chore(cli): leave breadcrumbs for host vuln cmds

Signed-off-by: Salim Afiune Maya <[email protected]>
lacework · Aug 24, 2020 · 45d8427 · 45d8427
1 parent 9f027b9
commit 45d8427
Show file tree

Hide file tree

Showing 5 changed files with 88 additions and 105 deletions.
diff --git a/api/vulnerabilities_host.go b/api/vulnerabilities_host.go
@@ -250,7 +250,6 @@ func (counts *HostVulnSeverityCounts) VulnerabilityCounts() HostVulnCounts {
 	}
 
 	return hostCounts
-
 }
 
 type hostVulnSeverityCountsDetails struct {

diff --git a/cli/cmd/vuln_container.go b/cli/cmd/vuln_container.go
@@ -340,15 +340,15 @@ For more information about supported distributions, visit:
 	return nil
 }
 
-func buildVulnerabilityReport(report *api.VulnContainerAssessment) string {
+func buildVulnerabilityReport(assessment *api.VulnContainerAssessment) string {
 	var (
 		t                 *tablewriter.Table
 		imageDetailsTable = &strings.Builder{}
 		vulCountsTable    = &strings.Builder{}
 		mainReport        = &strings.Builder{}
 	)
 
-	if report.TotalVulnerabilities == 0 {
+	if assessment.TotalVulnerabilities == 0 {
 		// @afiune this emoji's do not work on Windows
 		return fmt.Sprintf("Great news! This container image has no vulnerabilities... (time for %s)\n", randomEmoji())
 	}
@@ -357,7 +357,7 @@ func buildVulnerabilityReport(report *api.VulnContainerAssessment) string {
 	t.SetBorder(false)
 	t.SetColumnSeparator("")
 	t.SetAlignment(tablewriter.ALIGN_LEFT)
-	t.AppendBulk(vulContainerImageToTable(report.Image))
+	t.AppendBulk(vulContainerImageToTable(assessment.Image))
 	t.Render()
 
 	t = tablewriter.NewWriter(vulCountsTable)
@@ -366,7 +366,7 @@ func buildVulnerabilityReport(report *api.VulnContainerAssessment) string {
 	t.SetHeader([]string{
 		"Severity", "Count", "Fixable",
 	})
-	t.AppendBulk(vulContainerReportToCountsTable(report))
+	t.AppendBulk(vulContainerAssessmentToCountsTable(assessment))
 	t.Render()
 
 	t = tablewriter.NewWriter(mainReport)
@@ -384,23 +384,23 @@ func buildVulnerabilityReport(report *api.VulnContainerAssessment) string {
 
 	if vulCmdState.Details || vulCmdState.Fixable || vulCmdState.Packages {
 		if vulCmdState.Packages {
-			mainReport.WriteString(buildVulnerabilityPackageSummary(report))
+			mainReport.WriteString(buildVulnerabilityPackageSummary(assessment))
 			mainReport.WriteString("\n")
 		} else {
-			mainReport.WriteString(buildVulnerabilityReportDetails(report))
+			mainReport.WriteString(buildVulnerabilityReportDetails(assessment))
 			mainReport.WriteString("\n")
 			mainReport.WriteString("Try adding '--packages' to show a list of packages with CVE count.\n")
 		}
 	} else {
 		mainReport.WriteString(
-			"Try adding '--details' to increase details shown about the vulnerability report.\n",
+			"Try adding '--details' to increase details shown about the vulnerability assessment.\n",
 		)
 	}
 
 	return mainReport.String()
 }
 
-func buildVulnerabilityPackageSummary(report *api.VulnContainerAssessment) string {
+func buildVulnerabilityPackageSummary(assessment *api.VulnContainerAssessment) string {
 	var (
 		detailsTable = &strings.Builder{}
 		t            = tablewriter.NewWriter(detailsTable)
@@ -417,13 +417,13 @@ func buildVulnerabilityPackageSummary(report *api.VulnContainerAssessment) strin
 		"Current Version",
 		"Fix Version",
 	})
-	t.AppendBulk(vulContainerImagePackagesToTable(report.Image))
+	t.AppendBulk(vulContainerImagePackagesToTable(assessment.Image))
 	t.Render()
 
