github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-15 11:37:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(cve): prefer cve.org links for AVD references (#4107)

Browse Source 
Signed-off-by: Charles <charles-openclaw@9bcfae.inboxapi.ai>
This commit is contained in:
charles-openclaw
2026-06-06 04:10:37 +00:00
committed by GitHub
parent e8c38a5639
commit 3ff9d6ddc1
2 changed files with 39 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/extensions/search/cve/trivy/scanner.go
+18 -2
View File
@@ -680,7 +680,11 @@ func (scanner Scanner) scanManifest(ctx context.Context, repo, digest string) (m
ID: vulnerability.VulnerabilityID,
Title: vulnerability.Title,
Description: vulnerability.Description,
Reference: getCVEReference(vulnerability.PrimaryURL, vulnerability.References),
Reference: getCVEReference(
vulnerability.VulnerabilityID,
vulnerability.PrimaryURL,
vulnerability.References,
),
Severity: convertSeverity(vulnerability.Severity),
PackageList: newPkgList,
}
@@ -835,7 +839,11 @@ func (scanner Scanner) storeSBOMAsOCIArtifact(ctx context.Context,
return nil
}
func getCVEReference(primaryURL string, references []string) string {
func getCVEReference(cveID, primaryURL string, references []string) string {
if isCVEID(cveID) && isAquasecAVDReference(primaryURL) {
return "https://www.cve.org/CVERecord?id=" + cveID
}
if primaryURL != "" {
return primaryURL
}
@@ -853,6 +861,14 @@ func getCVEReference(primaryURL string, references []string) string {
return ""
}
func isCVEID(cveID string) bool {
return strings.HasPrefix(cveID, "CVE-")
}
func isAquasecAVDReference(reference string) bool {
return strings.Contains(reference, "avd.aquasec.com/nvd/cve-")
}
func getNVDReference(references []string) (string, bool) {
for i := range references {
if strings.Contains(references[i], "nvd.nist.gov") {
pkg/extensions/search/cve/trivy/scanner_internal_test.go
+21 -4
View File
@@ -786,16 +786,33 @@ func TestStoreSBOMAsOCIArtifact(t *testing.T) {
func TestGetCVEReference(t *testing.T) {
Convey("getCVEReference", t, func() {
ref := getCVEReference("primary", []string{})
ref := getCVEReference("CVE-2023-2650", "primary", []string{})
So(ref, ShouldResemble, "primary")
ref = getCVEReference("", []string{"secondary"})
ref = getCVEReference("CVE-2023-2650", "", []string{"secondary"})
So(ref, ShouldResemble, "secondary")
ref = getCVEReference("", []string{""})
ref = getCVEReference("CVE-2023-2650", "", []string{""})
So(ref, ShouldResemble, "")
ref = getCVEReference("", []string{"https://nvd.nist.gov/vuln/detail/CVE-2023-2650"})
ref = getCVEReference(
"CVE-2023-2650",
"",
[]string{"https://nvd.nist.gov/vuln/detail/CVE-2023-2650"},
)
So(ref, ShouldResemble, "https://nvd.nist.gov/vuln/detail/CVE-2023-2650")
ref = getCVEReference(
"CVE-2026-42496",
"https://avd.aquasec.com/nvd/cve-2026-42496",
[]string{},
)
So(ref, ShouldResemble, "https://www.cve.org/CVERecord?id=CVE-2026-42496")
ref = getCVEReference("", "https://avd.aquasec.com/nvd/cve-2026-42496", []string{})
So(ref, ShouldResemble, "https://avd.aquasec.com/nvd/cve-2026-42496")
ref = getCVEReference("GHSA-abcd-1234", "https://avd.aquasec.com/nvd/cve-2026-42496", []string{})
So(ref, ShouldResemble, "https://avd.aquasec.com/nvd/cve-2026-42496")
})
}