From 110c0db277e18ba873406ab0bb3630e00db892ed Mon Sep 17 00:00:00 2001 From: mitchell Date: Thu, 7 Nov 2024 10:54:25 -0500 Subject: [PATCH] CVE report should include changed requirements. Previously it would only show for added requirements. If a requirement changes versions, we should include it in the CVE report. --- internal/runbits/cves/cves.go | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/internal/runbits/cves/cves.go b/internal/runbits/cves/cves.go index a810fae39b..b9b598482b 100644 --- a/internal/runbits/cves/cves.go +++ b/internal/runbits/cves/cves.go @@ -77,7 +77,7 @@ func (c *CveReport) Report(newBuildPlan *buildplan.BuildPlan, oldBuildPlan *buil } } - names := addedRequirements(oldBuildPlan, newBuildPlan) + names := changedRequirements(oldBuildPlan, newBuildPlan) pg := output.StartSpinner(c.prime.Output(), locale.Tr("progress_cve_search", strings.Join(names, ", ")), constants.TerminalAnimationInterval) ingredientVulnerabilities, err := model.FetchVulnerabilitiesForIngredients(c.prime.Auth(), ingredients) @@ -235,7 +235,7 @@ func (c *CveReport) promptForSecurity() (bool, error) { return confirm, nil } -func addedRequirements(oldBuildPlan *buildplan.BuildPlan, newBuildPlan *buildplan.BuildPlan) []string { +func changedRequirements(oldBuildPlan *buildplan.BuildPlan, newBuildPlan *buildplan.BuildPlan) []string { var names []string var oldRequirements buildplan.Requirements if oldBuildPlan != nil { @@ -243,13 +243,16 @@ func addedRequirements(oldBuildPlan *buildplan.BuildPlan, newBuildPlan *buildpla } newRequirements := newBuildPlan.Requirements() - oldReqs := make(map[string]bool) + oldReqs := make(map[string]string) for _, req := range oldRequirements { - oldReqs[qualifiedName(req)] = true + oldReqs[qualifiedName(req)] = req.Ingredient.Version } for _, req := range newRequirements { - if oldReqs[qualifiedName(req)] || req.Namespace == buildplan.NamespaceInternal { + if req.Namespace == buildplan.NamespaceInternal { + continue + } + if version, exists := oldReqs[qualifiedName(req)]; exists && version == req.Ingredient.Version { continue } names = append(names, req.Name)