 	return detailsTable.String()
 }
 
-func buildVulnerabilityReportDetails(report *api.VulnContainerAssessment) string {
+func buildVulnerabilityReportDetails(assessment *api.VulnContainerAssessment) string {
 	var (
 		detailsTable = &strings.Builder{}
 		t            = tablewriter.NewWriter(detailsTable)
@@ -445,7 +445,7 @@ func buildVulnerabilityReportDetails(report *api.VulnContainerAssessment) string
 		"Fix Version",
 		"Introduced in Layer",
 	})
-	t.AppendBulk(vulContainerImageLayersToTable(report.Image))
+	t.AppendBulk(vulContainerImageLayersToTable(assessment.Image))
 	t.Render()
 
 	return detailsTable.String()
@@ -536,18 +536,18 @@ func vulContainerImageLayersToTable(image *api.VulnContainerImage) [][]string {
 	return out
 }
 
-func vulContainerReportToCountsTable(report *api.VulnContainerAssessment) [][]string {
+func vulContainerAssessmentToCountsTable(assessment *api.VulnContainerAssessment) [][]string {
 	return [][]string{
-		[]string{"Critical", fmt.Sprint(report.CriticalVulnerabilities),
-			fmt.Sprint(report.VulnFixableCount("critical"))},
-		[]string{"High", fmt.Sprint(report.HighVulnerabilities),
-			fmt.Sprint(report.VulnFixableCount("high"))},
-		[]string{"Medium", fmt.Sprint(report.MediumVulnerabilities),
-			fmt.Sprint(report.VulnFixableCount("medium"))},
-		[]string{"Low", fmt.Sprint(report.LowVulnerabilities),
-			fmt.Sprint(report.VulnFixableCount("low"))},
-		[]string{"Info", fmt.Sprint(report.InfoVulnerabilities),
-			fmt.Sprint(report.VulnFixableCount("info"))},
+		[]string{"Critical", fmt.Sprint(assessment.CriticalVulnerabilities),
+			fmt.Sprint(assessment.VulnFixableCount("critical"))},
+		[]string{"High", fmt.Sprint(assessment.HighVulnerabilities),
+			fmt.Sprint(assessment.VulnFixableCount("high"))},
+		[]string{"Medium", fmt.Sprint(assessment.MediumVulnerabilities),
+			fmt.Sprint(assessment.VulnFixableCount("medium"))},
+		[]string{"Low", fmt.Sprint(assessment.LowVulnerabilities),
+			fmt.Sprint(assessment.VulnFixableCount("low"))},
+		[]string{"Info", fmt.Sprint(assessment.InfoVulnerabilities),
+			fmt.Sprint(assessment.VulnFixableCount("info"))},
 	}
 }
 
@@ -599,7 +599,7 @@ func vulAssessmentsToTableReport(assessments []api.VulnContainerAssessmentSummar
 
 	if !vulCmdState.Active {
 		assessmentsTable.WriteString(
-			"\nTry adding '--active' to only show assessments of containers actively running with vulnerabilities in your environment.\n",
+			"\nTry adding '--active' to only show assessments of containers actively running with vulnerabilities.\n",
 		)
 	} else if !vulCmdState.Fixable {
 		assessmentsTable.WriteString(

diff --git a/cli/cmd/vuln_host.go b/cli/cmd/vuln_host.go
@@ -98,7 +98,7 @@ To only show fixable vulnerabilities of packages actively running in your enviro
 			}
 
 			if vulCmdState.Packages {
-				cli.OutputHuman(hostVulnCVEsPackagesSummary(response.CVEs))
+				cli.OutputHuman(hostVulnCVEsPackagesSummary(response.CVEs, true))
 			} else {
 				cli.OutputHuman(hostVulnCVEsToTable(response.CVEs))
 			}
@@ -165,12 +165,6 @@ Grab a CVE id and feed it to the command:
 			}
 
 			cli.OutputHuman(hostVulnHostDetailsToTable(response.Assessment))
-			cli.OutputHuman("\n")
-			if vulCmdState.Packages {
-				cli.OutputHuman(hostVulnCVEsPackagesSummary(response.Assessment.CVEs))
-			} else {
-				cli.OutputHuman(hostVulnHostAssessmentCVEsToTable(response.Assessment))
-			}
 			return nil
 		},
 	}
@@ -206,14 +200,15 @@ func init() {
 		vulHostShowAssessmentCmd.Flags(),
 	)
 
