feat: return manually fixable cves from repositories in vulnerabiliti…

…es receiver
RedHatInsights · Sep 25, 2024 · 986be63 · 986be63
1 parent 357badd
commit 986be63
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/vmaas/vulnerabilities.go b/vmaas/vulnerabilities.go
@@ -131,6 +131,7 @@ func evaluate(c *Cache, opts *options, request *Request) (*VulnerabilitiesCvesDe
 	// if CVE is already in Unpatched list -> skip it
 	updates := processed.evaluateRepositories(c, opts)
 	seenPkgErratum := map[packageErratum]bool{}
+	tmpManualCves := map[string]VulnerabilityDetail{}
 	for pkg, upDetail := range updates.UpdateList {
 		for _, update := range upDetail.AvailableUpdates {
 			pe := packageErratum{pkg, update.Erratum}
@@ -142,10 +143,20 @@ func evaluate(c *Cache, opts *options, request *Request) (*VulnerabilitiesCvesDe
 				if _, inUnpatchedCves := cves.UnpatchedCves[cve]; inUnpatchedCves {
 					continue
 				}
-				updateCves(cves.Cves, cve, Package{String: pkg}, []string{update.Erratum}, "", nil)
+				if update.manuallyFixable {
+					updateCves(tmpManualCves, cve, Package{String: pkg}, []string{update.Erratum}, "", nil)
+				} else {
+					updateCves(cves.Cves, cve, Package{String: pkg}, []string{update.Erratum}, "", nil)
+				}
 			}
 		}
 	}
+	// store to cves.ManualCves only CVEs not found in cves.Cves
+	for cve, detail := range tmpManualCves {
+		if _, ok := cves.Cves[cve]; !ok {
+			cves.ManualCves[cve] = detail
+		}
+	}
 
 	// 3. evaluate Manually Fixable CVEs
 	// if CVE is already in Unpatched or CVE list -> skip it