Add fixed-in-version to the presenters (#147)

wagoodman · web-flow · commit 1338850a8ebf · 2020-09-09T12:55:22.000-04:00
* add fix-in-version to the json and table presenters

Signed-off-by: Alex Goodman &lt;alex.goodman@anchore.com&gt;

* incorporate grype-db fixed-in updates

Signed-off-by: Alex Goodman &lt;alex.goodman@anchore.com&gt;
diff --git a/go.mod b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/adrg/xdg v0.2.1
 	github.com/anchore/go-testutils v0.0.0-20200624184116-66aa578126db
 	github.com/anchore/go-version v1.2.2-0.20200810141238-330bef18dbca
-	github.com/anchore/grype-db v0.0.0-20200807151757-5aee0401bf56
+	github.com/anchore/grype-db v0.0.0-20200909132108-9474dd8f080f
 	github.com/anchore/stereoscope v0.0.0-20200813152757-548b22c8a0b3
 	github.com/anchore/syft v0.1.0-beta.4.0.20200827121056-d85d0ac418a7
 	github.com/dustin/go-humanize v1.0.0
diff --git a/go.sum b/go.sum
@@ -121,8 +121,8 @@ github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b h1:e1bmaoJfZV
 github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
 github.com/anchore/go-version v1.2.2-0.20200810141238-330bef18dbca h1:rLyc7Rih769rYABQe4nBPt3jHJd/snBuVvKKGoy5HEc=
 github.com/anchore/go-version v1.2.2-0.20200810141238-330bef18dbca/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
-github.com/anchore/grype-db v0.0.0-20200807151757-5aee0401bf56 h1:Hf1i3Imipp+2dmf70U+l7+aYIkzfd3myoUG0t+dBw5w=
-github.com/anchore/grype-db v0.0.0-20200807151757-5aee0401bf56/go.mod h1:LINmipRzG88vnJEWvgMMDVCFH1qZsj7+bjmpERlSyaA=
+github.com/anchore/grype-db v0.0.0-20200909132108-9474dd8f080f h1:/6h4PkxPn0VQ3EjvTKfiPHdpI1TYqRMMywatd81HX3Y=
+github.com/anchore/grype-db v0.0.0-20200909132108-9474dd8f080f/go.mod h1:LINmipRzG88vnJEWvgMMDVCFH1qZsj7+bjmpERlSyaA=
 github.com/anchore/stereoscope v0.0.0-20200520221116-025e07f1c93e h1:QBwtrM0MXi0z+GcHk3RoSyzaQ+CLgas0bC/uOd1P+PQ=
 github.com/anchore/stereoscope v0.0.0-20200520221116-025e07f1c93e/go.mod h1:bkyLl5VITnrmgErv4S1vDfVz/TGAZ5il6161IQo7w2g=
 github.com/anchore/stereoscope v0.0.0-20200813152757-548b22c8a0b3 h1:pl+txuYlhK8Mmio4d+4zQI/1xg8X6BtNErTASrx23Wk=
diff --git a/grype/presenter/json/presenter_test.go b/grype/presenter/json/presenter_test.go
@@ -92,8 +92,9 @@ func TestJsonPresenter(t *testing.T) {
 	var match1 = match.Match{
 		Type: match.ExactDirectMatch,
 		Vulnerability: vulnerability.Vulnerability{
-			ID:           "CVE-1999-0001",
-			RecordSource: "source-1",
+			ID:             "CVE-1999-0001",
+			RecordSource:   "source-1",
+			FixedInVersion: "the-next-version",
 		},
 		Package: &pkg1,
 		Matcher: match.DpkgMatcher,
@@ -127,8 +128,9 @@ func TestJsonPresenter(t *testing.T) {
 	var match3 = match.Match{
 		Type: match.ExactIndirectMatch,
 		Vulnerability: vulnerability.Vulnerability{
-			ID:           "CVE-1999-0003",
-			RecordSource: "source-1",
+			ID:             "CVE-1999-0003",
+			RecordSource:   "source-1",
+			FixedInVersion: "the-other-next-version",
 		},
 		Package: &pkg1,
 		Matcher: match.DpkgMatcher,
diff --git a/grype/presenter/json/test-fixtures/snapshot/TestJsonPresenter.golden b/grype/presenter/json/test-fixtures/snapshot/TestJsonPresenter.golden
@@ -6,7 +6,8 @@
    "cvss-v3": {
     "base-score": 4,
     "vector": "another vector"
-   }
+   },
+   "fixed-in-version": "the-next-version"
   },
   "match-details": {
    "matcher": "dpkg-matcher",
@@ -73,7 +74,8 @@
  {
   "vulnerability": {
    "id": "CVE-1999-0003",
-   "description": "1999-03 description"
+   "description": "1999-03 description",
+   "fixed-in-version": "the-other-next-version"
   },
   "match-details": {
    "matcher": "dpkg-matcher",
diff --git a/grype/presenter/json/vulnerability.go b/grype/presenter/json/vulnerability.go
@@ -13,12 +13,13 @@ type Cvss struct {
 }
 
