From 96de0c1dc4f77a9a4c4f4c819b953b8c9d68cdc7 Mon Sep 17 00:00:00 2001
From: Prakash Kumar <prakash.kumar@devtron.ai>
Date: Fri, 24 May 2024 20:00:27 +0530
Subject: [PATCH 1/3] introducing new col in image scan result table and
 deprecating in cve-store table and handling backward compatibility

---
 env_gen.md                                                | 3 ++-
 internal/sql/repository/security/CveStoreRepository.go    | 2 +-
 .../sql/repository/security/ImageScanResultRepository.go  | 1 +
 pkg/security/ImageScanService.go                          | 4 ++++
 pkg/security/policyService.go                             | 8 ++++++++
 .../sql/249_alter_image_scan_result_repository.down.sql   | 1 +
 scripts/sql/249_alter_image_scan_result_repository.up.sql | 1 +
 wire_gen.go                                               | 2 +-
 8 files changed, 19 insertions(+), 3 deletions(-)
 create mode 100644 scripts/sql/249_alter_image_scan_result_repository.down.sql
 create mode 100644 scripts/sql/249_alter_image_scan_result_repository.up.sql

diff --git a/env_gen.md b/env_gen.md
index 5e77dca153..e79c776351 100644
--- a/env_gen.md
+++ b/env_gen.md
@@ -118,6 +118,7 @@
  | ENFORCER_MAX_BATCH_SIZE | 1 |  | 
  | EPHEMERAL_SERVER_VERSION_REGEX | v[1-9]\.\b(2[3-9]|[3-9][0-9])\b.* |  | 
  | EVENT_URL | http://localhost:3000/notify |  | 
+ | EXECUTE_WIRE_NIL_CHECKER | false |  | 
  | EXPOSE_CD_METRICS | false |  | 
  | EXPOSE_CI_METRICS | false |  | 
  | EXTERNAL_BLOB_STORAGE_CM_NAME | blob-storage-cm |  | 
@@ -193,7 +194,7 @@
  | PIPELINE_DEGRADED_TIME | 10 |  | 
  | PLUGIN_NAME | Pull images from container repository |  | 
  | PRE_CI_CACHE_PATH | /devtroncd-cache |  | 
- | PROXY_SERVICE_CONFIG |  |  | 
+ | PROXY_SERVICE_CONFIG | {} |  | 
  | REQ_CI_CPU | 0.5 |  | 
  | REQ_CI_MEM | 3G |  | 
  | RESOURCE_LIST_FOR_REPLICAS | Deployment,Rollout,StatefulSet,ReplicaSet |  | 
diff --git a/internal/sql/repository/security/CveStoreRepository.go b/internal/sql/repository/security/CveStoreRepository.go
index 7519c3f6e7..4384e7d0cd 100644
--- a/internal/sql/repository/security/CveStoreRepository.go
+++ b/internal/sql/repository/security/CveStoreRepository.go
@@ -31,7 +31,7 @@ type CveStore struct {
 	tableName    struct{} `sql:"cve_store" pg:",discard_unknown_columns"`
 	Name         string   `sql:"name,pk"`
 	Severity     Severity `sql:"severity,notnull"`
-	Package      string   `sql:"package,notnull"`
+	Package      string   `sql:"package,notnull"` // deprecated
 	Version      string   `sql:"version,notnull"`
 	FixedVersion string   `sql:"fixed_version,notnull"`
 	sql.AuditLog
diff --git a/internal/sql/repository/security/ImageScanResultRepository.go b/internal/sql/repository/security/ImageScanResultRepository.go
index a5b4b588e5..d96392a4b9 100644
--- a/internal/sql/repository/security/ImageScanResultRepository.go
+++ b/internal/sql/repository/security/ImageScanResultRepository.go
@@ -28,6 +28,7 @@ type ImageScanExecutionResult struct {
 	CveStoreName                string   `sql:"cve_store_name,notnull"`
 	ImageScanExecutionHistoryId int      `sql:"image_scan_execution_history_id"`
 	ScanToolId                  int      `sql:"scan_tool_id"`
+	Package                     string   `sql:"package"`
 	CveStore                    CveStore
 	ImageScanExecutionHistory   ImageScanExecutionHistory
 }
diff --git a/pkg/security/ImageScanService.go b/pkg/security/ImageScanService.go
index 441fdeec25..4bc3a5b40e 100644
--- a/pkg/security/ImageScanService.go
+++ b/pkg/security/ImageScanService.go
@@ -373,6 +373,10 @@ func (impl ImageScanServiceImpl) FetchExecutionDetailResult(request *ImageScanRe
 				Severity: item.CveStore.Severity.String(),
 				//Permission: "BLOCK", TODO
 			}
+			if len(item.CveStore.Package) == 0 {
+				// data already migrated hence get package from image_scan_execution_result
+				vulnerability.Package = item.Package
+			}
 			if item.CveStore.Severity == security.Critical {
 				highCount = highCount + 1
 			} else if item.CveStore.Severity == security.Medium {
diff --git a/pkg/security/policyService.go b/pkg/security/policyService.go
index 0aa06c90a8..e41454f001 100644
--- a/pkg/security/policyService.go
+++ b/pkg/security/policyService.go
@@ -243,8 +243,10 @@ func (impl *PolicyServiceImpl) VerifyImage(verifyImageRequest *VerifyImageReques
 			impl.logger.Errorw("error in fetching vulnerability ", "err", err)
 			return nil, err
 		}
+		cveNameToScanResultPackageNameMapping := make(map[string]string)
 		var cveStores []*security.CveStore
 		for _, scanResult := range scanResults {
+			cveNameToScanResultPackageNameMapping[scanResult.CveStoreName] = scanResult.Package
 			cveStores = append(cveStores, &scanResult.CveStore)
 			if _, ok := scanResultsIdMap[scanResult.ImageScanExecutionHistoryId]; !ok {
 				scanResultsIdMap[scanResult.ImageScanExecutionHistoryId] = scanResult.ImageScanExecutionHistoryId
@@ -260,6 +262,12 @@ func (impl *PolicyServiceImpl) VerifyImage(verifyImageRequest *VerifyImageReques
 				Version:      cve.Version,
 				FixedVersion: cve.FixedVersion,
 			}
+			if len(cve.Package) == 0 {
+				if packageName, ok := cveNameToScanResultPackageNameMapping[cve.Name]; ok {
+					// fetch package name from image_scan_execution_result table
+					vr.Package = packageName
+				}
+			}
 			imageBlockedCves[image] = append(imageBlockedCves[image], vr)
 		}
 	}
diff --git a/scripts/sql/249_alter_image_scan_result_repository.down.sql b/scripts/sql/249_alter_image_scan_result_repository.down.sql
new file mode 100644
index 0000000000..03544705b0
--- /dev/null
+++ b/scripts/sql/249_alter_image_scan_result_repository.down.sql
@@ -0,0 +1 @@
+ALTER TABLE "image_scan_execution_result" DROP COLUMN "package";
\ No newline at end of file
diff --git a/scripts/sql/249_alter_image_scan_result_repository.up.sql b/scripts/sql/249_alter_image_scan_result_repository.up.sql
new file mode 100644
index 0000000000..e166f09228
--- /dev/null
+++ b/scripts/sql/249_alter_image_scan_result_repository.up.sql
@@ -0,0 +1 @@
+ALTER TABLE "image_scan_execution_result" ADD COLUMN "package" text;
\ No newline at end of file
diff --git a/wire_gen.go b/wire_gen.go
index 3d1bd5c4e1..6712526b9e 100644
--- a/wire_gen.go
+++ b/wire_gen.go
@@ -1,6 +1,6 @@
 // Code generated by Wire. DO NOT EDIT.
 
