Skip to content

Commit

Permalink
Add parsed vulnerability schemas (#1679)
Browse files Browse the repository at this point in the history
  • Loading branch information
@michaeljguarino
michaeljguarino authored Dec 13, 2024
1 parent 315f638 commit 2d87b28
Show file tree
Hide file tree
Showing 5 changed files with 165 additions and 2 deletions.
19 changes: 19 additions & 0 deletions assets/src/generated/graphql.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2202,8 +2202,15 @@ export type CvssAttributes = {

export type CvssBundle = {
__typename?: 'CvssBundle';
attackComplexity?: Maybe<VulnSeverity>;
attackVector?: Maybe<VulnAttackVector>;
availability?: Maybe<VulnSeverity>;
confidentiality?: Maybe<VulnSeverity>;
integrity?: Maybe<VulnSeverity>;
nvidia?: Maybe<Cvss>;
privilegesRequired?: Maybe<VulnSeverity>;
redhat?: Maybe<Cvss>;
userInteraction?: Maybe<VulnUserInteraction>;
};

export type CvssBundleAttributes = {
Expand Down Expand Up @@ -9721,6 +9728,13 @@ export type VulnArtifactAttributes = {
tag?: InputMaybe<Scalars['String']['input']>;
};

export enum VulnAttackVector {
Adjacent = 'ADJACENT',
Local = 'LOCAL',
Network = 'NETWORK',
Physical = 'PHYSICAL'
}

export type VulnOs = {
__typename?: 'VulnOs';
eosl?: Maybe<Scalars['Boolean']['output']>;
Expand Down Expand Up @@ -9769,6 +9783,11 @@ export type VulnSummaryAttributes = {
unknownCount?: InputMaybe<Scalars['Int']['input']>;
};

export enum VulnUserInteraction {
None = 'NONE',
Required = 'REQUIRED'
}

export type Vulnerability = {
__typename?: 'Vulnerability';
class?: Maybe<Scalars['String']['output']>;
Expand Down
97 changes: 95 additions & 2 deletions go/client/models_gen.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 10 additions & 0 deletions lib/console/graphql/deployments/policy.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ defmodule Console.GraphQl.Deployments.Policy do
ecto_enum :constraint_enforcement, Console.Schema.PolicyConstraint.Enforcement
ecto_enum :vuln_severity, Console.Schema.Vulnerability.Severity
ecto_enum :vuln_report_grade, Console.Schema.VulnerabilityReport.Grade
ecto_enum :vuln_attack_vector, Console.Schema.Vulnerability.AttackVector
ecto_enum :vuln_user_interaction, Console.Schema.Vulnerability.UserInteraction

enum :policy_aggregate do
value :cluster
Expand Down Expand Up @@ -242,6 +244,14 @@ defmodule Console.GraphQl.Deployments.Policy do
end

object :cvss_bundle do
field :attack_vector, :vuln_attack_vector
field :attack_complexity, :vuln_severity
field :privileges_required, :vuln_severity
field :user_interaction, :vuln_user_interaction
field :confidentiality, :vuln_severity
field :integrity, :vuln_severity
field :availability, :vuln_severity

field :nvidia, :cvss
field :redhat, :cvss
end
Expand Down
22 changes: 22 additions & 0 deletions lib/console/schema/vulnerability.ex
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
defmodule Console.Schema.Vulnerability do
use Piazza.Ecto.Schema
alias Console.Schema.VulnerabilityReport
alias Console.Utils.Vuln

defenum Severity, unknown: 0, low: 1, medium: 2, high: 3, critical: 4
defenum AttackVector, network: 0, adjacent: 1, local: 2, physical: 3
defenum UserInteraction, none: 0, required: 1

defmodule CVSS do
use Piazza.Ecto.Schema
Expand Down Expand Up @@ -47,6 +50,14 @@ defmodule Console.Schema.Vulnerability do
field :last_modified_date, :utc_datetime_usec

embeds_one :cvss, CVSSBundle, on_replace: :update do
field :attack_vector, AttackVector
field :attack_complexity, Severity
field :privileges_required, Severity
field :user_interaction, UserInteraction
field :confidentiality, Severity
field :integrity, Severity
field :availability, Severity

embeds_one :redhat, CVSS, on_replace: :update
embeds_one :nvidia, CVSS, on_replace: :update
end
Expand Down Expand Up @@ -88,5 +99,16 @@ defmodule Console.Schema.Vulnerability do
|> cast(attrs, [])
|> cast_embed(:nvidia)
|> cast_embed(:redhat)
|> parse_cvss_vector()
end

defp parse_cvss_vector(cs) do
case {get_field(cs, :redhat), get_field(cs, :nvidia)} do
{%CVSS{v3_vector: vec}, _} when is_binary(vec) ->
change(cs, Vuln.parse_v3_vector(vec))
{_, %CVSS{v3_vector: vec}} when is_binary(vec) ->
change(cs, Vuln.parse_v3_vector(vec))
_ -> cs
end
end
end
19 changes: 19 additions & 0 deletions schema/schema.graphql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2549,6 +2549,18 @@ enum VulnReportGrade {
F
}

enum VulnAttackVector {
NETWORK
ADJACENT
LOCAL
PHYSICAL
}

enum VulnUserInteraction {
NONE
REQUIRED
}

enum PolicyAggregate {
CLUSTER
ENFORCEMENT
Expand Down Expand Up @@ -2798,6 +2810,13 @@ type Vulnerability {
}

type CvssBundle {
attackVector: VulnAttackVector
attackComplexity: VulnSeverity
privilegesRequired: VulnSeverity
userInteraction: VulnUserInteraction
confidentiality: VulnSeverity
integrity: VulnSeverity
availability: VulnSeverity
nvidia: Cvss
redhat: Cvss
}
Expand Down

0 comments on commit 2d87b28

Please sign in to comment.