feat(cli): add --packages flag to vulnerability cmd (#149)

Signed-off-by: Salim Afiune Maya <[email protected]>

cli/cmd/vulnerability.go

@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"regexp"
 	"sort"
+	"strconv"
 	"strings"
 	"time"
 
@@ -49,6 +50,9 @@ var (
 
 		// display only fixable vulnerabilities
 		Fixable bool
+
+		// show a list of packages by number of CVEs
+		Packages bool
 	}{PollInterval: time.Second * 5}
 
 	// vulnerability represents the vulnerability command
@@ -283,6 +287,12 @@ func init() {
 		vulReportCmd.Flags(),
 	)
 
+	setPackagesFlag(
+		vulScanRunCmd.Flags(),
+		vulScanShowCmd.Flags(),
+		vulReportCmd.Flags(),
+	)
+
 	vulReportCmd.Flags().BoolVar(
 		&vulCmdState.ImageID, "image_id", false,
 		"tread the provided sha256 hash as image id",
@@ -300,6 +310,16 @@ func setPollFlag(cmds ...*flag.FlagSet) {
 	}
 }
 
+func setPackagesFlag(cmds ...*flag.FlagSet) {
+	for _, cmd := range cmds {
+		if cmd != nil {
+			cmd.BoolVar(&vulCmdState.Packages, "packages", false,
+				"show a list of packages with CVE count",
+			)
+		}
+	}
+}
+
 func setFixableFlag(cmds ...*flag.FlagSet) {
 	for _, cmd := range cmds {
 		if cmd != nil {
@@ -423,9 +443,15 @@ func buildVulnerabilityReport(report *api.VulContainerReport) string {
 	})
 	t.Render()
 
-	if vulCmdState.Details || vulCmdState.Fixable {
-		mainReport.WriteString(buildVulnerabilityReportDetails(report))
-		mainReport.WriteString("\n")
+	if vulCmdState.Details || vulCmdState.Fixable || vulCmdState.Packages {
+		if vulCmdState.Packages {
+			mainReport.WriteString(buildVulnerabilityPackageSummary(report))
+			mainReport.WriteString("\n")
+		} else {
+			mainReport.WriteString(buildVulnerabilityReportDetails(report))
+			mainReport.WriteString("\n")
+			mainReport.WriteString("Try using '--packages' to show a list of packages with CVE count.\n")
+		}
 	} else {
 		mainReport.WriteString(
 			"Try using '--details' to increase details shown about the vulnerability report.\n",
@@ -435,6 +461,29 @@ func buildVulnerabilityReport(report *api.VulContainerReport) string {
 	return mainReport.String()
 }
 
+func buildVulnerabilityPackageSummary(report *api.VulContainerReport) string {
+	var (
+		detailsTable = &strings.Builder{}
+		t            = tablewriter.NewWriter(detailsTable)
+	)
+
+	t.SetRowLine(false)
+	t.SetBorder(false)
+	t.SetColumnSeparator(" ")
+	t.SetAlignment(tablewriter.ALIGN_LEFT)
+	t.SetHeader([]string{
+		"CVE Count",
+		"Severity",
+		"Package",
+		"Current Version",
+		"Fix Version",
+	})
+	t.AppendBulk(vulContainerImagePackagesToTable(report.Image))
+	t.Render()
+
+	return detailsTable.String()
+}
+
 func buildVulnerabilityReportDetails(report *api.VulContainerReport) string {
 	var (
 		detailsTable = &strings.Builder{}
@@ -463,6 +512,57 @@ func buildVulnerabilityReportDetails(report *api.VulContainerReport) string {
 	return detailsTable.String()
 }
 
+func vulContainerImagePackagesToTable(image *api.VulContainerImage) [][]string {
+	if image == nil {
+		return [][]string{}
+	}
+
+	out := [][]string{}
+	for _, layer := range image.ImageLayers {
+		for _, pkg := range layer.Packages {
+			for _, vul := range pkg.Vulnerabilities {
+				if vulCmdState.Fixable && vul.FixVersion == "" {
+					continue
+				}
+
+				added := false
+				for i := range out {
+					if out[i][1] == strings.Title(vul.Severity) &&
+						out[i][2] == pkg.Name &&
+						out[i][3] == pkg.Version &&
+						out[i][4] == vul.FixVersion {
+
+						if count, err := strconv.Atoi(out[i][0]); err == nil {
+							out[i][0] = fmt.Sprintf("%d", (count + 1))
+							added = true
+						}
+
+					}
+				}
+
+				if added {
+					continue
+				}
+
+				out = append(out, []string{
+					"1",
+					strings.Title(vul.Severity),
+					pkg.Name,
+					pkg.Version,
+					vul.FixVersion,
+				})
+			}
+		}
+	}
+
+	// order by severity
+	sort.Slice(out, func(i, j int) bool {
+		return severityOrder(out[i][1]) < severityOrder(out[j][1])
+	})
+
+	return out
+}
+
 func vulContainerImageLayersToTable(image *api.VulContainerImage) [][]string {
 	if image == nil {
 		return [][]string{}