add advisory date to msrc (#659)

wagoodman · web-flow · commit 0a5e456e8588 · 2025-08-29T20:26:54.000Z
Signed-off-by: Alex Goodman &lt;wagoodman@users.noreply.github.com&gt;
diff --git a/pkg/process/v6/transformers/msrc/test-fixtures/microsoft-msrc-0.json b/pkg/process/v6/transformers/msrc/test-fixtures/microsoft-msrc-0.json
@@ -13,7 +13,11 @@
     "links": [
      "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4493470",
      "https://support.microsoft.com/help/4493470"
-    ]
+    ],
+    "available": {
+     "date": "2019-11-12",
+     "kind": "advisory"
+    }
    },
    {
     "id": "4494440",
@@ -22,7 +26,11 @@
     "links": [
      "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4494440",
      "https://support.microsoft.com/help/4494440"
-    ]
+    ],
+    "available": {
+     "date": "2019-11-12",
+     "kind": "advisory"
+    }
    },
    {
     "id": "4503267",
@@ -31,7 +39,11 @@
     "links": [
      "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4503267",
      "https://support.microsoft.com/en-us/help/4503267"
-    ]
+    ],
+    "available": {
+     "date": "2019-11-12",
+     "kind": "advisory"
+    }
    },
    {
     "id": "4507460",
@@ -40,7 +52,11 @@
     "links": [
      "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4507460",
      "https://support.microsoft.com/help/4507460"
-    ]
+    ],
+    "available": {
+     "date": "2019-11-12",
+     "kind": "advisory"
+    }
    },
    {
     "id": "4512517",
@@ -49,7 +65,11 @@
     "links": [
      "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4512517",
      "https://support.microsoft.com/help/4512517"
-    ]
+    ],
+    "available": {
+     "date": "2019-11-12",
+     "kind": "advisory"
+    }
    },
    {
     "id": "4516044",
@@ -58,7 +78,11 @@
     "links": [
      "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516044",
      "https://support.microsoft.com/help/4516044"
-    ]
+    ],
+    "available": {
+     "date": "2019-11-12",
+     "kind": "advisory"
+    }
    }
   ],
   "id": "CVE-2019-0671",
@@ -90,79 +114,119 @@
     "is_latest": false,
     "links": [
      "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4093119"
-    ]
+    ],
+    "available": {
+     "date": "2019-11-12",
+     "kind": "advisory"
+    }
    },
    {
     "id": "4103723",
     "is_first": false,
     "is_latest": false,
     "links": [
      "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723"
-    ]
+    ],
+    "available": {
+     "date": "2019-11-12",
+     "kind": "advisory"
+    }
    },
    {
     "id": "4284880",
     "is_first": false,
     "is_latest": false,
     "links": [
      "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4284880"
-    ]
+    ],
+    "available": {
+     "date": "2019-11-12",
+     "kind": "advisory"
+    }
    },
    {
     "id": "4338814",
     "is_first": false,
     "is_latest": false,
     "links": [
      "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4338814"
-    ]
+    ],
+    "available": {
+     "date": "2019-11-12",
+     "kind": "advisory"
+    }
    },
    {
     "id": "4343887",
     "is_first": false,
     "is_latest": false,
     "links": [
      "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4343887"
-    ]
+    ],
+    "available": {
+     "date": "2019-11-12",
+     "kind": "advisory"
+    }
    },
    {
     "id": "4345418",
     "is_first": false,
     "is_latest": true,
     "links": [
      "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4345418"
-    ]
+    ],
+    "available": {
+     "date": "2019-11-12",
+     "kind": "advisory"
+    }
    },
    {
     "id": "4457131",
     "is_first": false,
     "is_latest": false,
     "links": [
      "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4457131"
-    ]
+    ],
+    "available": {
+     "date": "2019-11-12",
+     "kind": "advisory"
+    }
    },
    {
     "id": "4462917",
     "is_first": false,
     "is_latest": false,
     "links": [
      "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4462917"
-    ]
+    ],
+    "available": {
+     "date": "2019-11-12",
+     "kind": "advisory"
+    }
    },
    {
     "id": "4467691",
     "is_first": false,
     "is_latest": false,
     "links": [
      "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4467691"
-    ]
+    ],
+    "available": {
+     "date": "2019-11-12",
+     "kind": "advisory"
+    }
    },
    {
     "id": "4471321",
     "is_first": false,
     "is_latest": true,
     "links": [
      "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471321"
-    ]
+    ],
+    "available": {
+     "date": "2019-11-12",
+     "kind": "advisory"
+    }
    }
   ],
   "id": "CVE-2018-8116",
diff --git a/pkg/process/v6/transformers/msrc/transform.go b/pkg/process/v6/transformers/msrc/transform.go
@@ -73,7 +73,7 @@ func getRanges(vuln unmarshal.MSRCVulnerability) []grypeDB.AffectedRange {
 }
 
