feat: add cvss v4 score and vector in scan response (#7968)

aquasecurity · Nov 21, 2024 · e0f2054 · e0f2054
1 parent de523ff
commit e0f2054
Show file tree

Hide file tree

Showing 4 changed files with 185 additions and 143 deletions.
diff --git a/pkg/rpc/convert.go b/pkg/rpc/convert.go
@@ -276,15 +276,17 @@ func ConvertToRPCVulns(vulns []types.DetectedVulnerability) []*common.Vulnerabil
 		cvssMap := make(map[string]*common.CVSS) // This is needed because protobuf generates a map[string]*CVSS type
 		for vendor, vendorSeverity := range vuln.CVSS {
 			cvssMap[string(vendor)] = &common.CVSS{
-				V2Vector: vendorSeverity.V2Vector,
-				V3Vector: vendorSeverity.V3Vector,
-				V2Score:  vendorSeverity.V2Score,
-				V3Score:  vendorSeverity.V3Score,
+				V2Vector:  vendorSeverity.V2Vector,
+				V3Vector:  vendorSeverity.V3Vector,
+				V40Vector: vendorSeverity.V40Vector,
+				V2Score:   vendorSeverity.V2Score,
+				V3Score:   vendorSeverity.V3Score,
+				V40Score:  vendorSeverity.V40Score,
 			}
 		}
-		vensorSeverityMap := make(map[string]common.Severity)
+		vendorSeverityMap := make(map[string]common.Severity)
 		for vendor, vendorSeverity := range vuln.VendorSeverity {
-			vensorSeverityMap[string(vendor)] = common.Severity(vendorSeverity)
+			vendorSeverityMap[string(vendor)] = common.Severity(vendorSeverity)
 		}
 
 		var lastModifiedDate, publishedDate *timestamppb.Timestamp
@@ -317,7 +319,7 @@ func ConvertToRPCVulns(vulns []types.DetectedVulnerability) []*common.Vulnerabil
 			Title:              vuln.Title,
 			Description:        vuln.Description,
 			Severity:           common.Severity(severity),
-			VendorSeverity:     vensorSeverityMap,
+			VendorSeverity:     vendorSeverityMap,
 			References:         vuln.References,
 			Layer:              ConvertToRPCLayer(vuln.Layer),
 			Cvss:               cvssMap,
@@ -571,15 +573,17 @@ func ConvertFromRPCVulns(rpcVulns []*common.Vulnerability) []types.DetectedVulne
 		cvssMap := make(dbTypes.VendorCVSS) // This is needed because protobuf generates a map[string]*CVSS type
 		for vendor, vendorSeverity := range vuln.Cvss {
 			cvssMap[dbTypes.SourceID(vendor)] = dbTypes.CVSS{
-				V2Vector: vendorSeverity.V2Vector,
-				V3Vector: vendorSeverity.V3Vector,
-				V2Score:  vendorSeverity.V2Score,
-				V3Score:  vendorSeverity.V3Score,
+				V2Vector:  vendorSeverity.V2Vector,
+				V3Vector:  vendorSeverity.V3Vector,
+				V40Vector: vendorSeverity.V40Vector,
+				V2Score:   vendorSeverity.V2Score,
+				V3Score:   vendorSeverity.V3Score,
+				V40Score:  vendorSeverity.V40Score,
 			}
 		}
-		vensorSeverityMap := make(dbTypes.VendorSeverity)
+		vendorSeverityMap := make(dbTypes.VendorSeverity)
 		for vendor, vendorSeverity := range vuln.VendorSeverity {
-			vensorSeverityMap[dbTypes.SourceID(vendor)] = dbTypes.Severity(vendorSeverity)
+			vendorSeverityMap[dbTypes.SourceID(vendor)] = dbTypes.Severity(vendorSeverity)
 		}
 
 		var lastModifiedDate, publishedDate *time.Time
@@ -610,7 +614,7 @@ func ConvertFromRPCVulns(rpcVulns []*common.Vulnerability) []types.DetectedVulne
 				LastModifiedDate: lastModifiedDate,
 				PublishedDate:    publishedDate,
 				Custom:           vuln.CustomVulnData.AsInterface(),
-				VendorSeverity:   vensorSeverityMap,
+				VendorSeverity:   vendorSeverityMap,
 			},
 			Layer:          ConvertFromRPCLayer(vuln.Layer),
 			SeveritySource: dbTypes.SourceID(vuln.SeveritySource),

diff --git a/pkg/rpc/convert_test.go b/pkg/rpc/convert_test.go
@@ -299,6 +299,14 @@ func TestConvertToRpcVulns(t *testing.T) {
 									V2Score:  7.2,
 									V3Score:  7.8,
 								},
+								vulnerability.NVD: {
+									V2Vector:  "AV:L/AC:L/Au:N/C:C/I:C/A:C",
+									V3Vector:  "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+									V40Vector: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/U:Green",
+									V2Score:   7.2,
+									V3Score:   7.8,
+									V40Score:  8.7,
+								},
 							},
 							References:       []string{"http://example.com"},
 							PublishedDate:    &fixedPublishedDate,
@@ -335,6 +343,14 @@ func TestConvertToRpcVulns(t *testing.T) {
 							V2Score:  7.2,
 							V3Score:  7.8,
 						},
+						"nvd": {
+							V2Vector:  "AV:L/AC:L/Au:N/C:C/I:C/A:C",
+							V3Vector:  "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+							V40Vector: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/U:Green",
+							V2Score:   7.2,
+							V3Score:   7.8,
+							V40Score:  8.7,
+						},
 					},
 					References: []string{"http://example.com"},
 					Layer: &common.Layer{