Skip to content

Commit 9a5b260

Browse files
tas50claude
tas50
and
claude
committed
🐛 Fix Inspector finding sub-resource ID collisions
Add finding ARN prefix to __id for packageVulnerability, networkReachability, codeVulnerability, cvssScore, and vulnerablePackage sub-resources to prevent cache key collisions across different findings. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 4462929 commit 9a5b260

File tree

1 file changed

+9
-0
lines changed

1 file changed

+9
-0
lines changed

providers/aws/resources/aws_inspector.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -317,10 +317,13 @@ func (a *mqlAwsInspectorFinding) packageVulnerability() (*mqlAwsInspectorFinding
317317
}
318318
pvd := a.cacheFinding.PackageVulnerabilityDetails
319319

320+
findingArn := a.Arn.Data
321+
320322
cvssScores := make([]any, 0, len(pvd.Cvss))
321323
for _, c := range pvd.Cvss {
322324
mqlCvss, err := CreateResource(a.MqlRuntime, "aws.inspector.finding.packageVulnerability.cvssScore",
323325
map[string]*llx.RawData{
326+
"__id": llx.StringData(fmt.Sprintf("%s/cvss/%s/%s/%.1f", findingArn, convert.ToValue(c.Source), convert.ToValue(c.Version), derefFloat64(c.BaseScore))),
324327
"baseScore": llx.FloatData(derefFloat64(c.BaseScore)),
325328
"scoringVector": llx.StringDataPtr(c.ScoringVector),
326329
"source": llx.StringDataPtr(c.Source),
@@ -337,6 +340,7 @@ func (a *mqlAwsInspectorFinding) packageVulnerability() (*mqlAwsInspectorFinding
337340
pkg := pvd.VulnerablePackages[i]
338341
mqlPkg, err := CreateResource(a.MqlRuntime, "aws.inspector.finding.vulnerablePackage",
339342
map[string]*llx.RawData{
343+
"__id": llx.StringData(fmt.Sprintf("%s/pkg/%s/%s/%s", findingArn, convert.ToValue(pkg.Name), convert.ToValue(pkg.Version), convert.ToValue(pkg.Arch))),
340344
"name": llx.StringDataPtr(pkg.Name),
341345
"version": llx.StringDataPtr(pkg.Version),
342346
"arch": llx.StringDataPtr(pkg.Arch),
@@ -355,6 +359,7 @@ func (a *mqlAwsInspectorFinding) packageVulnerability() (*mqlAwsInspectorFinding
355359

356360
mqlPvd, err := CreateResource(a.MqlRuntime, "aws.inspector.finding.packageVulnerability",
357361
map[string]*llx.RawData{
362+
"__id": llx.StringData(findingArn + "/packageVulnerability"),
358363
"vulnerabilityId": llx.StringDataPtr(pvd.VulnerabilityId),
359364
"source": llx.StringDataPtr(pvd.Source),
360365
"sourceUrl": llx.StringDataPtr(pvd.SourceUrl),
@@ -413,8 +418,10 @@ func (a *mqlAwsInspectorFinding) networkReachability() (*mqlAwsInspectorFindingN
413418
networkPath = path
414419
}
415420

421+
findingArn := a.Arn.Data
416422
mqlNr, err := CreateResource(a.MqlRuntime, "aws.inspector.finding.networkReachability",
417423
map[string]*llx.RawData{
424+
"__id": llx.StringData(findingArn + "/networkReachability"),
418425
"protocol": llx.StringData(string(nrd.Protocol)),
419426
"openPortStart": llx.IntData(portStart),
420427
"openPortEnd": llx.IntData(portEnd),
@@ -442,8 +449,10 @@ func (a *mqlAwsInspectorFinding) codeVulnerability() (*mqlAwsInspectorFindingCod
442449
return nil, err
443450
}
444451

452+
findingArn := a.Arn.Data
445453
mqlCv, err := CreateResource(a.MqlRuntime, "aws.inspector.finding.codeVulnerability",
446454
map[string]*llx.RawData{
455+
"__id": llx.StringData(findingArn + "/codeVulnerability"),
447456
"cwes": llx.ArrayData(llx.TArr2Raw(cvd.Cwes), "string"),
448457
"detectorId": llx.StringDataPtr(cvd.DetectorId),
449458
"detectorName": llx.StringDataPtr(cvd.DetectorName),

0 commit comments

Comments
 (0)