-
Notifications
You must be signed in to change notification settings - Fork 41
Expand file tree
/
Copy pathtable_github_repository_vulnerability_alert.go
More file actions
130 lines (118 loc) · 7.36 KB
/
Copy pathtable_github_repository_vulnerability_alert.go
File metadata and controls
130 lines (118 loc) · 7.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
package github
import (
"context"
"fmt"
"github.com/shurcooL/githubv4"
"github.com/turbot/steampipe-plugin-github/github/models"
"github.com/turbot/steampipe-plugin-sdk/v6/grpc/proto"
"github.com/turbot/steampipe-plugin-sdk/v6/plugin"
"github.com/turbot/steampipe-plugin-sdk/v6/plugin/transform"
)
func tableGitHubRepositoryVulnerabilityAlert() *plugin.Table {
return &plugin.Table{
Name: "github_repository_vulnerability_alert",
Description: "Vulnerability Alerts from a repository.",
List: &plugin.ListConfig{
Hydrate: tableGitHubRepositoryVulnerabilityList,
ShouldIgnoreError: isNotFoundError([]string{"404"}),
KeyColumns: []*plugin.KeyColumn{
{
Name: "repository_full_name",
Require: plugin.Required,
},
{
Name: "state",
Require: plugin.Optional,
CacheMatch: "exact",
},
},
},
Columns: commonColumns(gitHubRepositoryVulnerabilityAlertColumns()),
}
}
func tableGitHubRepositoryVulnerabilityList(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) {
q := d.EqualsQuals
fullName := q["repository_full_name"].GetStringValue()
owner, repoName := parseRepoFullName(fullName)
s := q["state"].GetStringValue()
states := []githubv4.RepositoryVulnerabilityAlertState{
githubv4.RepositoryVulnerabilityAlertStateOpen,
githubv4.RepositoryVulnerabilityAlertStateFixed,
githubv4.RepositoryVulnerabilityAlertStateDismissed,
}
if s != "" {
switch s {
case "OPEN":
states = []githubv4.RepositoryVulnerabilityAlertState{githubv4.RepositoryVulnerabilityAlertStateOpen}
case "FIXED":
states = []githubv4.RepositoryVulnerabilityAlertState{githubv4.RepositoryVulnerabilityAlertStateFixed}
case "DISMISSED":
states = []githubv4.RepositoryVulnerabilityAlertState{githubv4.RepositoryVulnerabilityAlertStateDismissed}
default:
return nil, fmt.Errorf("state must be 'OPEN', 'FIXED' or 'DISMISSED' you provided '%s' which is invalid", s)
}
}
pageSize := adjustPageSize(100, d.QueryContext.Limit)
variables := map[string]interface{}{
"owner": githubv4.String(owner),
"repo": githubv4.String(repoName),
"pageSize": githubv4.Int(pageSize),
"cursor": (*githubv4.String)(nil),
"states": states,
}
var query struct {
RateLimit models.RateLimit
Repository struct {
VulnerabilityAlerts struct {
TotalCount int
PageInfo models.PageInfo
Nodes []models.RepositoryVulnerabilityAlert
} `graphql:"vulnerabilityAlerts(first: $pageSize, after: $cursor, states: $states)"`
} `graphql:"repository(owner: $owner, name: $repo)"`
}
appendRepoVulnerabilityAlertColumnIncludes(&variables, d.QueryContext.Columns)
client := connectV4(ctx, d)
for {
err := client.Query(ctx, &query, variables)
plugin.Logger(ctx).Debug(rateLimitLogString("github_repository_collaborator", &query.RateLimit))
if err != nil {
plugin.Logger(ctx).Error("github_repository_collaborator", "api_error", err, "repository", fullName)
return nil, err
}
for _, c := range query.Repository.VulnerabilityAlerts.Nodes {
d.StreamListItem(ctx, c)
// Context can be cancelled due to manual cancellation or the limit has been hit
if d.RowsRemaining(ctx) == 0 {
return nil, nil
}
}
if !query.Repository.VulnerabilityAlerts.PageInfo.HasNextPage {
break
}
variables["cursor"] = githubv4.NewString(query.Repository.VulnerabilityAlerts.PageInfo.EndCursor)
}
return nil, nil
}
func gitHubRepositoryVulnerabilityAlertColumns() []*plugin.Column {
return []*plugin.Column{
{Name: "repository_full_name", Type: proto.ColumnType_STRING, Description: "The full name of the repository, including the owner and repo name.", Transform: transform.FromQual("repository_full_name")},
