refactor(server): change custom advisory and vulnerability data types fr… (#8923)

Co-authored-by: knqyf263 <knqyf263@gmail.com>
2025-12-12 07:40:48 -08:00 · 2025-05-29 21:54:11 -07:00
parent c0cc8a2c47
commit c29bb21973
5 changed files with 49 additions and 45 deletions
--- a/pkg/rpc/client/client_test.go
+++ b/pkg/rpc/client/client_test.go
@@ -140,11 +140,13 @@ func TestScanner_Scan(t *testing.T) {
 									CweIDs:           []string{"CWE-78"},
 									LastModifiedDate: utils.MustTimeParse("2020-01-01T01:01:00Z"),
 									PublishedDate:    utils.MustTimeParse("2001-01-01T01:01:00Z"),
+									Custom:           []uint8(nil),
 								},
 								SeveritySource: "nvd",
 								Layer: ftypes.Layer{
 									DiffID: "sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10",
 								},
+								Custom: []uint8(nil),
 							},
 						},
 					},
--- a/pkg/rpc/convert.go
+++ b/pkg/rpc/convert.go
@@ -1,6 +1,7 @@
 package rpc

 import (
+	"encoding/json"
 	"time"

 	"github.com/package-url/packageurl-go"
@@ -297,12 +298,14 @@ func ConvertToRPCVulns(vulns []types.DetectedVulnerability) []*common.Vulnerabil
 			publishedDate = timestamppb.New(*vuln.PublishedDate) // nolint: errcheck
 		}

-		var customAdvisoryData, customVulnData *structpb.Value
+		var customAdvisoryData, customVulnData []byte
 		if vuln.Custom != nil {
-			customAdvisoryData, _ = structpb.NewValue(vuln.Custom) // nolint: errcheck
+			jsonBytes, _ := json.Marshal(vuln.Custom) // nolint: errcheck
+			customAdvisoryData = jsonBytes
 		}
 		if vuln.Vulnerability.Custom != nil {
-			customVulnData, _ = structpb.NewValue(vuln.Vulnerability.Custom) // nolint: errcheck
+			jsonBytes, _ := json.Marshal(vuln.Vulnerability.Custom) // nolint: errcheck
+			customVulnData = jsonBytes
 		}

 		rpcVulns = append(rpcVulns, &common.Vulnerability{
@@ -614,13 +617,13 @@ func ConvertFromRPCVulns(rpcVulns []*common.Vulnerability) []types.DetectedVulne
 				CweIDs:           vuln.CweIds,
 				LastModifiedDate: lastModifiedDate,
 				PublishedDate:    publishedDate,
-				Custom:           vuln.CustomVulnData.AsInterface(),
+				Custom:           vuln.CustomVulnData,
 				VendorSeverity:   vendorSeverityMap,
 			},
 			Layer:          ConvertFromRPCLayer(vuln.Layer),
 			SeveritySource: dbTypes.SourceID(vuln.SeveritySource),
 			PrimaryURL:     vuln.PrimaryUrl,
-			Custom:         vuln.CustomAdvisoryData.AsInterface(),
+			Custom:         vuln.CustomAdvisoryData,
 			DataSource:     ConvertFromRPCDataSource(vuln.DataSource),
 		})
 	}
--- a/pkg/rpc/convert_test.go
+++ b/pkg/rpc/convert_test.go
@@ -530,11 +530,13 @@ func TestConvertFromRPCResults(t *testing.T) {
 								References:       []string{"http://example.com"},
 								PublishedDate:    &fixedPublishedDate,
 								LastModifiedDate: &fixedLastModifiedDate,
+								Custom:           []uint8(nil),
 							},
 							DataSource: &dbTypes.DataSource{
 								Name: "GitHub Security Advisory Maven",
 								URL:  "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven",
 							},
+							Custom: []uint8(nil),
 						},
 					},
 				},
@@ -616,7 +618,9 @@ func TestConvertFromRPCResults(t *testing.T) {
 									},
 								},
 								References: []string{"http://example.com"},
+								Custom:     []uint8(nil),
 							},
+							Custom: []uint8(nil),
 						},
 					},
 				},
--- a/rpc/common/service.pb.go
+++ b/rpc/common/service.pb.go
@@ -1199,8 +1199,8 @@ type Vulnerability struct {
 	PrimaryUrl         string                 `protobuf:"bytes,14,opt,name=primary_url,json=primaryUrl,proto3" json:"primary_url,omitempty"`
 	PublishedDate      *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=published_date,json=publishedDate,proto3" json:"published_date,omitempty"`
 	LastModifiedDate   *timestamppb.Timestamp `protobuf:"bytes,16,opt,name=last_modified_date,json=lastModifiedDate,proto3" json:"last_modified_date,omitempty"`
-	CustomAdvisoryData *structpb.Value        `protobuf:"bytes,17,opt,name=custom_advisory_data,json=customAdvisoryData,proto3" json:"custom_advisory_data,omitempty"`
-	CustomVulnData     *structpb.Value        `protobuf:"bytes,18,opt,name=custom_vuln_data,json=customVulnData,proto3" json:"custom_vuln_data,omitempty"`
+	CustomAdvisoryData []byte                 `protobuf:"bytes,17,opt,name=custom_advisory_data,json=customAdvisoryData,proto3" json:"custom_advisory_data,omitempty"`
+	CustomVulnData     []byte                 `protobuf:"bytes,18,opt,name=custom_vuln_data,json=customVulnData,proto3" json:"custom_vuln_data,omitempty"`
 	VendorIds          []string               `protobuf:"bytes,19,rep,name=vendor_ids,json=vendorIds,proto3" json:"vendor_ids,omitempty"`
 	DataSource         *DataSource            `protobuf:"bytes,20,opt,name=data_source,json=dataSource,proto3" json:"data_source,omitempty"`
 	VendorSeverity     map[string]Severity    `protobuf:"bytes,21,rep,name=vendor_severity,json=vendorSeverity,proto3" json:"vendor_severity,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3,enum=trivy.common.Severity"`
@@ -1353,14 +1353,14 @@ func (x *Vulnerability) GetLastModifiedDate() *timestamppb.Timestamp {
 	return nil
 }

