feat: Filter vuln host list cves and show assessment by severity

[dmurray-lacework]

Filter vuln host commands by severity:

• list cves
• show assessment

Usage :
lacework vuln host list-cves --severity high
lacework vuln host list-cves --active --severity high --fixable
lacework vuln host show-assessment 101 --severity high
lacework vuln host show-assessment 101 --packages --severity high

Output:

      CVE ID        SEVERITY   SCORE       PACKAGE         CURRENT VERSION         FIX VERSION        OS VERSION    HOSTS   PKG STATUS   VULN STATUS
------------------+----------+-------+-----------------+----------------------+--------------------+--------------+-------+------------+--------------
...

 10 of 100 cve(s) showing

Signed-off-by: Darren Murray [email protected]

[afiune]

When developing these new flags we need to make sure we give proper messages to our users if not, they will be confused.

For example, if I run this command with the severity flag set to critical:

$ lacework vuln host list-cves --severity critical
There are no vulnerabilities in your environment.

That message is misleading 👆🏽 because there are indeed vulnerabilities, but there are NO vulnerabilities with a critical severity, the message should be instead:

There are no critical vulnerabilities in your environment.

This is the pattern we followed for the other flags --active and --fixable,
here an example:

$ lacework vuln host list-cves --active --fixable
There are no fixable vulnerabilities of packages actively running in your environment.

[afiune]

This makes me think that the other --severity flags we added to the container vulnerability space are not following this same standard ... 🤔 It would be nice to double check.

[afiune]

nit: Everytime I read this footer I feel it looks way better if we type it like:

showing X of Y package(s)

But maybe this is just me.....

[dmurray-lacework]

I quite like this way, with the most important details first. But open to be persuaded otherwise.

showing 1 of 100 package(s)
vs
1 of 100 package(s) showing

[afiune]

all good, this is just my bad English 😂

[dmurray-lacework]

This makes me think that the other --severity flags we added to the container vulnerability space are not following this same standard ... 🤔 It would be nice to double check.

@afiune Slightly different behaviour in vuln ctr code path as we check the result of the vuln assessment when displaying the 0 vulns output instead checking the length of the output rows. I've putting in a fix for the current vuln host scenario. I will address the inconsistency in the 2 code paths in our refactor ticket.

[afiune]