feat: add vuln id

Co-authored-by: Sindre Rødseth Hansen <[email protected]>
Co-authored-by: Tommy Trøen <[email protected]>

Author: 3 people

go.mod

@@ -5,6 +5,7 @@ go 1.24.0
 require (
 	cloud.google.com/go/auth v0.15.0
 	github.com/containerd/log v0.1.0
+	github.com/emicklei/pgtalk v1.8.3
 	github.com/exaring/otelpgx v0.9.0
 	github.com/fatih/color v1.18.0
 	github.com/google/go-containerregistry v0.20.3

go.sum

@@ -259,6 +259,8 @@ github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkp
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/emicklei/pgtalk v1.8.3 h1:8wsBWX5s//UdMfosTlFHElqi+FzGsnfOpISPjKArH+s=
+github.com/emicklei/pgtalk v1.8.3/go.mod h1:a9wP/z+1O0t4swEMPLiBRH8rlqWEIcMuZUuDBkODrc4=
 github.com/emicklei/proto v1.13.4 h1:myn1fyf8t7tAqIzV91Tj9qXpvyXXGXk8OS2H6IBSc9g=
 github.com/emicklei/proto v1.13.4/go.mod h1:rn1FgRS/FANiZdD2djyH7TMA9jdRDcYQ9IEN9yvjX0A=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=

internal/api/grpcvulnerabilities/vulnerabilities.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"github.com/emicklei/pgtalk/convert"
 	"github.com/jackc/pgx/v5"
 	"github.com/nais/v13s/internal/api/grpcpagination"
 	"github.com/nais/v13s/internal/collections"
@@ -51,6 +52,7 @@ func (s *Server) ListVulnerabilities(ctx context.Context, request *vulnerabiliti
 				ImageTag:  row.ImageTag,
 			},
 			Vulnerability: &vulnerabilities.Vulnerability{
+				Id:         row.ID.String(),
 				Package:    row.Package,
 				Suppressed: &row.Suppressed,
 				Cve: &vulnerabilities.Cve{
@@ -132,6 +134,7 @@ func (s *Server) ListVulnerabilitiesForImage(ctx context.Context, request *vulne
 		suppressReasonStr := strings.ToUpper(string(suppressReason))
 
 		return &vulnerabilities.Vulnerability{
+			Id:                row.ID.String(),
 			Package:           row.Package,
 			Suppressed:        &row.Suppressed,
 			SuppressedReason:  &suppressReasonStr,
@@ -211,34 +214,30 @@ func (s *Server) ListSuppressedVulnerabilities(ctx context.Context, request *vul
 }
 
 func (s *Server) SuppressVulnerability(ctx context.Context, request *vulnerabilities.SuppressVulnerabilityRequest) (*vulnerabilities.SuppressVulnerabilityResponse, error) {
-	suppressedVuln := request.GetSuppressedVulnerability()
-	_, err := s.querier.GetSuppressedVulnerability(ctx, sql.GetSuppressedVulnerabilityParams{
-		ImageName: suppressedVuln.GetImageName(),
-		Package:   suppressedVuln.GetPackage(),
-		CveID:     suppressedVuln.GetCveId(),
-	})
-
+	uuid := convert.StringToUUID(request.Id)
+	vuln, err := s.querier.GetVulnerabilityById(ctx, uuid)
 	if err != nil {
 		if !errors.Is(err, pgx.ErrNoRows) {
-			return nil, fmt.Errorf("failed to get suppressed vulnerability: %w", err)
+			return nil, fmt.Errorf("get suppressed vulnerability: %w", err)
 		}
 	}
 
 	supErr := s.querier.SuppressVulnerability(ctx, sql.SuppressVulnerabilityParams{
-		ImageName:    suppressedVuln.GetImageName(),
-		CveID:        suppressedVuln.GetCveId(),
-		Package:      suppressedVuln.GetPackage(),
-		SuppressedBy: suppressedVuln.GetSuppressedBy(),
-		Suppressed:   suppressedVuln.GetSuppress(),
-		Reason:       sql.VulnerabilitySuppressReason(strings.ToLower(suppressedVuln.GetState().String())),
-		ReasonText:   suppressedVuln.GetReason(),
+		ImageName:    vuln.ImageName,
+		CveID:        vuln.CveID,
+		Package:      vuln.Package,
+		SuppressedBy: request.GetSuppressedBy(),
+		Suppressed:   request.GetSuppress(),
+		Reason:       sql.VulnerabilitySuppressReason(strings.ToLower(request.GetState().String())),
+		ReasonText:   request.GetReason(),
 	})
 	if supErr != nil {
-		return nil, fmt.Errorf("failed to suppress vulnerability: %w", supErr)
+		return nil, fmt.Errorf("suppress vulnerability: %w", supErr)
 	}
+
 	return &vulnerabilities.SuppressVulnerabilityResponse{
-		CveId:      suppressedVuln.GetCveId(),
-		Suppressed: suppressedVuln.GetSuppress(),
+		CveId:      vuln.CveID,
+		Suppressed: request.GetSuppress(),
 	}, nil
 }
 

internal/database/queries/vulnerabilities.sql

@@ -46,15 +46,12 @@ DO UPDATE
     WHERE vulnerabilities.latest_version <> EXCLUDED.latest_version
 ;
 