-func (x *Vulnerability) GetCustomAdvisoryData() *structpb.Value {
+func (x *Vulnerability) GetCustomAdvisoryData() []byte {
 	if x != nil {
 		return x.CustomAdvisoryData
 	}
 	return nil
 }

-func (x *Vulnerability) GetCustomVulnData() *structpb.Value {
+func (x *Vulnerability) GetCustomVulnData() []byte {
 	if x != nil {
 		return x.CustomVulnData
 	}
@@ -2659,7 +2659,7 @@ var file_rpc_common_service_proto_rawDesc = []byte{
 	0x74, 0x61, 0x52, 0x0d, 0x63, 0x61, 0x75, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74,
 	0x61, 0x12, 0x15, 0x0a, 0x06, 0x61, 0x76, 0x64, 0x5f, 0x69, 0x64, 0x18, 0x0e, 0x20, 0x01, 0x28,
 	0x09, 0x52, 0x05, 0x61, 0x76, 0x64, 0x49, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x71, 0x75, 0x65, 0x72,
-	0x79, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x22, 0xff,
+	0x79, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x22, 0xcf,
 	0x09, 0x0a, 0x0d, 0x56, 0x75, 0x6c, 0x6e, 0x65, 0x72, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79,
 	0x12, 0x29, 0x0a, 0x10, 0x76, 0x75, 0x6c, 0x6e, 0x65, 0x72, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74,
 	0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x76, 0x75, 0x6c, 0x6e,
@@ -2704,15 +2704,12 @@ var file_rpc_common_service_proto_rawDesc = []byte{
 	0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x65, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b,
 	0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
 	0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x6c, 0x61,
-	0x73, 0x74, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x64, 0x44, 0x61, 0x74, 0x65, 0x12, 0x48,
+	0x73, 0x74, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x64, 0x44, 0x61, 0x74, 0x65, 0x12, 0x30,
 	0x0a, 0x14, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5f, 0x61, 0x64, 0x76, 0x69, 0x73, 0x6f, 0x72,
-	0x79, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56,
-	0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x41, 0x64, 0x76, 0x69,
-	0x73, 0x6f, 0x72, 0x79, 0x44, 0x61, 0x74, 0x61, 0x12, 0x40, 0x0a, 0x10, 0x63, 0x75, 0x73, 0x74,
-	0x6f, 0x6d, 0x5f, 0x76, 0x75, 0x6c, 0x6e, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x12, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x75, 0x73, 0x74,
+	0x79, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x12, 0x63, 0x75,
+	0x73, 0x74, 0x6f, 0x6d, 0x41, 0x64, 0x76, 0x69, 0x73, 0x6f, 0x72, 0x79, 0x44, 0x61, 0x74, 0x61,
+	0x12, 0x28, 0x0a, 0x10, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5f, 0x76, 0x75, 0x6c, 0x6e, 0x5f,
+	0x64, 0x61, 0x74, 0x61, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0e, 0x63, 0x75, 0x73, 0x74,
 	0x6f, 0x6d, 0x56, 0x75, 0x6c, 0x6e, 0x44, 0x61, 0x74, 0x61, 0x12, 0x1d, 0x0a, 0x0a, 0x76, 0x65,
 	0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x13, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09,
 	0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x49, 0x64, 0x73, 0x12, 0x39, 0x0a, 0x0b, 0x64, 0x61, 0x74,
@@ -2973,31 +2970,29 @@ var file_rpc_common_service_proto_depIdxs = []int32{
 	30, // 16: trivy.common.Vulnerability.cvss:type_name -> trivy.common.Vulnerability.CvssEntry
 	32, // 17: trivy.common.Vulnerability.published_date:type_name -> google.protobuf.Timestamp
 	32, // 18: trivy.common.Vulnerability.last_modified_date:type_name -> google.protobuf.Timestamp
-	33, // 19: trivy.common.Vulnerability.custom_advisory_data:type_name -> google.protobuf.Value
-	33, // 20: trivy.common.Vulnerability.custom_vuln_data:type_name -> google.protobuf.Value
-	15, // 21: trivy.common.Vulnerability.data_source:type_name -> trivy.common.DataSource
-	31, // 22: trivy.common.Vulnerability.vendor_severity:type_name -> trivy.common.Vulnerability.VendorSeverityEntry
-	21, // 23: trivy.common.CauseMetadata.code:type_name -> trivy.common.Code
-	22, // 24: trivy.common.CauseMetadata.rendered_cause:type_name -> trivy.common.RenderedCause
-	16, // 25: trivy.common.CustomResource.layer:type_name -> trivy.common.Layer
