func addTest(doc *scribe.Document, vuln Vulnerability) error {
// Get the release definition for the test, if it's missing from
// the document it will be added
reltestid, err := getReleaseTest(doc, vuln)
if err != nil {
return err
}
// See if we already have an object definition for the package, if
// not add it
objid := ""
for _, x := range doc.Objects {
if x.Package.Name == vuln.Package {
objid = x.Object
break
}
}
if objid == "" {
objid = fmt.Sprintf("obj-package-%v", vuln.Package)
obj := scribe.Object{}
obj.Object = objid
obj.Package.Name, obj.Package.CollectMatch = getReleasePackage(vuln)
doc.Objects = append(doc.Objects, obj)
}
test := scribe.Test{}
testidstr, err := getTestID(vuln)
if err != nil {
return err
}
// Build a more descriptive name for this test to override the test ID
// in command output
test.TestName = fmt.Sprintf("test-%v-%v-%v-%v", vuln.OS, vuln.Release, vuln.Package, testcntr)
test.TestID = testidstr
test.Description = vuln.Metadata.Description
test.Object = objid
test.EVR.Value = vuln.Version
test.EVR.Operation = "<"
test.If = append(test.If, reltestid)
// Include all listed CVEs as a tag in the test
cvelist := scribe.TestTag{Key: "cve"}
var cveval string
for _, x := range vuln.Metadata.CVE {
if cveval != "" {
cveval += ","
}
cveval += x
}
cvelist.Value = cveval
test.Tags = append(test.Tags, cvelist)
// Include CVSS if available
if vuln.Metadata.CVSS != "" {
test.Tags = append(test.Tags, scribe.TestTag{Key: "cvss", Value: vuln.Metadata.CVSS})
}
if vuln.Metadata.Category != "" {
test.Tags = append(test.Tags, scribe.TestTag{Key: "category", Value: vuln.Metadata.Category})
}
doc.Tests = append(doc.Tests, test)
testcntr++
return nil
}