-
-
 -- name: GetCve :one
 SELECT *
 FROM cve
 WHERE cve_id = @cve_id
 ;
 
-
 -- name: GetVulnerability :one
 SELECT *
 FROM vulnerabilities
@@ -64,6 +61,16 @@ WHERE image_name = @image_name
   AND cve_id = @cve_id
 ;
 
+-- name: GetVulnerabilityById :one
+SELECT v.image_name,
+       v.image_tag,
+       v.package,
+       v.cve_id,
+       v.source
+FROM vulnerabilities v
+    JOIN cve c ON v.cve_id = c.cve_id
+WHERE v.id = @id
+;
 
 -- name: SuppressVulnerability :exec
 INSERT INTO suppressed_vulnerabilities(image_name,
@@ -169,7 +176,8 @@ WHERE (CASE WHEN sqlc.narg('cluster')::TEXT is not null THEN w.cluster = sqlc.na
 ;
 
 -- name: ListVulnerabilitiesForImage :many
-SELECT v.image_name,
+SELECT v.id,
+       v.image_name,
        v.image_tag,
        v.package,
        v.cve_id,
@@ -215,7 +223,8 @@ WHERE v.image_name = @image_name
 ;
 
 -- name: ListVulnerabilities :many
-SELECT w.name                         AS workload_name,
+SELECT v.id,
+       w.name                         AS workload_name,
        w.workload_type,
        w.namespace,
        w.cluster,

internal/database/sql/querier.go

@@ -15,7 +15,7 @@ type Client interface {
 	ListVulnerabilitySummaries(ctx context.Context, opts ...Option) (*ListVulnerabilitySummariesResponse, error)
 	GetVulnerabilitySummary(ctx context.Context, opts ...Option) (*GetVulnerabilitySummaryResponse, error)
 	GetVulnerabilitySummaryForImage(ctx context.Context, imageName, imageTag string) (*GetVulnerabilitySummaryForImageResponse, error)
-	SuppressVulnerability(ctx context.Context, imageName, cveId, packaged, reason, suppressedBy string, state SuppressState, suppress bool) error
+	SuppressVulnerability(ctx context.Context, id, reason, suppressedBy string, state SuppressState, suppress bool) error
 	management.ManagementClient
 }
 
@@ -107,17 +107,13 @@ func (c *client) GetVulnerabilitySummaryForImage(ctx context.Context, imageName,
 	})
 }
 
-func (c *client) SuppressVulnerability(ctx context.Context, imageName, cveId, packaged, reason, suppressedBy string, state SuppressState, suppress bool) error {
+func (c *client) SuppressVulnerability(ctx context.Context, id, reason, suppressedBy string, state SuppressState, suppress bool) error {
 	_, err := c.c.SuppressVulnerability(ctx, &SuppressVulnerabilityRequest{
-		SuppressedVulnerability: &SuppressedVulnerability{
-			ImageName:    imageName,
-			State:        state,
-			Package:      packaged,
-			CveId:        cveId,
-			Reason:       &reason,
-			SuppressedBy: &suppressedBy,
-			Suppress:     &suppress,
-		},
+		Id:           id,
+		Reason:       &reason,
+		SuppressedBy: &suppressedBy,
+		State:        state,
+		Suppress:     &suppress,
 	})
 	return err
 }

internal/database/sql/vulnerabilities.sql.go

@@ -118,7 +118,11 @@ message GetVulnerabilitySummaryResponse {
 }
 
 message SuppressVulnerabilityRequest {
-  SuppressedVulnerability suppressed_vulnerability = 1;
+  string id = 1;
+  SuppressState state = 2;
+  optional string reason = 3;
+  optional string suppressed_by = 4;
+  optional bool suppress = 5;
 }
 
 message SuppressedVulnerability {
@@ -207,12 +211,13 @@ message Cve {
 
 // TODO: should it be grouped by package like now or Cve?
 message Vulnerability {
-  string package = 1;
-  Cve cve = 2;
-  string latest_version = 3;
-  optional bool suppressed = 4;
-  optional string suppressed_reason = 5;
-  optional string suppressed_details = 6;
+  string id = 1;
+  string package = 2;
+  Cve cve = 3;
+  string latest_version = 4;
+  optional bool suppressed = 5;
+  optional string suppressed_reason = 6;
+  optional string suppressed_details = 7;
 }
 
 message Finding {