add severity count

google · Sep 24, 2024 · b849808 · b849808
1 parent f6df334
commit b849808
Show file tree

Hide file tree

Showing 19 changed files with 650,013 additions and 117 deletions.
diff --git a/internal/output/html.go b/internal/output/html.go
diff --git a/internal/output/html/package_table_template.html b/internal/output/html/package_table_template.html
@@ -18,15 +18,19 @@
     <td>{{ $element.Ecosystem }}</td>
     <td>{{ $element.InstalledVersion }}</td>
     <td {{ if eq $element.FixedVersion "No fix available" }} class="warning" {{ end }}>{{ $element.FixedVersion }}</td>
-    <td>{{ len $element.CalledVulns }}</td>
+    <td>{{ printSeverityCountShort $element.HTMLVulnCount }}</td>
   </tr>
   <tr>
     <td colspan="100%">
       <div id="vuln-details-{{ $element.Name }}-{{ $rowIndex }}-{{ $randomIndex }}" class="vuln-details">
-        <p>Vulnerability:</p>
+        <p>Source: {{ $element.Source }}
+        <p>Vulnerabilities:</p>
         {{ range $index, $vuln := $element.CalledVulns }}
-        <p><a href="https://osv.dev/{{ $vuln.Summary.Id }}">{{ $vuln.Summary.Id }}</a>
-          {{$vuln.Summary.FixedVersion}}(Fixed Version) {{$vuln.Summary.Severity}} </p>
+          {{ if eq $element.FixedVersion "No fix available" }}
+          <p><a href="https://osv.dev/{{ $vuln.Summary.Id }}">{{ $vuln.Summary.Id }}</a> ({{$vuln.Summary.SeverityRating}}) has no fix available</p>
+          {{ else }}
+          <p><a href="https://osv.dev/{{ $vuln.Summary.Id }}">{{ $vuln.Summary.Id }}</a> ({{$vuln.Summary.SeverityRating}}) has a fixed version at {{$vuln.Summary.FixedVersion}}(Fixed Version)</p>
+          {{ end }}
         {{ end }}
       </div>
     </td>

diff --git a/internal/output/html/report_template.html b/internal/output/html/report_template.html
@@ -3,6 +3,7 @@
 
 <head>
     <title>Vulnerability Scan Report</title>
+    <link rel="icon" href="https://google.github.io/osv.dev/assets/icon.png" type="image/x-icon"> 
     <style>
         body {
             font-family: sans-serif;
@@ -216,7 +217,7 @@
             <h1>Vulnerability Scan Report</h1>
         </header>
         <h2>Scanning Results</h2>
-        <p>Total {{ .TotalCount }} vulnerabilities found.</p>
+        <p>Total {{ .HTMLVulnCount.Called }} vulnerabilities found ({{ .HTMLVulnCount.Fixed }} have fix available), {{ printSeverityCount .HTMLVulnCount}}.</p>
         <div id="tab-switch">
             <button id="package-button" class="tab-switch-button tab-switch-button-selected"
                 onclick="openTab('package')">Package View</button>
@@ -232,10 +233,10 @@ <h3>Vulnerable Package Summary</h3>
             {{ range .EcosystemResults }}
             <div class="ecosystem">
                 <h2>{{ .Ecosystem }}</h2>
-                <div class="artifact-section">
-                    {{ range .Artifacts }}
+                <div class="source-section">
+                    {{ range .Sources }}
                     <h3>Source: {{ .Ecosystem }}: {{ .Source }}</h3>
-                    <p>Found {{ index .PackageCount 0 }} package(s) with issues, {{ index .VulnCount 0 }} known
+                    <p>Found {{ index .PackageCount 0 }} package(s) with issues, {{ .HTMLVulnCount.Called }} known
                         vulnerabilities found.</p>
 
