-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Adolfo García Veytia (Puerco) <[email protected]>
- Loading branch information
Showing
2 changed files
with
36 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -27,8 +27,8 @@ func (o *createOptions) Validate(args []string) error { | |
| if o.Status != string(vex.StatusAffected) && o.ActionStatement == vex.NoActionStatementMsg { | ||
| o.ActionStatement = "" | ||
| } | ||
| if len(args) == 0 && len(o.Products) == 0 { | ||
| return errors.New("a required product id is required to generate a valid VEX statement") | ||
| if o.Product == "" { | ||
| return errors.New("a required product id is needed to generate a valid VEX statement") | ||
| } | ||
|
|
||
| if len(args) < 2 && o.Vulnerability == "" { | ||
|
|
@@ -98,14 +98,14 @@ Examples: | |
| Use: "create [flags] [product_id [vuln_id [status]]]", | ||
| Example: fmt.Sprintf("%s create \"pkg:apk/wolfi/[email protected]?arch=x86_64\" CVE-2022-39260 fixed ", appname), | ||
| SilenceUsage: false, | ||
| SilenceErrors: false, | ||
| SilenceErrors: true, | ||
| PersistentPreRunE: initLogging, | ||
| RunE: func(cmd *cobra.Command, args []string) error { | ||
| // If we have arguments, add them | ||
| for i := range args { | ||
| switch i { | ||
| case 0: | ||
| opts.Products = append(opts.Products, args[i]) | ||
| opts.Product = args[i] | ||
| case 1: | ||
| opts.Vulnerability = args[i] | ||
| case 2: | ||
|
|
@@ -127,16 +127,33 @@ Examples: | |
| } | ||
|
|
||
| statement := vex.Statement{ | ||
| Vulnerability: opts.Vulnerability, | ||
| Products: opts.Products, | ||
| Subcomponents: opts.Subcomponents, | ||
| Vulnerability: vex.Vulnerability{ | ||
| Name: vex.VulnerabilityID(opts.Vulnerability), | ||
| }, | ||
| Products: []vex.Product{ | ||
| { | ||
| Component: vex.Component{ | ||
| ID: opts.Product, | ||
| Hashes: map[vex.Algorithm]vex.Hash{}, | ||
| Identifiers: map[vex.IdentifierType]string{}, | ||
| }, | ||
| Subcomponents: []vex.Subcomponent{}, | ||
| }, | ||
| }, | ||
| Status: vex.Status(opts.Status), | ||
| StatusNotes: opts.StatusNotes, | ||
| Justification: vex.Justification(opts.Justification), | ||
| ImpactStatement: opts.ImpactStatement, | ||
| ActionStatement: opts.ActionStatement, | ||
| } | ||
|
|
||
| for _, sc := range opts.Subcomponents { | ||
| statement.Products[0].Subcomponents = append( | ||
| statement.Products[0].Subcomponents, | ||
| vex.Subcomponent{Component: vex.Component{ID: sc}}, | ||
| ) | ||
| } | ||
|
|
||
| if err := statement.Validate(); err != nil { | ||
| return fmt.Errorf("invalid statement: %w", err) | ||
| } | ||
|
|
@@ -172,7 +189,7 @@ Examples: | |
| &opts.DocumentID, | ||
| "id", | ||
| "", | ||
| "ID for the new VEX document (default will be computed)", | ||
| "ID string for the new VEX document (autogenerated by default)", | ||
| ) | ||
|
|
||
| createCmd.PersistentFlags().StringVar( | ||
|
|
@@ -186,7 +203,7 @@ Examples: | |
| &opts.AuthorRole, | ||
| "author-role", | ||
| vex.DefaultRole, | ||
| "author role to record in the new document", | ||
| "optional author role to record in the new document", | ||
| ) | ||
|
|
||
| createCmd.PersistentFlags().StringVarP( | ||
|
|
@@ -197,20 +214,20 @@ Examples: | |
| "vulnerability to add to the statement (eg CVE-2023-12345)", | ||
| ) | ||
|
|
||
| createCmd.PersistentFlags().StringSliceVarP( | ||
| &opts.Products, | ||
| createCmd.PersistentFlags().StringVarP( | ||
| &opts.Product, | ||
| "product", | ||
| "p", | ||
| []string{}, | ||
| "list of products to list in the statement, at least one is required", | ||
| "", | ||
| "main identifier of the product, a package URL or another IRI", | ||
| ) | ||
|
|
||
| createCmd.PersistentFlags().StringVarP( | ||
| &opts.Status, | ||
| "status", | ||
| "s", | ||
| "", | ||
| fmt.Sprintf("status of the product vs the vulnerability, see '%s show statuses' for list", appname), | ||
| "impact status of the product vs the vulnerability", | ||
| ) | ||
|
|
||
| createCmd.PersistentFlags().StringVar( | ||
|
|
@@ -224,30 +241,30 @@ Examples: | |
| &opts.Subcomponents, | ||
| "subcomponents", | ||
| []string{}, | ||
| "list of subcomponents to add to the statement", | ||
| "list of subcomponents to add to the statement, package URLs or other IRIs", | ||
| ) | ||
|
|
||
| createCmd.PersistentFlags().StringVarP( | ||
| &opts.Justification, | ||
| "justification", | ||
| "j", | ||
| "", | ||
| fmt.Sprintf("justification for not_affected status, see '%s show justifications' for list", appname), | ||
| "justification for not_affected status", | ||
| ) | ||
|
|
||
| createCmd.PersistentFlags().StringVarP( | ||
| &opts.ActionStatement, | ||
| "action-statement", | ||
| "a", | ||
| vex.NoActionStatementMsg, | ||
| "action statement for affected status", | ||
| "action statement for affected status (only when status=affected)", | ||
| ) | ||
|
|
||
| createCmd.PersistentFlags().StringVar( | ||
| &opts.outFilePath, | ||
| "file", | ||
| "", | ||
| "file to write the document (default is STDOUT)", | ||
| "file to write the document to (default is STDOUT)", | ||
| ) | ||
|
|
||
| createCmd.PersistentFlags().StringVar( | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters