Skip to content

Commit

Permalink
trivy:bugfix - adding func to avoid hash changes in trivy formatter
Browse files Browse the repository at this point in the history
Since the pull request #882 some
changes were made in the line and code of the trivy formatter,
and this data influences directly the hash generation.
This pr will avoid this hash change by using the same data as
before, but for the users the data will be showed with the fixes
made in the pull request 882, leading to no braking changes
and keeping the fixes.

Signed-off-by: Nathan Martins <nathan.martins@zup.com.br>
  • Loading branch information
nathanmartinszup committed Jan 18, 2022
1 parent bfb07e6 commit 0193de4
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion internal/services/formatters/generic/trivy/formatter.go
Original file line number Diff line number Diff line change
Expand Up @@ -169,11 +169,24 @@ func (f *Formatter) addVulnerabilitiesOutput(vulnerabilities []*trivyVulnerabili
addVuln.File = target
addVuln.Details = vuln.getDetails()
addVuln.Severity = severities.GetSeverityByString(vuln.Severity)
addVuln = vulnhash.Bind(addVuln)
addVuln.VulnHash = f.getOldHash(vuln.PkgName, *addVuln)
f.AddNewVulnerabilityIntoAnalysis(addVuln)
}
}

// getOldHash func necessary to avoid a breaking change in the trivy hash generation. Since the pull request
// https://github.com/ZupIT/horusec/pull/882 some changes were made in the line and code, and this data influences
// directly the hash generation. This func will avoid this hash change by using the same data as before, but for the
// users the data will be showed with the fixes made in the pull request 882, leading to no braking changes and keeping
// the fixes.
// nolint:gocritic // it has to be without pointer
func (f *Formatter) getOldHash(pkgName string, vuln vulnerability.Vulnerability) string {
vuln.Line = "0"
vuln.Code = pkgName

return vulnhash.Bind(&vuln).VulnHash
}

func (f *Formatter) addMisconfigurationOutput(result []*trivyMisconfiguration, target string) {
for _, vuln := range result {
addVuln := f.getVulnBase()
Expand Down

0 comments on commit 0193de4

Please sign in to comment.