-	33, // 26: trivy.common.CustomResource.data:type_name -> google.protobuf.Value
-	20, // 27: trivy.common.Code.lines:type_name -> trivy.common.Line
-	21, // 28: trivy.common.SecretFinding.code:type_name -> trivy.common.Code
-	16, // 29: trivy.common.SecretFinding.layer:type_name -> trivy.common.Layer
-	23, // 30: trivy.common.Secret.findings:type_name -> trivy.common.SecretFinding
-	0,  // 31: trivy.common.DetectedLicense.severity:type_name -> trivy.common.Severity
-	1,  // 32: trivy.common.DetectedLicense.category:type_name -> trivy.common.LicenseCategory.Enum
-	2,  // 33: trivy.common.LicenseFile.license_type:type_name -> trivy.common.LicenseType.Enum
-	27, // 34: trivy.common.LicenseFile.fingings:type_name -> trivy.common.LicenseFinding
-	16, // 35: trivy.common.LicenseFile.layer:type_name -> trivy.common.Layer
-	1,  // 36: trivy.common.LicenseFinding.category:type_name -> trivy.common.LicenseCategory.Enum
-	18, // 37: trivy.common.Vulnerability.CvssEntry.value:type_name -> trivy.common.CVSS
-	0,  // 38: trivy.common.Vulnerability.VendorSeverityEntry.value:type_name -> trivy.common.Severity
-	39, // [39:39] is the sub-list for method output_type
-	39, // [39:39] is the sub-list for method input_type
-	39, // [39:39] is the sub-list for extension type_name
-	39, // [39:39] is the sub-list for extension extendee
-	0,  // [0:39] is the sub-list for field type_name
+	15, // 19: trivy.common.Vulnerability.data_source:type_name -> trivy.common.DataSource
+	31, // 20: trivy.common.Vulnerability.vendor_severity:type_name -> trivy.common.Vulnerability.VendorSeverityEntry
+	21, // 21: trivy.common.CauseMetadata.code:type_name -> trivy.common.Code
+	22, // 22: trivy.common.CauseMetadata.rendered_cause:type_name -> trivy.common.RenderedCause
+	16, // 23: trivy.common.CustomResource.layer:type_name -> trivy.common.Layer
+	33, // 24: trivy.common.CustomResource.data:type_name -> google.protobuf.Value
+	20, // 25: trivy.common.Code.lines:type_name -> trivy.common.Line
+	21, // 26: trivy.common.SecretFinding.code:type_name -> trivy.common.Code
+	16, // 27: trivy.common.SecretFinding.layer:type_name -> trivy.common.Layer
+	23, // 28: trivy.common.Secret.findings:type_name -> trivy.common.SecretFinding
+	0,  // 29: trivy.common.DetectedLicense.severity:type_name -> trivy.common.Severity
+	1,  // 30: trivy.common.DetectedLicense.category:type_name -> trivy.common.LicenseCategory.Enum
+	2,  // 31: trivy.common.LicenseFile.license_type:type_name -> trivy.common.LicenseType.Enum
+	27, // 32: trivy.common.LicenseFile.fingings:type_name -> trivy.common.LicenseFinding
+	16, // 33: trivy.common.LicenseFile.layer:type_name -> trivy.common.Layer
+	1,  // 34: trivy.common.LicenseFinding.category:type_name -> trivy.common.LicenseCategory.Enum
+	18, // 35: trivy.common.Vulnerability.CvssEntry.value:type_name -> trivy.common.CVSS
+	0,  // 36: trivy.common.Vulnerability.VendorSeverityEntry.value:type_name -> trivy.common.Severity
+	37, // [37:37] is the sub-list for method output_type
+	37, // [37:37] is the sub-list for method input_type
+	37, // [37:37] is the sub-list for extension type_name
+	37, // [37:37] is the sub-list for extension extendee
+	0,  // [0:37] is the sub-list for field type_name
 }

 func init() { file_rpc_common_service_proto_init() }
--- a/rpc/common/service.proto
+++ b/rpc/common/service.proto
@@ -134,8 +134,8 @@ message Vulnerability {
  string                    primary_url          = 14;
  google.protobuf.Timestamp published_date       = 15;
  google.protobuf.Timestamp last_modified_date   = 16;
-  google.protobuf.Value     custom_advisory_data = 17;
-  google.protobuf.Value     custom_vuln_data     = 18;
+  bytes                     custom_advisory_data = 17;
+  bytes                     custom_vuln_data     = 18;
  repeated string           vendor_ids           = 19;
  DataSource                data_source          = 20;
  map<string, Severity>     vendor_severity      = 21;