-	// add active flag to host show-assessments command
-	vulHostShowAssessmentCmd.Flags().BoolVar(&vulCmdState.Active,
-		"active", false, "only show vulnerabilities of packages actively running in your environment",
+	setDetailsFlag(
+		vulHostShowAssessmentCmd.Flags(),
 	)
-	// add active flag to host list-cves command
-	vulHostListCvesCmd.Flags().BoolVar(&vulCmdState.Active,
-		"active", false, "only show vulnerabilities of packages actively running in your environment",
+
+	setActiveFlag(
+		vulHostShowAssessmentCmd.Flags(),
+		vulHostListCvesCmd.Flags(),
 	)
+
 	// add online flag to host list-hosts command
 	vulHostListHostsCmd.Flags().BoolVar(&vulCmdState.Online,
 		"online", false, "only show hosts that are online",
@@ -313,30 +308,33 @@ func hostVulnSummaryFromHostDetail(hostVulnSummary *api.HostVulnCveSummary) (str
 	return strings.Join(summary, " "), true
 }
 
-func hostVulnCVEsPackagesSummary(cves []api.HostVulnCVE) string {
+func hostVulnCVEsPackagesSummary(cves []api.HostVulnCVE, withHosts bool) string {
 	var (
 		tableBuilder = &strings.Builder{}
 		t            = tablewriter.NewWriter(tableBuilder)
 	)
 
-	t.SetHeader([]string{
+	headers := []string{
 		"CVE Count",
 		"Severity",
 		"Package",
 		"Current Version",
 		"Fix Version",
 		"Pkg Status",
-		"Hosts",
-	})
+	}
+	if withHosts {
+		headers = append(headers, "Hosts")
+	}
+	t.SetHeader(headers)
 	t.SetBorder(false)
 	t.SetAlignment(tablewriter.ALIGN_LEFT)
-	t.AppendBulk(hostVulnPackagesTable(cves))
+	t.AppendBulk(hostVulnPackagesTable(cves, withHosts))
 	t.Render()
 
 	return tableBuilder.String()
 }
 
-func hostVulnPackagesTable(cves []api.HostVulnCVE) [][]string {
+func hostVulnPackagesTable(cves []api.HostVulnCVE, withHosts bool) [][]string {
 	out := [][]string{}
 	for _, cve := range cves {
 		for _, pkg := range cve.Packages {
@@ -361,10 +359,12 @@ func hostVulnPackagesTable(cves []api.HostVulnCVE) [][]string {
 						added = true
 					}
 
-					if countHosts, err := strconv.Atoi(out[i][6]); err == nil {
-						prevCount := stringToInt(pkg.HostCount)
-						out[i][6] = fmt.Sprintf("%d", (countHosts + prevCount))
-						added = true
+					if withHosts {
+						if countHosts, err := strconv.Atoi(out[i][6]); err == nil {
+							prevCount := stringToInt(pkg.HostCount)
+							out[i][6] = fmt.Sprintf("%d", (countHosts + prevCount))
+							added = true
+						}
 					}
 
 				}
@@ -374,15 +374,18 @@ func hostVulnPackagesTable(cves []api.HostVulnCVE) [][]string {
 				continue
 			}
 
-			out = append(out, []string{
+			row := []string{
 				"1",
 				strings.Title(pkg.Severity),
 				pkg.Name,
 				pkg.Version,
 				pkg.FixedVersion,
 				pkg.PackageStatus,
-				pkg.HostCount,
-			})
+			}
+			if withHosts {
+				row = append(row, pkg.HostCount)
+			}
+			out = append(out, row)
 		}
 	}
 
@@ -533,6 +536,29 @@ func hostVulnHostDetailsToTable(assessment api.HostVulnHostAssessment) string {
 	})
 	t.Render()
 
+	if vulCmdState.Details || vulCmdState.Fixable || vulCmdState.Packages || vulCmdState.Active {
+		if vulCmdState.Packages {
+			tableBuilder.WriteString(hostVulnCVEsPackagesSummary(assessment.CVEs, false))
+		} else {
+			tableBuilder.WriteString(hostVulnHostAssessmentCVEsToTable(assessment))
+		}
+		tableBuilder.WriteString("\n")
+	}
+
+	if !vulCmdState.Details && !vulCmdState.Active && !vulCmdState.Fixable && !vulCmdState.Packages {
+		tableBuilder.WriteString(
+			"Try adding '--details' to increase details shown about the vulnerability assessment.\n",
+		)
+	} else if !vulCmdState.Active {
+		tableBuilder.WriteString(
+			"Try adding '--active' to only show vulnerabilities of packages actively running.\n",
+		)
+	} else if !vulCmdState.Fixable {
+		tableBuilder.WriteString(
+			"Try adding '--fixable' to only show fixable vulnerabilities.\n",
+		)
+	}
+
 	return tableBuilder.String()
 }
 