                     {{template "vuln_view_template.html" .}}

diff --git a/internal/output/html/vuln_table_template.html b/internal/output/html/vuln_table_template.html
@@ -15,15 +15,17 @@
     <td>{{ $element.Summary.InstalledVersion }}</td>
     <td {{ if eq $element.Summary.FixedVersion "No fix available" }} class="warning" {{ end }}>{{
       $element.Summary.FixedVersion }}</td>
-    <td>{{ $element.Summary.Severity }}</td>
+    <td>{{ $element.Summary.SeverityRating }} {{ if ne $element.Summary.SeverityRating "UNKNOWN" }}({{
+      $element.Summary.SeverityScore }}){{ end }}</td>
   </tr>
   <tr>
     <td colspan="100%">
       <div id="vuln-details-{{ $element.Summary.Id }}-{{ $rowIndex }}-{{ $randomIndex }}" class="vuln-details">
-        {{ range $detailKey, $detailValue := $element.Detail }}
-        {{if $detailValue }}
-        <p>{{ format $detailKey }}: {{ $detailValue }}</p>
-        {{end}}
+        {{ range $detailIndex, $info := printImportantDetail $element.Detail}}
+        <p><strong>{{ $info }}</strong></p>
+        {{ end }}
+        {{ range $detailIndex, $info := printVulnDetail $element.Detail}}
+        <p>{{ $info }}</p>
         {{ end }}
       </div>
     </td>

diff --git a/internal/output/html/vuln_view_template.html b/internal/output/html/vuln_view_template.html
@@ -6,7 +6,7 @@
   <summary>Show/Hide Uncalled vulnerabilities</summary>
   <div id="uncalled-details-{{ .Source }}">
     <h4>Uncalled vulnerabilities</h4>
-    <p>Found {{ index .PackageCount 1 }} package(s) with issues, {{ index .VulnCount 1 }} known vulnerabilities found.
+    <p>Found {{ index .PackageCount 1 }} package(s) with issues, {{ .HTMLVulnCount.Uncalled }} known vulnerabilities found.
     </p>
     {{template "vuln_table_template.html" $uncalledVulns }}
   </div>

diff --git a/internal/output/table.go b/internal/output/table.go
@@ -150,26 +150,22 @@ func tableBuilderInner(vulnResult *models.VulnerabilityResults, calledVulns bool
 
 func MaxSeverity(group models.GroupInfo, pkg models.PackageVulns) string {
 	var maxSeverity float64 = -1
-	var maxRating string = ""
 	for _, vulnID := range group.IDs {
 		var severities []models.Severity
 		for _, vuln := range pkg.Vulnerabilities {
 			if vuln.ID == vulnID {
 				severities = vuln.Severity
 			}
 		}
-		score, rating, _ := severity.CalculateOverallScore(severities)
-		if score > maxSeverity {
-			maxSeverity = score
-			maxRating = rating
-		}
+		score, _, _ := severity.CalculateOverallScore(severities)
+		maxSeverity = max(maxSeverity, score)
 	}
 
 	if maxSeverity < 0 {
 		return ""
 	}
 
-	return fmt.Sprintf("%s (%.1f)", maxRating, maxSeverity)
+	return fmt.Sprintf("%.1f", maxSeverity)
 }
 
 func licenseTableBuilder(outputTable table.Writer, vulnResult *models.VulnerabilityResults) table.Writer {

diff --git a/internal/utility/severity/severity.go b/internal/utility/severity/severity.go
@@ -1,6 +1,7 @@
 package severity
 
 import (
+	"strconv"
 	"strings"
 
 	"github.com/google/osv-scanner/pkg/models"
@@ -71,3 +72,18 @@ func CalculateOverallScore(severities []models.Severity) (float64, string, error
 
 	return maxScore, maxRating, nil
 }
+
+func CalculateRating(score string) (string, error) {
+	// All CSVs' rating methods are identical.
+	parsedScore, err := strconv.ParseFloat(score, 64)
+	if err != nil {
+		return unknownRating, err
+	}
+
+	rating, err := gocvss30.Rating(parsedScore)
+	if err != nil || rating == "NONE" {
+		rating = unknownRating
+	}
+
+	return rating, err
+}