feat: host vuln time range flags (#1270)

Author: jon-stewart

cli/cmd/vuln_host.go

@@ -86,6 +86,10 @@ func init() {
 		vulHostShowAssessmentCmd.Flags(),
 	)
 
+	setTimeRangeFlags(
+		vulHostListHostsCmd.Flags(),
+	)
+
 	// the package manifest file
 	vulHostScanPkgManifestCmd.Flags().StringVarP(&pkgManifestFile,
 		"file", "f", "",

cli/cmd/vuln_host_list_hosts.go

@@ -25,6 +25,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/lacework/go-sdk/lwtime"
+
 	"github.com/lacework/go-sdk/api"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
@@ -48,21 +50,47 @@ To list the CVEs found in the hosts of your environment run:
 
     lacework vulnerability host list-cves`,
 		RunE: func(_ *cobra.Command, args []string) error {
-			now := time.Now().UTC()
-			start := now.AddDate(0, 0, -1)
-			filter := api.SearchFilter{
-				TimeFilter: &api.TimeFilter{
-					StartTime: &start,
-					EndTime:   &now,
-				},
-				Filters: []api.Filter{
-					{Expression: "eq",
-						Field: "vulnId",
-						Value: args[0]},
-					{Expression: "ne",
-						Field: "status",
-						Value: "Fixed"},
-				}}
+			var (
+				filter api.SearchFilter
+				start  time.Time
+				end    time.Time
+				err    error
+			)
+
+			if vulCmdState.Range != "" {
+				cli.Log.Debugw("retrieving natural time range", "range", vulCmdState.Range)
+				start, end, err = lwtime.ParseNatural(vulCmdState.Range)
+				if err != nil {
+					return errors.Wrap(err, "unable to parse natural time range")
+				}
+
+			} else {
+				cli.Log.Debugw("parsing start time", "start", vulCmdState.Start)
+				start, err = parseQueryTime(vulCmdState.Start)
+				if err != nil {
+					return errors.Wrap(err, "unable to parse start time")
+				}
+
+				cli.Log.Debugw("parsing end time", "end", vulCmdState.End)
+				end, err = parseQueryTime(vulCmdState.End)
+				if err != nil {
+					return errors.Wrap(err, "unable to parse end time")
+				}
+			}
+
+			filter.TimeFilter = &api.TimeFilter{
+				StartTime: &start,
+				EndTime:   &end,
+			}
+
+			filter.Filters = []api.Filter{
+				{Expression: "eq",
+					Field: "vulnId",
+					Value: args[0]},
+				{Expression: "ne",
+					Field: "status",
+					Value: "Fixed"},
+			}
 
 			cli.StartProgress("Fetching Hosts...")
 			response, err := cli.LwApi.V2.Vulnerabilities.Hosts.SearchAllPages(filter)

cli/cmd/vulnerability.go

@@ -231,6 +231,23 @@ func setActiveFlag(cmds ...*flag.FlagSet) {
 	}
 }
 
+func setTimeRangeFlags(cmds ...*flag.FlagSet) {
+	for _, cmd := range cmds {
+		if cmd != nil {
+
+			cmd.StringVar(&vulCmdState.Start,
+				"start", "-24h", "start of the time range",
+			)
+			cmd.StringVar(&vulCmdState.End,
+				"end", "now", "end of the time range",
+			)
+			cmd.StringVar(&vulCmdState.Range,
+				"range", "", "natural time range for query",
+			)
+		}
+	}
+}
+
 func buildVulnContainerAssessmentReportTable(summary string, details string) string {
 	report := &strings.Builder{}
 

integration/host_vulnerability_test.go

@@ -480,3 +480,48 @@ func setHostVulnTestMachineID(lw *api.Client) {
 		}
 	}
 }
+
+func TestHostVulnerabilityListHostsTimeFilters(t *testing.T) {
+	var (
+		out          bytes.Buffer
+		err          bytes.Buffer
+		exitcode     int
+		hostVulnCVEs []api.HostVulnCVE
+		cveID        string
+	)
+
+	if os.Getenv("CI_SKIP_HOST_VULN") != "" {
+		t.Skip(fmt.Sprintf("skipping %s", t.Name()))
+	}
+
+	t.Run("list-cves", func(t *testing.T) {
+		out, err, exitcode = LaceworkCLIWithTOMLConfig(
+			"vulnerability", "host", "list-cves", "--json")
+		assert.Empty(t, err.String(), "STDERR should be empty")
+		assert.Equal(t, 0, exitcode, "EXITCODE is not the expected one")
+	})
+
+	t.Run("inspecting json output", func(t *testing.T) {
+		errJson := json.Unmarshal(out.Bytes(), &hostVulnCVEs)
+		assert.Nil(t, errJson)
+		assert.NotEmpty(t, hostVulnCVEs, "check JSON list-cves response")
+	})
+
+	cveID = hostVulnCVEs[0].ID
+
+	t.Run(fmt.Sprintf("startEnd for '%s'", cveID), func(t *testing.T) {
+		out, err, exitcode = LaceworkCLIWithTOMLConfig("vulnerability", "host", "list-hosts", cveID, "--start", "-48h", "--end", "-24h")
+		assert.Empty(t, err.String(), "STDERR should be empty")
+		assert.Equal(t, 0, exitcode, "EXITCODE is not the expected one")
+
+		assert.Contains(t, out, "1 High 1 Fixable", "Unexpected number of results")
+	})
+
+	t.Run(fmt.Sprintf("Natural range for '%s'", cveID), func(t *testing.T) {
+		out, err, exitcode = LaceworkCLIWithTOMLConfig("vulnerability", "host", "list-hosts", cveID, "--range", "last 6 days")
+		assert.Empty(t, err.String(), "STDERR should be empty")
+		assert.Equal(t, 0, exitcode, "EXITCODE is not the expected one")
+
+		assert.Contains(t, out, "1 High 6 Fixable", "Unexpected number of results")
+	})
+}

integration/test_resources/help/vulnerability_host_list-hosts

@@ -8,8 +8,11 @@ Usage:
   lacework vulnerability host list-hosts <cve_id> [flags]
 
 Flags:
-      --csv    output vulnerability assessment in CSV format
-  -h, --help   help for list-hosts
+      --csv            output vulnerability assessment in CSV format
+      --end string     end of the time range (default "now")
+  -h, --help           help for list-hosts
+      --range string   natural time range for query
+      --start string   start of the time range (default "-24h")
 
 Global Flags:
   -a, --account string      account subdomain of URL (i.e. <ACCOUNT>.lacework.net)