-//go:generate go run -mod=mod github.com/google/wire/cmd/wire
+//go:generate go run github.com/google/wire/cmd/wire
 //go:build !wireinject
 // +build !wireinject
 

From 36d5c7cd6b379cea6bffa02795f1401ae7149577 Mon Sep 17 00:00:00 2001
From: Prakash Kumar <prakash.kumar@devtron.ai>
Date: Sat, 25 May 2024 23:41:50 +0530
Subject: [PATCH 2/3] fix

---
 pkg/security/ImageScanService.go | 2 +-
 pkg/security/policyService.go    | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/pkg/security/ImageScanService.go b/pkg/security/ImageScanService.go
index 4bc3a5b40e..52743ec787 100644
--- a/pkg/security/ImageScanService.go
+++ b/pkg/security/ImageScanService.go
@@ -373,7 +373,7 @@ func (impl ImageScanServiceImpl) FetchExecutionDetailResult(request *ImageScanRe
 				Severity: item.CveStore.Severity.String(),
 				//Permission: "BLOCK", TODO
 			}
-			if len(item.CveStore.Package) == 0 {
+			if len(item.Package) > 0 {
 				// data already migrated hence get package from image_scan_execution_result
 				vulnerability.Package = item.Package
 			}
diff --git a/pkg/security/policyService.go b/pkg/security/policyService.go
index e41454f001..be7dec248c 100644
--- a/pkg/security/policyService.go
+++ b/pkg/security/policyService.go
@@ -262,11 +262,12 @@ func (impl *PolicyServiceImpl) VerifyImage(verifyImageRequest *VerifyImageReques
 				Version:      cve.Version,
 				FixedVersion: cve.FixedVersion,
 			}
-			if len(cve.Package) == 0 {
-				if packageName, ok := cveNameToScanResultPackageNameMapping[cve.Name]; ok {
+			if packageName, ok := cveNameToScanResultPackageNameMapping[cve.Name]; ok {
+				if len(packageName) > 0 {
 					// fetch package name from image_scan_execution_result table
 					vr.Package = packageName
 				}
+
 			}
 			imageBlockedCves[image] = append(imageBlockedCves[image], vr)
 		}

From e7c2202a7bccc34a9f315dac74a8de4f0fe76c36 Mon Sep 17 00:00:00 2001
From: Prakash Kumar <prakash.kumar@devtron.ai>
Date: Mon, 3 Jun 2024 12:36:28 +0530
Subject: [PATCH 3/3] migration number changed

---
 ...y.down.sql => 251_alter_image_scan_result_repository.down.sql} | 0
 ...itory.up.sql => 251_alter_image_scan_result_repository.up.sql} | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename scripts/sql/{249_alter_image_scan_result_repository.down.sql => 251_alter_image_scan_result_repository.down.sql} (100%)
 rename scripts/sql/{249_alter_image_scan_result_repository.up.sql => 251_alter_image_scan_result_repository.up.sql} (100%)

diff --git a/scripts/sql/249_alter_image_scan_result_repository.down.sql b/scripts/sql/251_alter_image_scan_result_repository.down.sql
similarity index 100%
rename from scripts/sql/249_alter_image_scan_result_repository.down.sql
rename to scripts/sql/251_alter_image_scan_result_repository.down.sql
diff --git a/scripts/sql/249_alter_image_scan_result_repository.up.sql b/scripts/sql/251_alter_image_scan_result_repository.up.sql
similarity index 100%
rename from scripts/sql/249_alter_image_scan_result_repository.up.sql
rename to scripts/sql/251_alter_image_scan_result_repository.up.sql