@@ -656,55 +682,3 @@ func addToHostSummary(text []string, num int32, severity string) []string {
 	}
 	return text
 }
-
-// @afiune maybe a flag --summary ???
-//func _hostVulnCVEsToTableSummary(cves []api.HostVulnCVE) string {
-//var (
-//tableBuilder = &strings.Builder{}
-//t            = tablewriter.NewWriter(tableBuilder)
-//)
-
-//t.SetHeader([]string{
-//"CVE ID",
-//"Severity",
-//"Vuln Count",
-//"Packages",
-//})
-//t.SetBorder(false)
-//t.AppendBulk(hostVulnCVEsTable(cves))
-//t.Render()
-
-//return tableBuilder.String()
-//}
-
-//func _hostVulnCVEsTableSummary(cves []api.HostVulnCVE) [][]string {
-//out := [][]string{}
-//for _, cve := range cves {
-//severity := ""
-//pkgs := []string{}
-
-//for _, pkg := range cve.Packages {
-//if severityOrder(severity) > severityOrder(pkg.Severity) {
-//severity = pkg.Severity
-//}
-//// TODO @afiune constant or variable to customize
-//if len(pkgs) < 11 {
-//pkgs = append(pkgs, pkg.Name)
-//}
-//}
-
-//out = append(out, []string{
-//cve.ID,
-//severity,
-//fmt.Sprintf("%d", cve.Summary.TotalVulnerabilities),
-//strings.Join(pkgs, ","),
-//})
-//}
-
-//// order by severity
-//sort.Slice(out, func(i, j int) bool {
-//return severityOrder(out[i][1]) < severityOrder(out[j][1])
-//})
-
-//return out
-//}
diff --git a/cli/cmd/vulnerability.go b/cli/cmd/vulnerability.go
@@ -82,7 +82,7 @@ var (
 		Use:     "container",
 		Aliases: []string{"ctr"},
 		Short:   "vulnerability assessment for containers",
-		Long: `Request on-demand container vulnerability scans and vizualize previous
+		Long: `Request on-demand container vulnerability scans and visualize previous
 assessments from published images.
 
 (*) PREREQUISITE: Your Lacework account should already be configured
@@ -104,7 +104,7 @@ Then navigate to Settings > Integrations > Container Registry.`,
 	vulHostCmd = &cobra.Command{
 		Use:   "host",
 		Short: "vulnerability assessment for hosts",
-		Long: `Request on-demand host vulnerability scans and vizualize assessments
+		Long: `Request on-demand host vulnerability scans and visualize assessments
 from hosts with the Lacework datacollector agent installed.
 `,
 	}
@@ -257,6 +257,16 @@ func setDetailsFlag(cmds ...*flag.FlagSet) {
 	}
 }
 
+func setActiveFlag(cmds ...*flag.FlagSet) {
+	for _, cmd := range cmds {
+		if cmd != nil {
+			cmd.BoolVar(&vulCmdState.Active, "active", false,
+				"only show vulnerabilities of packages actively running in your environment",
+			)
+		}
+	}
+}
+
 func pollScanStatus(requestID string) error {
 	cli.StartProgress(" Scan running...")
 

diff --git a/integration/container_vulnerability_test.go b/integration/container_vulnerability_test.go
@@ -187,7 +187,7 @@ func TestContainerVulnerabilityCommandsEndToEnd(t *testing.T) {
 			assert.Contains(t, scanStatusOutput, str,
 				"STDOUT table does not contain the '"+str+"' output")
 		}
-		assert.Contains(t, scanStatusOutput, "Try adding '--details' to increase details shown about the vulnerability report.",
+		assert.Contains(t, scanStatusOutput, "Try adding '--details' to increase details shown about the vulnerability assessment.",
 			"STDOUT breadcrumbs changed, please update")
 	})