From cb9411054924e41a5c2f63c6f421bac25f908111 Mon Sep 17 00:00:00 2001 From: an1l4 <1995anila@gmail.com> Date: Wed, 8 Nov 2023 11:17:01 +0530 Subject: [PATCH 1/4] sbom-fix --- agent/kubviz/trivy_sbom.go | 7 +-- client/pkg/clickhouse/db_client.go | 66 +++++++++-------------------- client/pkg/clickhouse/statements.go | 2 +- client/pkg/clients/kubviz_client.go | 2 +- model/trivy_sbom.go | 55 ++---------------------- sql/0000015_trivysbom.up.sql | 26 +++--------- 6 files changed, 38 insertions(+), 120 deletions(-) diff --git a/agent/kubviz/trivy_sbom.go b/agent/kubviz/trivy_sbom.go index c0b697aa..fe9c5cf8 100644 --- a/agent/kubviz/trivy_sbom.go +++ b/agent/kubviz/trivy_sbom.go @@ -7,6 +7,7 @@ import ( "log" "os/exec" + "github.com/aquasecurity/trivy/pkg/sbom/cyclonedx" "github.com/google/uuid" "github.com/intelops/kubviz/constants" "github.com/intelops/kubviz/model" @@ -14,8 +15,8 @@ import ( "k8s.io/client-go/rest" ) -func publishTrivySbomReport(report model.Sbom, js nats.JetStreamContext) error { - metrics := model.Reports{ +func publishTrivySbomReport(report cyclonedx.BOM, js nats.JetStreamContext) error { + metrics := model.Sbom{ ID: uuid.New().String(), Report: report, } @@ -67,7 +68,7 @@ func RunTrivySbomScan(config *rest.Config, js nats.JetStreamContext) error { continue // Move on to the next image } - var report model.Sbom + var report cyclonedx.BOM err = json.Unmarshal(out, &report) if err != nil { log.Printf("Error unmarshaling JSON data for image sbom %s: %v", image.PullableImage, err) diff --git a/client/pkg/clickhouse/db_client.go b/client/pkg/clickhouse/db_client.go index e517ebd1..82d3c1d0 100644 --- a/client/pkg/clickhouse/db_client.go +++ b/client/pkg/clickhouse/db_client.go @@ -33,7 +33,7 @@ type DBInterface interface { InsertGitEvent(string) InsertKubeScoreMetrics(model.KubeScoreRecommendations) InsertTrivyImageMetrics(metrics model.TrivyImage) - InsertTrivySbomMetrics(metrics model.Reports) + InsertTrivySbomMetrics(metrics model.Sbom) InsertTrivyMetrics(metrics model.Trivy) RetriveKetallEvent() ([]model.Resource, error) RetriveOutdatedEvent() ([]model.CheckResultfinal, error) @@ -600,55 +600,31 @@ func (c *DBClient) InsertTrivyImageMetrics(metrics model.TrivyImage) { } } -func (c *DBClient) InsertTrivySbomMetrics(metrics model.Reports) { +func (c *DBClient) InsertTrivySbomMetrics(metrics model.Sbom) { log.Println("####started inserting value") result := metrics.Report - tx, err := c.conn.Begin() - if err != nil { - log.Println("error in conn Begin", err) - } - defer tx.Rollback() - stmt, err := tx.Prepare(InsertTrivySbom) - if err != nil { - log.Println("error in prepare", err) - } - defer stmt.Close() - for _, com := range result.Components { - if len(result.Metadata.Tools) == 0 || len(com.Properties) == 0 || len(com.Hashes) == 0 || len(com.Licenses) == 0 { - continue - } - for _, depend := range result.Dependencies { - if _, err := stmt.Exec( - metrics.ID, - result.Schema, - result.BomFormat, - result.SpecVersion, - result.SerialNumber, - int32(result.Version), - result.Metadata.Timestamp, - result.Metadata.Tools[0].Vendor, - result.Metadata.Tools[0].Name, - result.Metadata.Tools[0].Version, - com.BomRef, - com.Type, - com.Name, - com.Version, - com.Properties[0].Name, - com.Properties[0].Value, - com.Hashes[0].Alg, - com.Hashes[0].Content, - com.Licenses[0].Expression, - com.Purl, - depend.Ref, - ); err != nil { - log.Fatal(err) - } - } + var ( + tx, _ = c.conn.Begin() + stmt, _ = tx.Prepare(InsertTrivySbom) + ) + if _,err:= stmt.Exec( + metrics.ID, + result.CycloneDX.Metadata.Component.Name, + result.CycloneDX.Metadata.Component.Version, + result.CycloneDX.Metadata.Component.PackageURL, + result.CycloneDX.Metadata.Component.MIMEType, + result.CycloneDX.Metadata.Component.BOMRef, + result.CycloneDX.SerialNumber, + result.CycloneDX.Version, + result.CycloneDX.BOMFormat, + ); err!=nil { + log.Fatal(err) } - if err := tx.Commit(); err != nil { + if err:=tx.Commit();err!