{Name: "number", Type: proto.ColumnType_INT, Transform: transform.FromValue(), Hydrate: vAlertHydrateNumber, Description: "Number of vulnerability alert."},
{Name: "node_id", Type: proto.ColumnType_STRING, Transform: transform.FromValue(), Hydrate: vAlertHydrateNodeId, Description: "The node id of the vulnerability alert."},
{Name: "auto_dismissed_at", Type: proto.ColumnType_TIMESTAMP, Transform: transform.FromValue().NullIfZero().Transform(convertTimestamp), Hydrate: vAlertHydrateAutoDismissedAt, Description: "Timestamp at which the vulnerability alert was automatically dismissed."},
{Name: "created_at", Type: proto.ColumnType_TIMESTAMP, Transform: transform.FromValue().NullIfZero().Transform(convertTimestamp), Hydrate: vAlertHydrateCreatedAt, Description: "Timestamp when the vulnerability alert was created."},
{Name: "dependency_scope", Type: proto.ColumnType_STRING, Transform: transform.FromValue(), Hydrate: vAlertHydrateDependencyScope, Description: "The dependency scope of the vulnerability alert, will be RUNTIME or DEVELOPMENT."},
{Name: "dismiss_comment", Type: proto.ColumnType_STRING, Transform: transform.FromValue(), Hydrate: vAlertHydrateDismissComment, Description: "Comment on the dismissal of the vulnerability alert."},
{Name: "dismiss_reason", Type: proto.ColumnType_STRING, Transform: transform.FromValue(), Hydrate: vAlertHydrateDismissReason, Description: "Reason for the dismissal of the vulnerability alert."},
{Name: "dismissed_at", Type: proto.ColumnType_TIMESTAMP, Transform: transform.FromValue().NullIfZero().Transform(convertTimestamp), Hydrate: vAlertHydrateDismissedAt, Description: "Timestamp at which the vulnerability alert was dismissed."},
{Name: "dismisser", Type: proto.ColumnType_JSON, Transform: transform.FromValue(), Hydrate: vAlertHydrateDismisser, Description: "The user whom dismissed the vulnerability alert."},
{Name: "fixed_at", Type: proto.ColumnType_TIMESTAMP, Transform: transform.FromValue().NullIfZero().Transform(convertTimestamp), Hydrate: vAlertHydrateFixedAt, Description: "Timestamp when the vulnerability alert was marked as fixed."},
{Name: "state", Type: proto.ColumnType_STRING, Transform: transform.FromValue(), Hydrate: vAlertHydrateState, Description: "State of the vulnerability alert, will be 'OPEN', 'FIXED' or 'DISMISSED'."},
{Name: "security_advisory", Type: proto.ColumnType_JSON, Transform: transform.FromValue(), Hydrate: vAlertHydrateSecurityAdvisory, Description: "The security advisory associated with the vulnerability alert."},
{Name: "security_vulnerability", Type: proto.ColumnType_JSON, Transform: transform.FromValue(), Hydrate: vAlertHydrateSecurityVulnerability, Description: "The vulnerability associated with the vulnerability alert."},
{Name: "vulnerable_manifest_filename", Type: proto.ColumnType_STRING, Transform: transform.FromValue(), Hydrate: vAlertHydrateVulnerableManifestFilename, Description: "Filename of the vulnerable manifest."},
{Name: "vulnerable_manifest_path", Type: proto.ColumnType_STRING, Transform: transform.FromValue(), Hydrate: vAlertHydrateVulnerableManifestPath, Description: "Path of the vulnerable manifest."},
{Name: "vulnerable_requirements", Type: proto.ColumnType_STRING, Transform: transform.FromValue(), Hydrate: vAlertHydrateVulnerableRequirements, Description: "Vulnerable requirements from the manifest."},
{Name: "severity", Type: proto.ColumnType_STRING, Transform: transform.FromValue(), Hydrate: vAlertHydrateSeverity, Description: "Severity of the vulnerability."},
{Name: "cvss_score", Type: proto.ColumnType_DOUBLE, Transform: transform.FromValue(), Hydrate: vAlertHydrateCvssScore, Description: "The CVSS score of the advisory associated with the vulnerability alert."},
}
}