 type Vulnerability struct {
-	ID          string   `json:"id"`
-	Severity    string   `json:"severity,omitempty"`
-	Links       []string `json:"links,omitempty"`
-	Description string   `json:"description,omitempty"`
-	CvssV2      *Cvss    `json:"cvss-v2,omitempty"`
-	CvssV3      *Cvss    `json:"cvss-v3,omitempty"`
+	ID             string   `json:"id"`
+	Severity       string   `json:"severity,omitempty"`
+	Links          []string `json:"links,omitempty"`
+	Description    string   `json:"description,omitempty"`
+	CvssV2         *Cvss    `json:"cvss-v2,omitempty"`
+	CvssV3         *Cvss    `json:"cvss-v3,omitempty"`
+	FixedInVersion string   `json:"fixed-in-version,omitempty"`
 }
 
 func NewVulnerability(m match.Match, metadata *vulnerability.Metadata) Vulnerability {
@@ -63,11 +64,12 @@ func NewVulnerability(m match.Match, metadata *vulnerability.Metadata) Vulnerabi
 	}
 
 	return Vulnerability{
-		ID:          m.Vulnerability.ID,
-		Severity:    metadata.Severity,
-		Links:       metadata.Links,
-		Description: metadata.Description,
-		CvssV2:      cvssV2,
-		CvssV3:      cvssV3,
+		ID:             m.Vulnerability.ID,
+		Severity:       metadata.Severity,
+		Links:          metadata.Links,
+		Description:    metadata.Description,
+		CvssV2:         cvssV2,
+		CvssV3:         cvssV3,
+		FixedInVersion: m.Vulnerability.FixedInVersion,
 	}
 }
diff --git a/grype/presenter/table/presenter.go b/grype/presenter/table/presenter.go
@@ -31,7 +31,7 @@ func NewPresenter(results result.Result, catalog *pkg.Catalog, metadataProvider
 func (pres *Presenter) Present(output io.Writer) error {
 	rows := make([][]string, 0)
 
-	columns := []string{"Name", "Installed", "Vulnerability", "Severity"}
+	columns := []string{"Name", "Installed", "Fixed-In", "Vulnerability", "Severity"}
 	for m := range pres.results.Enumerate() {
 		var severity string
 
@@ -47,6 +47,7 @@ func (pres *Presenter) Present(output io.Writer) error {
 		row := []string{
 			m.Package.Name,
 			m.Package.Version,
+			m.Vulnerability.FixedInVersion,
 			m.Vulnerability.ID,
 			severity,
 		}
diff --git a/grype/presenter/table/presenter_test.go b/grype/presenter/table/presenter_test.go
@@ -88,8 +88,9 @@ func TestTablePresenter(t *testing.T) {
 	var match2 = match.Match{
 		Type: match.ExactIndirectMatch,
 		Vulnerability: vulnerability.Vulnerability{
-			ID:           "CVE-1999-0002",
-			RecordSource: "source-2",
+			ID:             "CVE-1999-0002",
+			RecordSource:   "source-2",
+			FixedInVersion: "the-next-version",
 		},
 		Package: &pkg2,
 		Matcher: match.DpkgMatcher,
diff --git a/grype/presenter/table/test-fixtures/snapshot/TestTablePresenter.golden b/grype/presenter/table/test-fixtures/snapshot/TestTablePresenter.golden
@@ -1,3 +1,3 @@
-NAME       INSTALLED  VULNERABILITY  SEVERITY 
-package-1  1.0.1      CVE-1999-0001  Low       
-package-2  2.0.1      CVE-1999-0002  Critical  
+NAME       INSTALLED  FIXED-IN          VULNERABILITY  SEVERITY 
+package-1  1.0.1                        CVE-1999-0001  Low       
+package-2  2.0.1      the-next-version  CVE-1999-0002  Critical  
diff --git a/grype/vulnerability/vulnerability.go b/grype/vulnerability/vulnerability.go
@@ -9,10 +9,11 @@ import (
 )
 
 type Vulnerability struct {
-	Constraint   version.Constraint
-	CPEs         []cpe.CPE
-	ID           string
-	RecordSource string
+	Constraint     version.Constraint
+	CPEs           []cpe.CPE
+	ID             string
+	RecordSource   string
+	FixedInVersion string
 }
 
 func NewVulnerability(vuln v1.Vulnerability) (*Vulnerability, error) {
@@ -24,10 +25,11 @@ func NewVulnerability(vuln v1.Vulnerability) (*Vulnerability, error) {
 	}
 
 	return &Vulnerability{
-		Constraint:   constraint,
-		ID:           vuln.ID,
-		CPEs:         make([]cpe.CPE, 0),
-		RecordSource: vuln.RecordSource,
+		Constraint:     constraint,
+		ID:             vuln.ID,
+		CPEs:           make([]cpe.CPE, 0),
+		RecordSource:   vuln.RecordSource,
+		FixedInVersion: vuln.FixedInVersion,
 	}, nil
 }
 
