From 986be63d5b097820a3a96bb0d4eff40edcd86017 Mon Sep 17 00:00:00 2001
From: Patrik Segedy <psegedy@redhat.com>
Date: Tue, 17 Sep 2024 15:02:05 +0200
Subject: [PATCH] feat: return manually fixable cves from repositories in
 vulnerabilities receiver

---
 vmaas/vulnerabilities.go | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/vmaas/vulnerabilities.go b/vmaas/vulnerabilities.go
index d1daaad..fa58db6 100644
--- a/vmaas/vulnerabilities.go
+++ b/vmaas/vulnerabilities.go
@@ -131,6 +131,7 @@ func evaluate(c *Cache, opts *options, request *Request) (*VulnerabilitiesCvesDe
 	// if CVE is already in Unpatched list -> skip it
 	updates := processed.evaluateRepositories(c, opts)
 	seenPkgErratum := map[packageErratum]bool{}
+	tmpManualCves := map[string]VulnerabilityDetail{}
 	for pkg, upDetail := range updates.UpdateList {
 		for _, update := range upDetail.AvailableUpdates {
 			pe := packageErratum{pkg, update.Erratum}
@@ -142,10 +143,20 @@ func evaluate(c *Cache, opts *options, request *Request) (*VulnerabilitiesCvesDe
 				if _, inUnpatchedCves := cves.UnpatchedCves[cve]; inUnpatchedCves {
 					continue
 				}
-				updateCves(cves.Cves, cve, Package{String: pkg}, []string{update.Erratum}, "", nil)
+				if update.manuallyFixable {
+					updateCves(tmpManualCves, cve, Package{String: pkg}, []string{update.Erratum}, "", nil)
+				} else {
+					updateCves(cves.Cves, cve, Package{String: pkg}, []string{update.Erratum}, "", nil)
+				}
 			}
 		}
 	}
+	// store to cves.ManualCves only CVEs not found in cves.Cves
+	for cve, detail := range tmpManualCves {
+		if _, ok := cves.Cves[cve]; !ok {
+			cves.ManualCves[cve] = detail
+		}
+	}
 
 	// 3. evaluate Manually Fixable CVEs
 	// if CVE is already in Unpatched or CVE list -> skip it