ThreatMapper icon indicating copy to clipboard operation
ThreatMapper copied to clipboard

Published 20 hours ago verified publisher icon deepfence

Mask repeating CVE as they are discovered

Open gnmahanth opened this issue 2 years ago • 1 comments

Is your feature request related to a problem? Please describe. Present implementation of CVE masking masks only the one which are already present in the system, future discovered CVE's which are repeated are not masked

Describe the solution you'd like Use reportHandler which pulls data from kafka to check for repeated CVE's and mask them if required

Components/Services

  • [ ] UI/Frontend
  • [x] API/Backend
  • [ ] Agent
  • [ ] Deployment/YAMLs
  • [ ] CI/CD Integration
  • [ ] Other (specify)

gnmahanth avatar May 16 '22 10:05 gnmahanth

  • Masked Cve's are not persisted and are lost on restart
  • Add new table maskcve in postgres db
  • table design
cve_id pk 
nodes {
	node_name: node_type,
	node_name: node_type,
}
example : cve-2020-2020
{
	"redis:latest": "container_image",
	"dev1": "host",
	"libc-bin:2.31-13+deb11u3": "package"
}
  • report handler has to load maked cves form this table first
  • when user masks a new cve they are masked in the ElasticSearch and publish the document & index to channel maskcve on redis
  • report handler receives the message from redis subscription
  • add newly masked cve to in memory cache and also save it to database

gnmahanth avatar May 19 '22 15:05 gnmahanth