From f3edb03b49a0c0c41bc4ac15506654d84915fc6c Mon Sep 17 00:00:00 2001 From: prahaladdarkin Date: Mon, 18 Jul 2022 06:52:15 +0530 Subject: [PATCH] Fix to CVE Data Export functionality for images pushed by `docker push` (#17182) Closes: * https://github.com/goharbor/harbor/issues/17167 Signed-off-by: prahaladdarkin --- src/pkg/scan/export/manager.go | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/src/pkg/scan/export/manager.go b/src/pkg/scan/export/manager.go index 7dbf39ddc..ab7b52d86 100644 --- a/src/pkg/scan/export/manager.go +++ b/src/pkg/scan/export/manager.go @@ -20,7 +20,7 @@ scanner_registration.id as scanner_id, scanner_registration."name" as scanner_na vulnerability_record.cve_id, vulnerability_record.package, vulnerability_record.severity, vulnerability_record.cvss_score_v3, vulnerability_record.cvss_score_v2, vulnerability_record.cvss_vector_v3, vulnerability_record.cvss_vector_v2, vulnerability_record.cwe_ids from report_vulnerability_record inner join scan_report on report_vulnerability_record.report_uuid = scan_report.uuid inner join artifact on scan_report.digest = artifact.digest -inner join artifact_reference on artifact.id = artifact_reference.child_id +left outer join artifact_reference on artifact.id = artifact_reference.child_id inner join vulnerability_record on report_vulnerability_record.vuln_record_id = vulnerability_record.id inner join project on artifact.project_id = project.project_id inner join repository on artifact.repository_id = repository.repository_id @@ -29,10 +29,12 @@ inner join harbor_user on project.owner_id = harbor_user.user_id inner join scanner_registration on scan_report.registration_uuid = scanner_registration.uuid ` ArtifactBylabelQueryTemplate = "select distinct artifact.id from artifact inner join label_reference on artifact.id = label_reference.artifact_id inner join harbor_label on label_reference.label_id = harbor_label.id and harbor_label.id in (%s)" SQLAnd = " and " + SQLOr = " or " RepositoryIDColumn = "repository.repository_id" ProjectIDColumn = "project.project_id" TagIDColumn = "tag.id" ArtifactParentIDColumn = "artifact_reference.parent_id" + ArtifactIDColumn = "artifact.id" GroupBy = " group by " GroupByCols = `package, vulnerability_record.severity, vulnerability_record.cve_id, project.project_id, harbor_user.user_id , repository.repository_id, scanner_registration.id, vulnerability_record.cvss_score_v3, @@ -173,7 +175,7 @@ func (em *exportManager) getFilters(ctx context.Context, params Params, artifact } if len(artifactsWithLabel) > 0 { - filters = em.buildIDFilterFragmentWithIn(artifactsWithLabel, filters, ArtifactParentIDColumn) + filters = em.buildIDFilterFragmentWithInForMultipleCols(artifactsWithLabel, filters, []string{ArtifactParentIDColumn, ArtifactIDColumn}, SQLOr) } if len(filters) == 0 { @@ -202,6 +204,22 @@ func (em *exportManager) buildIDFilterFragmentWithIn(ids []int64, filters []stri return filters } +func (em *exportManager) buildIDFilterFragmentWithInForMultipleCols(ids []int64, filters, columns []string, operator string) []string { + if len(ids) == 0 { + return filters + } + strIds := make([]string, 0) + for _, id := range ids { + strIds = append(strIds, strconv.FormatInt(id, 10)) + } + columnInClauses := make([]string, 0) + for _, column := range columns { + columnInClauses = append(columnInClauses, fmt.Sprintf(" %s in (%s)", column, strings.Join(strIds, ","))) + } + filters = append(filters, strings.Join(columnInClauses, operator)) + return filters +} + // utility method to get all child artifacts belonging to a parent containing // the specified label ids. // Within Harbor, labels are attached to the root artifact whereas scan results