From f71ca15cf8a43ae106024d866e1b715c8d7f78a8 Mon Sep 17 00:00:00 2001 From: matheusalcantarazup <84723211+matheusalcantarazup@users.noreply.github.com> Date: Wed, 1 Dec 2021 16:11:49 -0300 Subject: [PATCH] printresults:fix - duplicated vulnerability severities on result (#836) On #760 we made an improvement on `getDefaultTotalVulnBySeverity` which reuse the map returned from `getDefaultCountBySeverity` as a value for all keys on the default map of vulnerability severities, but since a map in Go is a pointer we was using the same map to all keys and when we were going to count vulnerabilities by severity, we would update the same pointer for all the keys in that map, which caused inconsistent and duplicated values in the final result. This commit revert this change and call pr.getDefaultCountBySeverity for all keys on this map. The test case was copied and paste with this bug and was also updated. Signed-off-by: Matheus Alcantara --- internal/controllers/printresults/print_results.go | 11 ++++++----- .../controllers/printresults/print_results_test.go | 9 --------- 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/internal/controllers/printresults/print_results.go b/internal/controllers/printresults/print_results.go index 2a83059ce..8cf53307a 100644 --- a/internal/controllers/printresults/print_results.go +++ b/internal/controllers/printresults/print_results.go @@ -263,12 +263,13 @@ func (pr *PrintResults) getTotalVulnsBySeverity() map[vulnerabilityenum.Type]map } func (pr *PrintResults) getDefaultTotalVulnBySeverity() map[vulnerabilityenum.Type]map[severities.Severity]int { - count := pr.getDefaultCountBySeverity() + // NOTE: Here we call pr.getDefaultCountBySeverity for each key on map + // to avoid reuse the same map pointer to all keys. return map[vulnerabilityenum.Type]map[severities.Severity]int{ - vulnerabilityenum.Vulnerability: count, - vulnerabilityenum.RiskAccepted: count, - vulnerabilityenum.FalsePositive: count, - vulnerabilityenum.Corrected: count, + vulnerabilityenum.Vulnerability: pr.getDefaultCountBySeverity(), + vulnerabilityenum.RiskAccepted: pr.getDefaultCountBySeverity(), + vulnerabilityenum.FalsePositive: pr.getDefaultCountBySeverity(), + vulnerabilityenum.Corrected: pr.getDefaultCountBySeverity(), } } diff --git a/internal/controllers/printresults/print_results_test.go b/internal/controllers/printresults/print_results_test.go index 042ceb10d..824bfd366 100644 --- a/internal/controllers/printresults/print_results_test.go +++ b/internal/controllers/printresults/print_results_test.go @@ -467,18 +467,9 @@ ReferenceHash: 9824269893d4df5e66a4fe7f53a715117bb722910228152b04831b6d2ad19a5b ================================================================================== In this analysis, a total of 11 possible vulnerabilities were found and we classified them into: -Total of False Positive HIGH is: 3 -Total of False Positive MEDIUM is: 1 -Total of False Positive LOW is: 7 -Total of Corrected HIGH is: 3 -Total of Corrected MEDIUM is: 1 -Total of Corrected LOW is: 7 Total of Vulnerability HIGH is: 3 Total of Vulnerability MEDIUM is: 1 Total of Vulnerability LOW is: 7 -Total of Risk Accepted HIGH is: 3 -Total of Risk Accepted MEDIUM is: 1 -Total of Risk Accepted LOW is: 7 `