=nil { log.Fatal(err) } - log.Println("value inserted") + stmt.Close() + } func (c *DBClient) Close() { _ = c.conn.Close() diff --git a/client/pkg/clickhouse/statements.go b/client/pkg/clickhouse/statements.go index 8d2bb614..34aa1b92 100644 --- a/client/pkg/clickhouse/statements.go +++ b/client/pkg/clickhouse/statements.go @@ -242,6 +242,6 @@ const InsertTrivyVul string = "INSERT INTO trivy_vul (id, cluster_name, namespac const InsertTrivyImage string = "INSERT INTO trivyimage (id, cluster_name, artifact_name, vul_id, vul_pkg_id, vul_pkg_name, vul_installed_version, vul_fixed_version, vul_title, vul_severity, vul_published_date, vul_last_modified_date) VALUES ( ?, ?,?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" const InsertTrivyMisconfig string = "INSERT INTO trivy_misconfig (id, cluster_name, namespace, kind, name, misconfig_id, misconfig_avdid, misconfig_type, misconfig_title, misconfig_desc, misconfig_msg, misconfig_query, misconfig_resolution, misconfig_severity, misconfig_status, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" const InsertAzureContainerPushEvent DBStatement = "INSERT INTO azurecontainerpush (RegistryURL, RepositoryName, Tag, ImageName, Event, Size, SHAID, EventTime) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?)" -const InsertTrivySbom string = "INSERT INTO trivysbom (id, schema, bom_format,spec_version,serial_number, version, metadata_timestamp,metatool_vendor,metatool_name,metatool_version,component_bom_ref,component_type,component_name,component_version,component_property_name,component_property_value,component_hash_alg,component_hash_content,component_license_exp,component_purl,dependency_ref) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)" +const InsertTrivySbom string = "INSERT INTO trivysbom (id, image_name, image_version, package_url, mime_type, bom_ref, serial_number, version, bom_format) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)" const InsertQuayContainerPushEvent DBStatement = "INSERT INTO quaycontainerpush (name, repository, nameSpace, dockerURL, homePage, tag, Event, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?)" const InsertJfrogContainerPushEvent DBStatement = "INSERT INTO jfrogcontainerpush (Domain, EventType, RegistryURL, RepositoryName, SHAID, Size, ImageName, Tag, Event, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" diff --git a/client/pkg/clients/kubviz_client.go b/client/pkg/clients/kubviz_client.go index 394bf8a1..e2208a4a 100644 --- a/client/pkg/clients/kubviz_client.go +++ b/client/pkg/clients/kubviz_client.go @@ -118,7 +118,7 @@ func (n *NATSContext) SubscribeAllKubvizNats(conn clickhouse.DBInterface) { Consumer: constants.Trivy_Sbom_Consumer, Handler: func(msg *nats.Msg) { msg.Ack() - var metrics model.Reports + var metrics model.Sbom err := json.Unmarshal(msg.Data, &metrics) if err != nil { log.Println("failed to unmarshal in nats", err) diff --git a/model/trivy_sbom.go b/model/trivy_sbom.go index bcbe7219..c6e6c850 100644 --- a/model/trivy_sbom.go +++ b/model/trivy_sbom.go @@ -1,59 +1,12 @@ package model import ( - "time" + "github.com/aquasecurity/trivy/pkg/sbom/cyclonedx" ) -type Reports struct { +type Sbom struct { ID string - Report Sbom + Report cyclonedx.BOM } -type Sbom struct { - Schema string `json:"$schema"` - BomFormat string `json:"bomFormat"` - SpecVersion string `json:"specVersion"` - SerialNumber string `json:"serialNumber"` - Version int `json:"version"` - Metadata struct { - Timestamp time.Time `json:"timestamp"` - Tools []struct { - Vendor string `json:"vendor"` - Name string `json:"name"` - Version string `json:"version"` - } `json:"tools"` - Component struct { - BomRef string `json:"bom-ref"` - Type string `json:"type"` - Name string `json:"name"` - Purl string `json:"purl"` - Properties []struct { - Name string `json:"name"` - Value string `json:"value"` - } `json:"properties"` - } `json:"component"` - } `json:"metadata"` - Components []struct { - BomRef string `json:"bom-ref"` - Type string `json:"type"` - Name string `json:"name"` - Version string `json:"version"` - Properties []struct { - Name