diff --git a/internal/sql/repository/security/CveStoreRepository.go b/internal/sql/repository/security/CveStoreRepository.go index 0818858de3..64342d20f5 100644 --- a/internal/sql/repository/security/CveStoreRepository.go +++ b/internal/sql/repository/security/CveStoreRepository.go @@ -30,7 +30,7 @@ type CveStore struct { tableName struct{} `sql:"cve_store" pg:",discard_unknown_columns"` Name string `sql:"name,pk"` Severity Severity `sql:"severity,notnull"` - Package string `sql:"package,notnull"` + Package string `sql:"package,notnull"` // deprecated Version string `sql:"version,notnull"` FixedVersion string `sql:"fixed_version,notnull"` sql.AuditLog diff --git a/internal/sql/repository/security/ImageScanResultRepository.go b/internal/sql/repository/security/ImageScanResultRepository.go index f0f1c69531..afe8885da0 100644 --- a/internal/sql/repository/security/ImageScanResultRepository.go +++ b/internal/sql/repository/security/ImageScanResultRepository.go @@ -27,6 +27,7 @@ type ImageScanExecutionResult struct { CveStoreName string `sql:"cve_store_name,notnull"` ImageScanExecutionHistoryId int `sql:"image_scan_execution_history_id"` ScanToolId int `sql:"scan_tool_id"` + Package string `sql:"package"` CveStore CveStore ImageScanExecutionHistory ImageScanExecutionHistory } diff --git a/pkg/security/ImageScanService.go b/pkg/security/ImageScanService.go index 23ad23b8b0..1c8ca00ad5 100644 --- a/pkg/security/ImageScanService.go +++ b/pkg/security/ImageScanService.go @@ -372,6 +372,10 @@ func (impl ImageScanServiceImpl) FetchExecutionDetailResult(request *ImageScanRe Severity: item.CveStore.Severity.String(), //Permission: "BLOCK", TODO } + if len(item.Package) > 0 { + // data already migrated hence get package from image_scan_execution_result + vulnerability.Package = item.Package + } if item.CveStore.Severity == security.Critical { highCount = highCount + 1 } else if item.CveStore.Severity == security.Medium { diff --git a/pkg/security/policyService.go b/pkg/security/policyService.go index d56616f9a8..0a99fda54d 100644 --- a/pkg/security/policyService.go +++ b/pkg/security/policyService.go @@ -242,8 +242,10 @@ func (impl *PolicyServiceImpl) VerifyImage(verifyImageRequest *VerifyImageReques impl.logger.Errorw("error in fetching vulnerability ", "err", err) return nil, err } + cveNameToScanResultPackageNameMapping := make(map[string]string) var cveStores []*security.CveStore for _, scanResult := range scanResults { + cveNameToScanResultPackageNameMapping[scanResult.CveStoreName] = scanResult.Package cveStores = append(cveStores, &scanResult.CveStore) if _, ok := scanResultsIdMap[scanResult.ImageScanExecutionHistoryId]; !ok { scanResultsIdMap[scanResult.ImageScanExecutionHistoryId] = scanResult.ImageScanExecutionHistoryId @@ -259,6 +261,13 @@ func (impl *PolicyServiceImpl) VerifyImage(verifyImageRequest *VerifyImageReques Version: cve.Version, FixedVersion: cve.FixedVersion, } + if packageName, ok := cveNameToScanResultPackageNameMapping[cve.Name]; ok { + if len(packageName) > 0 { + // fetch package name from image_scan_execution_result table + vr.Package = packageName + } + + } imageBlockedCves[image] = append(imageBlockedCves[image], vr) } } diff --git a/scripts/sql/251_alter_image_scan_result_repository.down.sql b/scripts/sql/251_alter_image_scan_result_repository.down.sql new file mode 100644 index 0000000000..03544705b0 --- /dev/null +++ b/scripts/sql/251_alter_image_scan_result_repository.down.sql @@ -0,0 +1 @@ +ALTER TABLE "image_scan_execution_result" DROP COLUMN "package"; \ No newline at end of file diff --git a/scripts/sql/251_alter_image_scan_result_repository.up.sql b/scripts/sql/251_alter_image_scan_result_repository.up.sql new file mode 100644 index 0000000000..e166f09228 --- /dev/null +++ b/scripts/sql/251_alter_image_scan_result_repository.up.sql @@ -0,0 +1 @@ +ALTER TABLE "image_scan_execution_result" ADD COLUMN "package" text; \ No newline at end of file