Changes vulns retrieve endpoint to vulnDirect API (#11)

* Changes vulns retrieve endpoint to vulnDirect API

* Updates digest of test image

* Check image scan-result status before making a call to vulnDirect API

Author: marcuzzuu

pkg/secure/client.go

@@ -124,30 +124,55 @@ func (s *client) checkErrorInSecureAPI(response *http.Response, body []byte) err
 	return errors.New(secureError.Message)
 }
 
+type imageScanResultResponse struct {
+	Results []*imageScanResult `json:"results"`
+}
+
+type imageScanResult struct {
+	AnalysisStatus string `json:"analysisStatus"`
+	AnalyzedAt     int    `json:"analyzedAt"`
+	CreatedAt      int    `json:"createdAt"`
+	ImageDigest    string `json:"imageDigest"`
+	ImageId        string `json:"imageId"`
+	FullTag        string `json:"fullTag"`
+}
+
 func (s *client) GetVulnerabilities(shaDigest string) (VulnerabilityReport, error) {
+	var checkScanResultResponse imageScanResultResponse
 	var result VulnerabilityReport
 
 	response, body, err := s.doRequest(
 		http.MethodGet,
-		fmt.Sprintf("/api/scanning/v1/anchore/images/%s/vuln/all", shaDigest),
+		fmt.Sprintf("/api/scanning/v1/results?filter=%s&limit=%d", shaDigest, 1),
 		nil)
 	if err != nil {
 		return result, err
 	}
 
 	if err = s.checkErrorInSecureAPI(response, body); err != nil {
-		if response.StatusCode == http.StatusNotFound {
-			if err.Error() == "image not found in DB" {
-				return result, ErrImageNotFound
-			}
-
-			if strings.HasPrefix(err.Error(), "image is not analyzed - analysis_status:") {
-				return result, ErrVulnerabiltyReportNotReady
-			}
-		}
+		return result, err
+	}
+	if err = json.Unmarshal(body, &checkScanResultResponse); err != nil {
+		return result, err
+	}
+
+	if len(checkScanResultResponse.Results) == 0 {
+		return result, ErrImageNotFound
+	} else if img := checkScanResultResponse.Results[0]; img.AnalysisStatus != "analyzed" {
+		return result, ErrVulnerabiltyReportNotReady
+	}
+
+	response, body, err = s.doRequest(
+		http.MethodGet,
+		fmt.Sprintf("/api/scanning/v1/images/%s/vulnDirect/all?includeVulnExceptions=%t", shaDigest, false),
+		nil)
+	if err != nil {
 		return result, err
 	}
 
+	if err = s.checkErrorInSecureAPI(response, body); err != nil {
+		return result, err
+	}
 	if err = json.Unmarshal(body, &result); err != nil {
 		return result, err
 	}

pkg/secure/client_test.go

@@ -44,7 +44,7 @@ var _ = Describe("Sysdig Secure Client", func() {
 
 	Context("when retrieving vulnerabilities for an image", func() {
 		It("gets the report for a SHA", func() {
-			response, _ := client.GetVulnerabilities("sha256:fda6b046981f5dab88aad84c6cebed4e47a0d6ad1c8ff7f58b5f0e6a95a5b2c1")
+			response, _ := client.GetVulnerabilities("sha256:1e331e745ddf2b295d93f04c1477489fce34bf9ac26f4ab964f14e9dbe4e2dc4")
 
 			Expect(response).NotTo(Equal(secure.VulnerabilityReport{}))
 			Expect(len(response.Vulnerabilities)).To(BeNumerically(">", 0))
@@ -108,7 +108,7 @@ var _ = Describe("Sysdig Secure Client", func() {
 
 	Context("when getting an image information", func() {
 		It("returns the image information", func() {
-			image, _ := client.GetImage("sha256:7cd23a94051e17b191b5cc5b4682ed9f3ece26b8283dc39b8a5b894462cec696")
+			image, _ := client.GetImage("sha256:1e331e745ddf2b295d93f04c1477489fce34bf9ac26f4ab964f14e9dbe4e2dc4")
 
 			Expect(image).NotTo(Equal(secure.ScanResponse{}))
 		})

pkg/secure/model.go

@@ -51,8 +51,8 @@ type ErrorResponse struct {
 
 type VulnerabilityReport struct {
 	ImageDigest       string           `json:"imageDigest"`
-	VulnerabilityType string           `json:"vulnerability_type"`
-	Vulnerabilities   []*Vulnerability `json:"vulnerabilities"`
+	VulnerabilityType string           `json:"vtype"`
+	Vulnerabilities   []*Vulnerability `json:"vulns"`
 }
 
 type Vulnerability struct {
@@ -72,12 +72,12 @@ type Vulnerability struct {
 }
 
 type NVDData struct {
-	ID    string `json:"id"`
-	CSSV2 *CSS   `json:"css_v2"`
-	CSSV3 *CSS   `json:"css_v3"`
+	ID     string `json:"id"`
+	CVSSV2 *CVSS  `json:"cvss_v2"`
+	CVSSV3 *CVSS  `json:"cvss_v3"`
 }
 
-type CSS struct {
+type CVSS struct {
 	BaseScore           float32 `json:"base_score"`
 	ExploitabilityScore float32 `json:"exploitability_score"`
 	ImpactScore         float32 `json:"impact_score"`