string `json:"name"` - Value string `json:"value"` - } `json:"properties"` - Hashes []struct { - Alg string `json:"alg"` - Content string `json:"content"` - } `json:"hashes,omitempty"` - Licenses []struct { - Expression string `json:"expression"` - } `json:"licenses,omitempty"` - Purl string `json:"purl,omitempty"` - } `json:"components"` - Dependencies []struct { - Ref string `json:"ref"` - DependsOn []string `json:"dependsOn"` - } `json:"dependencies"` - Vulnerabilities []interface{} `json:"vulnerabilities"` -} + diff --git a/sql/0000015_trivysbom.up.sql b/sql/0000015_trivysbom.up.sql index 76de0994..cf223a32 100644 --- a/sql/0000015_trivysbom.up.sql +++ b/sql/0000015_trivysbom.up.sql @@ -1,25 +1,13 @@ CREATE TABLE IF NOT EXISTS trivysbom ( id UUID, - schema String, - bom_format String, - spec_version String, + image_name String, + image_version String, + package_url String, + mime_type String, + bom_ref String, serial_number String, - version INTEGER, - metadata_timestamp DateTime('UTC'), - metatool_vendor String, - metatool_name String, - metatool_version String, - component_bom_ref String, - component_type String, - component_name String, - component_version String, - component_property_name String, - component_property_value String, - component_hash_alg String, - component_hash_content String, - component_license_exp String, - component_purl String, - dependency_ref String, + version INTEGER + bom_format String, ExpiryDate DateTime DEFAULT now() + INTERVAL {{.TTLValue}} {{.TTLUnit}} ) ENGINE = MergeTree() ORDER BY ExpiryDate From 5af755cd47f577bd8d736ed7f3fd93764e35b003 Mon Sep 17 00:00:00 2001 From: an1l4 <1995anila@gmail.com> Date: Wed, 8 Nov 2023 14:13:17 +0530 Subject: [PATCH 2/4] pointer-nil-condition --- client/pkg/clickhouse/db_client.go | 43 +++++++++++++++++++++-------- client/pkg/clickhouse/statements.go | 2 +- sql/0000015_trivysbom.up.sql | 4 +-- 3 files changed, 34 insertions(+), 15 deletions(-) diff --git a/client/pkg/clickhouse/db_client.go b/client/pkg/clickhouse/db_client.go index 82d3c1d0..f5a4e2d0 100644 --- a/client/pkg/clickhouse/db_client.go +++ b/client/pkg/clickhouse/db_client.go @@ -607,19 +607,38 @@ func (c *DBClient) InsertTrivySbomMetrics(metrics model.Sbom) { tx, _ = c.conn.Begin() stmt, _ = tx.Prepare(InsertTrivySbom) ) - if _,err:= stmt.Exec( - metrics.ID, - result.CycloneDX.Metadata.Component.Name, - result.CycloneDX.Metadata.Component.Version, - result.CycloneDX.Metadata.Component.PackageURL, - result.CycloneDX.Metadata.Component.MIMEType, - result.CycloneDX.Metadata.Component.BOMRef, - result.CycloneDX.SerialNumber, - result.CycloneDX.Version, - result.CycloneDX.BOMFormat, - ); err!=nil { - log.Fatal(err) + if result.CycloneDX != nil { + if _,err:= stmt.Exec( + metrics.ID, + result.CycloneDX.Metadata.Component.Name, + result.CycloneDX.Metadata.Component.PackageURL, + result.CycloneDX.Metadata.Component.BOMRef, + result.CycloneDX.SerialNumber, + result.CycloneDX.Version, + result.CycloneDX.BOMFormat, + result.CycloneDX.Metadata.Component.Version, + result.CycloneDX.Metadata.Component.MIMEType, + ); err!=nil { + log.Fatal(err) + } + + }else { + if _,err:= stmt.Exec( + metrics.ID, + "-", + "-", + "-", + "-", + "-", + "-", + "-", + "-", + ); err!=nil { + log.Fatal(err) + } + } + if err:=tx.Commit();err!=nil { log.Fatal(err) } diff --git a/client/pkg/clickhouse/statements.go b/client/pkg/clickhouse/statements.go index 34aa1b92..e1abea47 100644 --- a/client/pkg/clickhouse/statements.go +++ b/client/pkg/clickhouse/statements.go @@ -242,6 +242,6 @@ const InsertTrivyVul string = "INSERT INTO trivy_vul (id, cluster_name, namespac const InsertTrivyImage string = "INSERT INTO trivyimage (id, cluster_name, artifact_name, vul_id, vul_pkg_id, vul_pkg_name, vul_installed_version, vul_fixed_version, vul_title, vul_severity, vul_published_date, vul_last_modified_date) VALUES ( ?, ?,?