Skip to content

Commit 0ff2ec6

Browse files
BacchusJacksonBacchusJackson
authored
Merge pull request #69 from cleong14/main
fix: missing slog.Error for KEV validations
2 parents ce9dd70 + f91a4c8 commit 0ff2ec6

File tree

2 files changed

+20
-10
lines changed

2 files changed

+20
-10
lines changed

CHANGELOG.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
55
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
66
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
77

8+
## [UNRELEASED]
9+
10+
### Fixed
11+
12+
- Missing `slog.Error` for KEV validations
13+
814
## [0.7.0] - 2024-05-17
915

1016
### Changed

pkg/gatecheck/validate.go

Lines changed: 14 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -213,19 +213,21 @@ func ruleGrypeKEVLimit(config *Config, report *artifacts.GrypeReportMin, catalog
213213
slog.Error("kev limit enabled but no catalog data exists")
214214
return false
215215
}
216-
foundKevMatch := false
216+
badCVEs := make([]string, 0)
217217
// Check if vulnerability is in the KEV Catalog
218218
for _, vulnerability := range report.Matches {
219219
inKEVCatalog := slices.ContainsFunc(catalog.Vulnerabilities, func(kevVul kev.Vulnerability) bool {
220220
return kevVul.CveID == vulnerability.Vulnerability.ID
221221
})
222222
if inKEVCatalog {
223-
slog.Warn("Matched to KEV Catalog",
224-
"vulnerability", vulnerability.Vulnerability.ID)
225-
foundKevMatch = true
223+
badCVEs = append(badCVEs, vulnerability.Vulnerability.ID)
224+
slog.Warn("cve found in kev catalog",
225+
"cve_id", vulnerability.Vulnerability.ID)
226226
}
227227
}
228-
if foundKevMatch {
228+
if len(badCVEs) > 0 {
229+
slog.Error("cve(s) found in kev catalog",
230+
"vulnerabilities", len(badCVEs), "kev_catalog_count", len(catalog.Vulnerabilities))
229231
return false
230232
}
231233
slog.Info("kev limit validated, no cves in catalog",
@@ -242,20 +244,22 @@ func ruleCyclonedxKEVLimit(config *Config, report *artifacts.CyclonedxReportMin,
242244
slog.Error("kev limit enabled but no catalog data exists", "artifact", "cyclonedx")
243245
return false
244246
}
245-
foundKevMatch := false
247+
badCVEs := make([]string, 0)
246248
// Check if vulnerability is in the KEV Catalog
247249
for _, vulnerability := range report.Vulnerabilities {
248250
inKEVCatalog := slices.ContainsFunc(catalog.Vulnerabilities, func(kevVul kev.Vulnerability) bool {
249251
return strings.EqualFold(kevVul.CveID, vulnerability.ID)
250252
})
251253

252254
if inKEVCatalog {
253-
slog.Warn("Matched to KEV Catalog",
254-
"vulnerability", vulnerability.ID)
255-
foundKevMatch = true
255+
badCVEs = append(badCVEs, vulnerability.ID)
256+
slog.Warn("cve found in kev catalog",
257+
"cve_id", vulnerability.ID)
256258
}
257259
}
258-
if foundKevMatch {
260+
if len(badCVEs) > 0 {
261+
slog.Error("cve(s) found in kev catalog",
262+
"vulnerabilities", len(badCVEs), "kev_catalog_count", len(catalog.Vulnerabilities))
259263
return false
260264
}
261265
slog.Info("kev limit validated, no cves in catalog",

0 commit comments

Comments
 (0)