Sub 3621 vulnerabilities + workloads structs + enrichments

[RinaO1234]

Type

Enhancement

---

Description

• Added new types and constants related to RiskFactor in armotypes/common.go.
• Added a new function GetRiskFactors in armotypes/common.go which returns a list of unique risk factors for given control IDs.
• Added new types and constants related to vulnerabilities in armotypes/vulnerabilitytypes.go.
• Added new functions EnrichCVSSData, ParseCVSSVector, and UpdateExploitableField in armotypes/vulnerabilitytypes.go to enrich the CVSS data by parsing the CVSS vector and updating the exploitability field.

---

PR changes walkthrough

Relevant files

Enhancement

2 files common.go                                                                                                      armotypes/common.go Added new types and constants related to RiskFactor. Also, a new function GetRiskFactors has been added which returns a list of unique risk factors for given control IDs. +40/-0 vulnerabilitytypes.go                                                                              armotypes/vulnerabilitytypes.go Added new types and constants related to vulnerabilities. Also, new functions EnrichCVSSData, ParseCVSSVector, and UpdateExploitableField have been added to enrich the CVSS data by parsing the CVSS vector and updating the exploitability field. +182/-6

[codiumai-pr-agent-free]

PR Description updated to latest commit (76aa2e0)

[codiumai-pr-agent-free]

PR Analysis

• 🎯 Main theme: Enhancing the vulnerability and risk factor handling in the codebase
• 📝 PR summary: This PR introduces new types and constants related to RiskFactor and vulnerabilities. It also adds new functions to enrich the CVSS data by parsing the CVSS vector and updating the exploitability field. The changes are primarily in armotypes/common.go and armotypes/vulnerabilitytypes.go.
• 📌 Type of PR: Enhancement
• 🧪 Relevant tests added: No
• ⏱️ Estimated effort to review [1-5]: 4, because the PR introduces a significant amount of new code and logic related to vulnerabilities and risk factors, which requires domain knowledge to review effectively.
• 🔒 Security concerns: No security concerns found

PR Feedback

• 💡 General suggestions: The PR is well-structured and the code is generally clean. However, it would be beneficial to add unit tests to ensure the new functions work as expected. Also, consider removing the 'todo' comments or addressing them before merging.

• 🤖 Code feedback:

  ---

  relevant file	armotypes/common.go
  suggestion	Consider using a more efficient data structure for riskFactorSet. A slice could be used instead of a map to reduce memory usage and improve performance. [medium]
  relevant line	riskFactorSet := make(map[RiskFactor]bool)

  ---

  relevant file	armotypes/vulnerabilitytypes.go
  suggestion	The function EnrichCVSSData could be split into smaller functions to improve readability and maintainability. [medium]
  relevant line	func EnrichCVSSData(vuln *Vulnerability) {

  ---

  relevant file	armotypes/vulnerabilitytypes.go
  suggestion	It would be better to handle the case where cvssInfo.Vector is an empty string at the beginning of the ParseCVSSVector function to avoid unnecessary computations. [important]
  relevant line	func ParseCVSSVector(cvssInfo *CvssInfo) {

  ---

  relevant file	armotypes/vulnerabilitytypes.go
  suggestion	The UpdateExploitableField function could be improved by adding error handling or returning a boolean to indicate whether the operation was successful. [medium]
  relevant line	func UpdateExploitableField(vuln *Vulnerability) {

  ---

  How to use

  Instructions

  To invoke the PR-Agent, add a comment using one of the following commands:
  /review: Request a review of your Pull Request.
  /describe: Update the PR title and description based on the contents of the PR.
  /improve [--extended]: Suggest code improvements. Extended mode provides a higher quality feedback.
  /ask <QUESTION>: Ask a question about the PR.
  /update_changelog: Update the changelog based on the PR's contents.
  /add_docs: Generate docstring for new components introduced in the PR.
  /generate_labels: Generate labels for the PR based on the PR's contents.
  see the tools guide for more details.

  To edit any configuration parameter from the configuration.toml, add --config_path=new_value.
  For example: /review --pr_reviewer.extra_instructions="focus on the file: ..."
  To list the possible configuration parameters, add a /config comment.

[avrahams]

Maybe it is better to put this mapping in the BL?

[RinaO1234]

I was not sure whether it's the only place we need it

[avrahams]

What is ID?
Workload unique identifiers is a combination of cluster, namespace, kind, name
We do not have GUID for this element

[RinaO1234]

we have wlid

[avrahams]

Kind

[RinaO1234]

also here I was confused because they changed it in ui to kind

[avrahams]

Why Top?

[RinaO1234]

fetching top is the same as fetching the whole cves list? the goal is to avoid fetching redundant data

[avrahams]

in my query i bring all cves by severity

[avrahams]

We fetch all cves name sorted by severity according to the filter (if only critical is on so will be the list of CVEs)

[avrahams]

This should be container

[RinaO1234]

we show images in UI not containers

[avrahams]

But an image does not have a container and cluster
a container has an image and cluster

[avrahams]

How can we have many wlids and one namespace and container ?

[avrahams]

component should have many images

[avrahams]

I am ot sure armo types is a good place for these functions ?

[RinaO1234]

are we sure that enrichment will happen only in BL? I thought about having it in common place

[refaelm92]

maybe inline?

[RinaO1234]

inline means the fields are under the object, here we want it as inner feild

[refaelm92]

missing fields:

DateAdded                  string `json:"dateAdded"`
DueDate                    string `json:"dueDate"`
KnownRansomwareCampaignUse string `json:"knownRansomwareCampaignUse"`
Notes                      string `json:"notes"`

also if possible change the type to string, otherwise we will need to manually format each item during the enrichment task

[avrahams]

But an image does not have a container and cluster
a container has an image and cluster

[avrahams]

We fetch all cves name sorted by severity according to the filter (if only critical is on so will be the list of CVEs)

[avrahams]

approved by mistake

[avrahams]

We do not have a wlid in container scan
let's drop this field we do not need it - a workload id is a combination of cluster namespace kind and name

[avrahams]

I think it is better to put the counter as fields
like CriticalCount etc
how do you send a sort by SeverityStats[Critical].total
it is much simpler to sort by criticalCount:desc,hightCount:desc ...

if we do that than maybe we can make all this SeverityStats simpler like map[string][]string (and name it CEVs)

[avrahams]

the cve id is internal to the dal no need to add it

[avrahams]

no wlid in container scan it is only for posture
We have workload hash but it is just combination of cluster, namespace ,kind, name, container-name

[avrahams]

container name

[avrahams]

CriticalCount     int
HighCount         int
MediumCount       int
LowCount          int
ImagesCount       int
RiskControlsCount int

[avrahams]

LastScanTime time.Time