in providers/idefense/schema/convertutils.go [49:133]
func (item *Vulnerability) findConfigurations() []configuration {
configMap := make(map[string]configuration)
if item.Affects == nil {
return confMap2Slice(configMap)
}
// add affected vuln tech
for _, vulnTech := range item.Affects.VulnTechs {
attrs, err := createAttributes(vulnTech.Part, vulnTech.Vendor, vulnTech.Product)
if err != nil {
flog.Errorln(err)
continue
}
cpe23Uri := attrs.BindToFmtString()
config, ok := configMap[cpe23Uri]
if !ok {
config = configuration{Cpe23Uri: cpe23Uri}
}
config.Affected = append(config.Affected, affected{
Version: vulnTech.Version,
Prior: vulnTech.AndPriorVersions,
})
configMap[cpe23Uri] = config
}
// add affected packages
for _, pkg := range item.Affects.Packages {
attrs, err := createAttributes("a", "", pkg.PackageName)
if err != nil {
flog.Errorln(err)
continue
}
cpe23Uri := attrs.BindToFmtString()
config, ok := configMap[cpe23Uri]
if !ok {
config = configuration{Cpe23Uri: cpe23Uri}
}
config.Affected = append(config.Affected, affected{
Version: pkg.PackageVersion,
Prior: pkg.AndPriorVersions,
})
configMap[cpe23Uri] = config
}
if item.FixedBy == nil {
return confMap2Slice(configMap)
}
// add vuln tech fixes
for _, vulnTech := range item.FixedBy.VulnTechs {
attrs, err := createAttributes(vulnTech.Part, vulnTech.Vendor, vulnTech.Product)
if err != nil {
flog.Errorln(err)
continue
}
cpe23Uri := attrs.BindToFmtString()
if config, ok := configMap[cpe23Uri]; ok {
config.HasFixedBy = true
config.FixedByVersion = vulnTech.Version
configMap[cpe23Uri] = config
}
}
// add package fixes
for _, pkg := range item.FixedBy.Packages {
attrs, err := createAttributes("a", "", pkg.PackageName)
if err != nil {
flog.Errorln(err)
continue
}
cpe23Uri := attrs.BindToFmtString()
if config, ok := configMap[cpe23Uri]; ok {
config.HasFixedBy = true
config.FixedByVersion = pkg.PackageVersion
configMap[cpe23Uri] = config
}
}
return confMap2Slice(configMap)
}