve *bean.ImageScanOutputObject) bool {
+	lowerCaseSeverity := bean.ConvertToLowerCase(newCve.Severity)
+	severityInDevtron := bean.ConvertToSeverityUtility(lowerCaseSeverity)
+	// check if some info (like severity) has changed in cve
+	if newCve.Package != oldCve.Package || newCve.FixedInVersion != oldCve.FixedVersion || severityInDevtron != oldCve.Severity {
+		return true
+	}
+	return false
+}
+
 func isV1Template(resultDescriptorTemplate string) bool {
 	var mappings []bean.Mapping
 	err := json.Unmarshal([]byte(resultDescriptorTemplate), &mappings)

From 17dc83cbf0b9d90fb58a06cdc08c30ad47eded6f Mon Sep 17 00:00:00 2001
From: ashish sonam <ashishsonam@devtron.ai>
Date: Thu, 25 Apr 2024 18:01:21 +0530
Subject: [PATCH 4/5] removed comment

---
 pkg/security/ImageScanService.go | 36 ++++++++++++++++----------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/pkg/security/ImageScanService.go b/pkg/security/ImageScanService.go
index d7575e69..550df122 100644
--- a/pkg/security/ImageScanService.go
+++ b/pkg/security/ImageScanService.go
@@ -187,25 +187,25 @@ func (impl *ImageScanServiceImpl) RegisterScanExecutionHistoryAndState(scanEvent
 		return nil, executionHistoryDirPath, err
 	}
 	// creating folder for storing all details if not exist
-	//isExist, err := DoesFileExist(bean.ScanOutputDirectory)
-	//if err != nil {
-	//	impl.logger.Errorw("error in checking if scan output directory exist ", "err", err)
-	//	return nil, executionHistoryDirPath, err
-	//}
-	//if !isExist {
-	//	err = os.Mkdir(bean.ScanOutputDirectory, commonUtil.DefaultFileCreatePermission)
-	//	if err != nil && !os.IsExist(err) {
-	//		impl.logger.Errorw("error in creating Output directory", "err", err, "toolId", tool.Id, "executionHistoryDir", executionHistoryDirPath)
-	//		return nil, executionHistoryDirPath, err
-	//	}
-	//}
+	isExist, err := DoesFileExist(bean.ScanOutputDirectory)
+	if err != nil {
+		impl.logger.Errorw("error in checking if scan output directory exist ", "err", err)
+		return nil, executionHistoryDirPath, err
+	}
+	if !isExist {
+		err = os.Mkdir(bean.ScanOutputDirectory, commonUtil.DefaultFileCreatePermission)
+		if err != nil && !os.IsExist(err) {
+			impl.logger.Errorw("error in creating Output directory", "err", err, "toolId", tool.Id, "executionHistoryDir", executionHistoryDirPath)
+			return nil, executionHistoryDirPath, err
+		}
+	}
 	// creating folder for storing output data for this execution history data
-	//executionHistoryDirPath = impl.createFolderForOutputData(executionHistoryModel.Id)
-	//err = os.Mkdir(executionHistoryDirPath, commonUtil.DefaultFileCreatePermission)
-	//if err != nil && !os.IsExist(err) {
-	//	impl.logger.Errorw("error in creating executionHistory directory", "err", err, "executionHistoryId", executionHistoryModel.Id)
-	//	return nil, executionHistoryDirPath, err
-	//}
+	executionHistoryDirPath = impl.createFolderForOutputData(executionHistoryModel.Id)
+	err = os.Mkdir(executionHistoryDirPath, commonUtil.DefaultFileCreatePermission)
+	if err != nil && !os.IsExist(err) {
+		impl.logger.Errorw("error in creating executionHistory directory", "err", err, "executionHistoryId", executionHistoryModel.Id)
+		return nil, executionHistoryDirPath, err
+	}
 	executionHistoryMappingModel := &repository.ScanToolExecutionHistoryMapping{
 		ImageScanExecutionHistoryId: executionHistoryModel.Id,
 		ScanToolId:                  tool.Id,

From ca358cd1fac7164f244058cabeb0a3274b4cabb2 Mon Sep 17 00:00:00 2001
From: ashish sonam <ashishsonam@devtron.ai>
Date: Thu, 25 Apr 2024 19:32:27 +0530
Subject: [PATCH 5/5] refactor

---
 internal/sql/repository/CveStoreRepository.go |  8 +++++-
 pkg/security/ImageScanService.go              | 25 ++++++++++---------
 2 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/internal/sql/repository/CveStoreRepository.go b/internal/sql/repository/CveStoreRepository.go
index f35aac15..d1472638 100644
--- a/internal/sql/repository/CveStoreRepository.go
+++ b/internal/sql/repository/CveStoreRepository.go
@@ -78,5 +78,11 @@ func (impl CveStoreRepositoryImpl) Update(team *CveStore) error {
 }
 
 func (impl CveStoreRepositoryImpl) UpdateInBatch(models []*CveStore, tx *pg.Tx) error {
-	return tx.Update(&models)
+	for _, val := range models {
+		err := tx.Update(val)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
 }
diff --git a/pkg/security/ImageScanService.go b/pkg/security/ImageScanService.go
index 550df122..57519ee5 100644
--- a/pkg/security/ImageScanService.go
+++ b/pkg/security/ImageScanService.go
@@ -425,11 +425,10 @@ func (impl *ImageScanServiceImpl) ConvertEndStepOutputAndSaveVulnerabilities(ste
 	for _, vul := range uniqueVulnerabilityMap {
 		var cve *repository.CveStore
 		var hasCVEInfoChanged bool
-		if val, ok := allSavedCvesMap[vul.Name]; ok {
-			hasCVEInfoChanged = checkIfCveInfoHasChanged(val, vul)
-			if !hasCVEInfoChanged {
-				cve = val
-			}
+		existingCve, ok := allSavedCvesMap[vul.Name]
+		if ok {
+			hasCVEInfoChanged = checkIfCveInfoHasChanged(existingCve, vul)
+			cve = existingCve
 		}
 		if cve == nil || hasCVEInfoChanged {
 			cve = &repository.CveStore{
@@ -441,15 +440,17 @@ func (impl *ImageScanServiceImpl) ConvertEndStepOutputAndSaveVulnerabilities(ste
 			lowerCaseSeverity := bean.ConvertToLowerCase(vul.Severity)
 			cve.Severity = bean.ConvertToSeverityUtility(lowerCaseSeverity)
 			cve.StandardSeverity = bean.ConvertToStandardSeverityUtility(lowerCaseSeverity)
-			cve.CreatedOn = time.Now()
-			cve.CreatedBy = userId
 			cve.UpdatedOn = time.Now()
 			cve.UpdatedBy = userId
-		}
-		if hasCVEInfoChanged {
-			cvesToBeUpdated = append(cvesToBeUpdated, cve)
-		} else {
-			cvesToBeSaved = append(cvesToBeSaved, cve)
+			if hasCVEInfoChanged {
+				cve.CreatedOn = existingCve.CreatedOn
+				cve.CreatedBy = existingCve.CreatedBy
+				cvesToBeUpdated = append(cvesToBeUpdated, cve)
+			} else {
+				cve.CreatedOn = time.Now()
+				cve.CreatedBy = userId
+				cvesToBeSaved = append(cvesToBeSaved, cve)
+			}
 		}
 		allCvesMap = append(allCvesMap, cve)
 	}