From 0193de46b620ec760facc8084e4a22c4690e29d6 Mon Sep 17 00:00:00 2001 From: Nathan Martins Date: Tue, 18 Jan 2022 09:32:18 -0300 Subject: [PATCH] trivy:bugfix - adding func to avoid hash changes in trivy formatter Since the pull request https://github.com/ZupIT/horusec/pull/882 some changes were made in the line and code of the trivy formatter, and this data influences directly the hash generation. This pr will avoid this hash change by using the same data as before, but for the users the data will be showed with the fixes made in the pull request 882, leading to no braking changes and keeping the fixes. Signed-off-by: Nathan Martins --- .../formatters/generic/trivy/formatter.go | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/internal/services/formatters/generic/trivy/formatter.go b/internal/services/formatters/generic/trivy/formatter.go index eab8a3137..c9d5a34c9 100644 --- a/internal/services/formatters/generic/trivy/formatter.go +++ b/internal/services/formatters/generic/trivy/formatter.go @@ -169,11 +169,24 @@ func (f *Formatter) addVulnerabilitiesOutput(vulnerabilities []*trivyVulnerabili addVuln.File = target addVuln.Details = vuln.getDetails() addVuln.Severity = severities.GetSeverityByString(vuln.Severity) - addVuln = vulnhash.Bind(addVuln) + addVuln.VulnHash = f.getOldHash(vuln.PkgName, *addVuln) f.AddNewVulnerabilityIntoAnalysis(addVuln) } } +// getOldHash func necessary to avoid a breaking change in the trivy hash generation. Since the pull request +// https://github.com/ZupIT/horusec/pull/882 some changes were made in the line and code, and this data influences +// directly the hash generation. This func will avoid this hash change by using the same data as before, but for the +// users the data will be showed with the fixes made in the pull request 882, leading to no braking changes and keeping +// the fixes. +// nolint:gocritic // it has to be without pointer +func (f *Formatter) getOldHash(pkgName string, vuln vulnerability.Vulnerability) string { + vuln.Line = "0" + vuln.Code = pkgName + + return vulnhash.Bind(&vuln).VulnHash +} + func (f *Formatter) addMisconfigurationOutput(result []*trivyMisconfiguration, target string) { for _, vuln := range result { addVuln := f.getVulnBase()