From 5821fd286364942709e315dc1afb27e19c246f71 Mon Sep 17 00:00:00 2001
From: Pavel Nakonechnyi <pavel.nakonechnyi@netcetera.com>
Date: Thu, 17 Oct 2024 12:55:41 +0200
Subject: [PATCH] t

---
 dojo/tools/neuvector/parser.py | 51 +++++++++++++++++++++++-----------
 1 file changed, 35 insertions(+), 16 deletions(-)

diff --git a/dojo/tools/neuvector/parser.py b/dojo/tools/neuvector/parser.py
index 7e01169ef3..a228a33f48 100644
--- a/dojo/tools/neuvector/parser.py
+++ b/dojo/tools/neuvector/parser.py
@@ -182,7 +182,7 @@ def get_asset_item(vulnerability, test):
         description=description,
         severity=severity,
         impact="",
-        url=reference,
+        references=[reference],
         cvssv3=vulnerability.get("vectors_v3", ""),
         cvssv3_score=vulnerability.get("score_v3", ""),
         publish_date=published_date,
@@ -194,47 +194,66 @@ def get_asset_item(vulnerability, test):
 
     nodes = vulnerability.get("nodes", [])
     for asset in nodes:
-        endpoint = endpoint_from_asset("node", asset)
-        finding.unsaved_endpoints.append(endpoint)
+        endpoints = endpoints_from_asset("node", asset)
+        finding.unsaved_endpoints += endpoints
 
     workloads = vulnerability.get("workloads", [])
     for asset in workloads:
-        endpoint = endpoint_from_asset("workload", asset)
-        finding.unsaved_endpoints.append(endpoint)
+        endpoints = endpoints_from_asset("workload", asset)
+        finding.unsaved_endpoints += endpoints
 
     images = vulnerability.get("images", [])
     for asset in images:
-        endpoint = endpoint_from_asset("image", asset)
-        finding.unsaved_endpoints.append(endpoint)
+        endpoints = endpoints_from_asset("image", asset)
+        finding.unsaved_endpoints += endpoints
 
     platforms = vulnerability.get("platforms", [])
     for asset in platforms:
-        endpoint = endpoint_from_asset("platform", asset)
-        finding.unsaved_endpoints.append(endpoint)
+        endpoints = endpoints_from_asset("platform", asset)
+        finding.unsaved_endpoints += endpoints
 
     return finding
 
 
-def endpoint_from_asset(kind, asset):
+def endpoints_from_asset(kind, asset):
+    endpoints = []
+
     # usually, there is only one namespace (domain, as NeuVector name it)
     namespaces = asset.get("domains", [])
 
     name = asset.get("display_name", "")
 
     if kind == "workload":
+        # only workload assets have 'service' field
         service = asset.get("service", "unknown_service")
-        image = asset.get("image", "unknown_image")
-        name += f"/{service}/{image}"
+        name += f"/{service}"
 
-    endpoint = Endpoint(
+    # in principle, naming follows the approach chosen for trivy parser
+    endpoints.append(Endpoint(
         # host needs to comply with domain name syntax, we just expect that
         # there will be only one namespace
         host='-'.join(namespaces),
         # we abuse path to have as much details as possible
-        path=f"{kind}/{name}"
-    )
+        path=f"{kind}/{name}",
+    ))
 
-    return endpoint
+    # if it is a workload and it has an associated image, add image as a
+    # separate endpoint
+    if kind == "workload" and asset.get("image", "") != "":
+        image = asset.get("image", "unknown_image")
+        # image value example:
+        # someregistry.com/bitnami/postgresql:11.21.0-debian-11-r58
+        artifact_and_tag = image.split("/")[-1]
+        # extracting only image name, without tag or digest
+        artifact_name = artifact_and_tag.split("@")[0]
+        artifact_name = artifact_name(":")[0]
+
+        endpoints.append(Endpoint(
+            host=f"{artifact_name}",
+            path=f"{image}",
+        ))
+
+    return endpoints
 
 # see neuvector/share/types.go
 def convert_severity(severity):