 func getFix(vuln unmarshal.MSRCVulnerability) *grypeDB.Fix {
-	fixedInVersion := fixedInKB(vuln)
+	fixedInVersion, fixDetail := fixedInKB(vuln)
 
 	fixState := grypeDB.FixedStatus
 	if fixedInVersion == "" {
@@ -83,18 +83,28 @@ func getFix(vuln unmarshal.MSRCVulnerability) *grypeDB.Fix {
 	return &grypeDB.Fix{
 		Version: fixedInVersion,
 		State:   fixState,
+		Detail:  fixDetail,
 	}
 }
 
 // fixedInKB finds the "latest" patch (KB id) amongst the available microsoft patches and returns it
 // if the "latest" patch cannot be found, an empty string is returned
-func fixedInKB(vulnerability unmarshal.MSRCVulnerability) string {
+func fixedInKB(vulnerability unmarshal.MSRCVulnerability) (string, *grypeDB.FixDetail) {
 	for _, fixedIn := range vulnerability.FixedIn {
 		if fixedIn.IsLatest {
-			return fixedIn.ID
+			var detail *grypeDB.FixDetail
+			if fixedIn.Available.Date != "" {
+				detail = &grypeDB.FixDetail{
+					Available: &grypeDB.FixAvailability{
+						Date: internal.ParseTime(fixedIn.Available.Date),
+						Kind: fixedIn.Available.Kind,
+					},
+				}
+			}
+			return fixedIn.ID, detail
 		}
 	}
-	return ""
+	return "", nil
 }
 
 func getReferences(vuln unmarshal.MSRCVulnerability) []grypeDB.Reference {
diff --git a/pkg/process/v6/transformers/msrc/transform_test.go b/pkg/process/v6/transformers/msrc/transform_test.go
@@ -96,6 +96,12 @@ func TestParseMSRCEntry(t *testing.T) {
 									Fix: &grypeDB.Fix{
 										Version: "4516044",
 										State:   grypeDB.FixedStatus,
+										Detail: &grypeDB.FixDetail{
+											Available: &grypeDB.FixAvailability{
+												Date: timePtr(time.Date(2019, 11, 12, 0, 0, 0, 0, time.UTC)),
+												Kind: "advisory",
+											},
+										},
 									},
 								},
 							},
@@ -155,6 +161,12 @@ func TestParseMSRCEntry(t *testing.T) {
 									Fix: &grypeDB.Fix{
 										Version: "4345418",
 										State:   grypeDB.FixedStatus,
+										Detail: &grypeDB.FixDetail{
+											Available: &grypeDB.FixAvailability{
+												Date: timePtr(time.Date(2019, 11, 12, 0, 0, 0, 0, time.UTC)),
+												Kind: "advisory",
+											},
+										},
 									},
 								},
 							},
@@ -183,3 +195,7 @@ func TestParseMSRCEntry(t *testing.T) {
 		}
 	}
 }
+
+func timePtr(t time.Time) *time.Time {
+	return &t
+}
diff --git a/pkg/provider/unmarshal/msrc_vulnerability.go b/pkg/provider/unmarshal/msrc_vulnerability.go
@@ -12,10 +12,14 @@ type MSRCVulnerability struct {
 		Vector        string  `json:"vector"`
 	} `json:"cvss"`
 	FixedIn []struct {
-		ID       string   `json:"id"`
-		IsFirst  bool     `json:"is_first"`
-		IsLatest bool     `json:"is_latest"`
-		Links    []string `json:"links"`
+		ID        string   `json:"id"`
+		IsFirst   bool     `json:"is_first"`
+		IsLatest  bool     `json:"is_latest"`
+		Links     []string `json:"links"`
+		Available struct {
+			Date string `json:"date,omitempty"`
+			Kind string `json:"kind,omitempty"`
+		} `json:"available,omitempty"`
 	} `json:"fixed_in"`
 	ID      string `json:"id"`
 	Link    string `json:"link"`
