Skip to content

Commit db5fa9f

Browse files
temblekingtembleking
committed
refactor: simplify conversion of scan result
1 parent 41ba85a commit db5fa9f

File tree

1 file changed

+45
-48
lines changed

1 file changed

+45
-48
lines changed

src/infra/sysdig_image_scanner_result.rs

+45-48
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,6 @@ use crate::app::{self, ImageScanResult, LayerScanResult, VulnerabilityEntry};
99

1010
impl From<SysdigImageScannerReport> for ImageScanResult {
1111
fn from(report: SysdigImageScannerReport) -> Self {
12-
// a) Todas las vulnerabilidades de la imagen
1312
let vulnerabilities = report
1413
.result
1514
.as_ref()
@@ -24,7 +23,6 @@ impl From<SysdigImageScannerReport> for ImageScanResult {
2423
})
2524
.unwrap_or_default();
2625

27-
// b) Cumplimiento de políticas
2826
let is_compliant = report
2927
.result
3028
.as_ref()
@@ -33,8 +31,8 @@ impl From<SysdigImageScannerReport> for ImageScanResult {
3331
.map(|e| e == &PoliciesGlobalEvaluation::Accepted)
3432
.unwrap_or(false);
3533

36-
// c) Por capas
37-
let layers = layers_for_result(report.result.as_ref().unwrap());
34+
let scan_result_response = report.result.as_ref().expect("the report must always have a scan result response, this one didn't, which should never happen");
35+
let layers = layers_for_result(scan_result_response);
3836

3937
ImageScanResult {
4038
vulnerabilities,
@@ -45,54 +43,53 @@ impl From<SysdigImageScannerReport> for ImageScanResult {
4543
}
4644

4745
fn layers_for_result(scan: &ScanResultResponse) -> Option<Vec<LayerScanResult>> {
48-
// Agrupa cada vuln por digest de capa
4946
let mut layer_map: HashMap<&String, Vec<VulnerabilityEntry>> = HashMap::new();
47+
5048
for vuln in scan.vulnerabilities.as_ref()?.values() {
51-
if let (Some(_pkg), Some(layer_ref)) = (
52-
vuln.package_ref.as_ref().and_then(|r| scan.packages.get(r)),
53-
scan.packages
54-
.get(vuln.package_ref.as_ref()?)?
55-
.layer_ref
56-
.as_ref(),
57-
) {
58-
layer_map
59-
.entry(layer_ref)
60-
.or_default()
61-
.push(VulnerabilityEntry {
62-
id: vuln.name.clone(),
63-
severity: severity_for(&vuln.severity),
64-
});
65-
}
49+
let Some(package_ref) = vuln.package_ref.as_ref() else {
50+
continue;
51+
};
52+
53+
let Some(package) = scan.packages.get(package_ref) else {
54+
continue;
55+
};
56+
57+
let Some(layer_ref) = package.layer_ref.as_ref() else {
58+
continue;
59+
};
60+
61+
layer_map
62+
.entry(layer_ref)
63+
.or_default()
64+
.push(VulnerabilityEntry {
65+
id: vuln.name.clone(),
66+
severity: severity_for(&vuln.severity),
67+
});
6668
}
6769

68-
Some(
69-
scan.layers
70-
.as_ref()?
71-
.values()
72-
.sorted_by(|left, right| {
73-
left.index
74-
.unwrap_or_default()
75-
.cmp(&right.index.unwrap_or_default())
76-
})
77-
.map(|layer| {
78-
let entries = layer_map.get(&layer.digest).cloned().unwrap_or_default();
79-
LayerScanResult {
80-
layer_instruction: layer
81-
.command
82-
.as_deref()
83-
.unwrap_or_default()
84-
.strip_prefix("/bin/sh -c #(nop) ")
85-
.unwrap_or_default()
86-
.split_whitespace()
87-
.next()
88-
.unwrap_or_default()
89-
.to_uppercase(),
90-
layer_text: layer.command.clone().unwrap_or_default(),
91-
vulnerabilities: entries,
92-
}
93-
})
94-
.collect(),
95-
)
70+
let layers_in_scan = scan.layers.as_ref()?.values();
71+
72+
let layers_ordered = layers_in_scan.sorted_by(|left, right| left.index.cmp(&right.index));
73+
74+
let layers_converted_to_layer_scan_result = layers_ordered.map(|layer| {
75+
let entries = layer_map.get(&layer.digest).cloned().unwrap_or_default();
76+
LayerScanResult {
77+
layer_instruction: layer
78+
.command
79+
.as_deref()
80+
.unwrap_or_default()
81+
.strip_prefix("/bin/sh -c #(nop) ")
82+
.unwrap_or_default()
83+
.split_whitespace()
84+
.next()
85+
.unwrap_or_default()
86+
.to_uppercase(),
87+
layer_text: layer.command.clone().unwrap_or_default(),
88+
vulnerabilities: entries,
89+
}
90+
});
91+
92+
Some(layers_converted_to_layer_scan_result.collect())
9693
}
9794

9895
fn severity_for(sev: &VulnSeverity) -> app::VulnSeverity {

0 commit comments

Comments
 (0)