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" const InsertTrivyMisconfig string = "INSERT INTO trivy_misconfig (id, cluster_name, namespace, kind, name, misconfig_id, misconfig_avdid, misconfig_type, misconfig_title, misconfig_desc, misconfig_msg, misconfig_query, misconfig_resolution, misconfig_severity, misconfig_status, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" const InsertAzureContainerPushEvent DBStatement = "INSERT INTO azurecontainerpush (RegistryURL, RepositoryName, Tag, ImageName, Event, Size, SHAID, EventTime) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?)" -const InsertTrivySbom string = "INSERT INTO trivysbom (id, image_name, image_version, package_url, mime_type, bom_ref, serial_number, version, bom_format) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)" +const InsertTrivySbom string = "INSERT INTO trivysbom (id, image_name, package_url, bom_ref, serial_number, version, bom_format, component_version, component_mimetype) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)" const InsertQuayContainerPushEvent DBStatement = "INSERT INTO quaycontainerpush (name, repository, nameSpace, dockerURL, homePage, tag, Event, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?)" const InsertJfrogContainerPushEvent DBStatement = "INSERT INTO jfrogcontainerpush (Domain, EventType, RegistryURL, RepositoryName, SHAID, Size, ImageName, Tag, Event, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" diff --git a/sql/0000015_trivysbom.up.sql b/sql/0000015_trivysbom.up.sql index cf223a32..ece47761 100644 --- a/sql/0000015_trivysbom.up.sql +++ b/sql/0000015_trivysbom.up.sql @@ -1,13 +1,13 @@ CREATE TABLE IF NOT EXISTS trivysbom ( id UUID, image_name String, - image_version String, package_url String, - mime_type String, bom_ref String, serial_number String, version INTEGER bom_format String, + component_version String, + component_mime_type String, ExpiryDate DateTime DEFAULT now() + INTERVAL {{.TTLValue}} {{.TTLUnit}} ) ENGINE = MergeTree() ORDER BY ExpiryDate From 4a0a60a846e7d1e9adef811fe91b2f7e15ae1d05 Mon Sep 17 00:00:00 2001 From: an1l4 <1995anila@gmail.com> Date: Wed, 8 Nov 2023 14:54:36 +0530 Subject: [PATCH 3/4] available-values-inserting-db --- client/pkg/clickhouse/db_client.go | 31 +++++++++--------------------- 1 file changed, 9 insertions(+), 22 deletions(-) diff --git a/client/pkg/clickhouse/db_client.go b/client/pkg/clickhouse/db_client.go index f5a4e2d0..be6210c2 100644 --- a/client/pkg/clickhouse/db_client.go +++ b/client/pkg/clickhouse/db_client.go @@ -603,11 +603,12 @@ func (c *DBClient) InsertTrivyImageMetrics(metrics model.TrivyImage) { func (c *DBClient) InsertTrivySbomMetrics(metrics model.Sbom) { log.Println("####started inserting value") result := metrics.Report - var ( - tx, _ = c.conn.Begin() - stmt, _ = tx.Prepare(InsertTrivySbom) - ) + if result.CycloneDX != nil { + var ( + tx, _ = c.conn.Begin() + stmt, _ = tx.Prepare(InsertTrivySbom) + ) if _,err:= stmt.Exec( metrics.ID, result.CycloneDX.Metadata.Component.Name, @@ -621,29 +622,15 @@ func (c *DBClient) InsertTrivySbomMetrics(metrics model.Sbom) { ); err!=nil { log.Fatal(err) } - - }else { - if _,err:= stmt.Exec( - metrics.ID, - "-", - "-", - "-", - "-", - "-", - "-", - "-", - "-", - ); err!=nil { + if err:=tx.Commit();err!=nil { log.Fatal(err) } + stmt.Close() + }else { + log.Println("No Data Available") } - if err:=tx.Commit();err!=nil { - log.Fatal(err) - } - stmt.Close() - } func (c *DBClient) Close() { _ = c.conn.Close() From 5b6988290f6b9b6b4ce6af2dd3430925d6f5b678 Mon Sep 17 00:00:00 2001 From: an1l4 <1995anila@gmail.com> Date: Wed, 8 Nov 2023 14:59:45 +0530 Subject: [PATCH 4/4] printing-statement changed --- client/pkg/clickhouse/db_client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pkg/clickhouse/db_client.go b/client/pkg/clickhouse/db_client.go index be6210c2..7a9aaddb 100644 --- a/client/pkg/clickhouse/db_client.go +++ b/client/pkg/clickhouse/db_client.go @@ -627,7 +627,7 @@ func (c *DBClient) InsertTrivySbomMetrics(metrics model.Sbom) { } stmt.Close() }else { - log.Println("No Data Available") + log.Println("sbom payload not available for db insertion, skipping db insertion") }