feat: Add systemcve cli cmd (goharbor#388)

* created systemcve cmd

Signed-off-by: ALTHAF <althafasharaf02@gmail.com>

* modified systemcve cmd

Signed-off-by: ALTHAF <althafasharaf02@gmail.com>

* modified to harbor cve-allowlist list/add

Signed-off-by: ALTHAF <althafasharaf02@gmail.com>

* Update cmd.go

Signed-off-by: ALTHAF <114910365+Althaf66@users.noreply.github.com>

* fix lint issue

Signed-off-by: ALTHAF <althafasharaf02@gmail.com>

* changed date to iso format

Signed-off-by: ALTHAF <althafasharaf02@gmail.com>

* modified cveallowlist cmd

Signed-off-by: ALTHAF <althafasharaf02@gmail.com>

* add docs

Signed-off-by: Rizul Gupta <mail2rizul@gmail.com>

* fix lint issues

Signed-off-by: Rizul Gupta <mail2rizul@gmail.com>

* fix lint issues

Signed-off-by: Rizul Gupta <mail2rizul@gmail.com>

fixes

Signed-off-by: Rizul Gupta <mail2rizul@gmail.com>

fixes

Signed-off-by: Rizul Gupta <mail2rizul@gmail.com>

* header fixes

Signed-off-by: Rizul Gupta <mail2rizul@gmail.com>

* suggested changes

Signed-off-by: Rizul Gupta <mail2rizul@gmail.com>

* small changes

Signed-off-by: Rizul Gupta <mail2rizul@gmail.com>

* lint fix

Signed-off-by: Rizul Gupta <mail2rizul@gmail.com>

---------

Signed-off-by: ALTHAF <althafasharaf02@gmail.com>
Signed-off-by: ALTHAF <114910365+Althaf66@users.noreply.github.com>
Signed-off-by: Rizul Gupta <mail2rizul@gmail.com>
Signed-off-by: Vadim Bauer <vb@container-registry.com>
Co-authored-by: ALTHAF <althafasharaf02@gmail.com>
Co-authored-by: ALTHAF <114910365+Althaf66@users.noreply.github.com>
Co-authored-by: Vadim Bauer <vb@container-registry.com>

Author: 3 people

cmd/harbor/root/cmd.go

@@ -19,11 +19,12 @@ import (
 
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/artifact"
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/config"
+	"github.com/goharbor/harbor-cli/cmd/harbor/root/cve"
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/instance"
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/labels"
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/project"
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/registry"
-	repositry "github.com/goharbor/harbor-cli/cmd/harbor/root/repository"
+	"github.com/goharbor/harbor-cli/cmd/harbor/root/repository"
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/schedule"
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/tag"
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/user"
@@ -95,11 +96,12 @@ harbor help
 		config.Config(),
 		project.Project(),
 		registry.Registry(),
-		repositry.Repository(),
+		repository.Repository(),
 		user.User(),
 		artifact.Artifact(),
 		tag.TagCommand(),
 		HealthCommand(),
+		cve.CVEAllowlist(),
 		schedule.Schedule(),
 		labels.Labels(),
 		InfoCommand(),

cmd/harbor/root/cve/add.go

@@ -0,0 +1,60 @@
+// Copyright Project Harbor Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package cve
+
+import (
+	"github.com/goharbor/harbor-cli/pkg/api"
+	"github.com/goharbor/harbor-cli/pkg/views/cveallowlist/update"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+func AddCveAllowlistCommand() *cobra.Command {
+	var opts update.UpdateView
+
+	cmd := &cobra.Command{
+		Use:   "add",
+		Short: "Add cve allowlist",
+		Long:  "Create allowlist of CVEs to ignore during vulnerability scanning",
+		Run: func(cmd *cobra.Command, args []string) {
+			var err error
+			updateView := &update.UpdateView{
+				CveId:      opts.CveId,
+				IsExpire:   opts.IsExpire,
+				ExpireDate: opts.ExpireDate,
+			}
+
+			err = updatecveView(updateView)
+			if err != nil {
+				log.Errorf("failed to add cveallowlist: %v", err)
+			}
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.IsExpire, "isexpire", "i", false, "Indicates whether the CVE entries should have an expiration date. Set to true to specify an expiration date")
+	flags.StringVarP(&opts.CveId, "cveid", "n", "", "Comma-separated list of CVE IDs to be added to the allowlist")
+	flags.StringVarP(&opts.ExpireDate, "expiredate", "d", "", "Specifies the expiration date for the CVE entries in the format 'YYYY-MM-DD'")
+
+	return cmd
+}
+
+func updatecveView(updateView *update.UpdateView) error {
+	if updateView == nil {
+		updateView = &update.UpdateView{}
+	}
+
+	update.UpdateCveView(updateView)
+	return api.UpdateSystemCve(*updateView)
+}

cmd/harbor/root/cve/cmd.go

@@ -0,0 +1,33 @@
+// Copyright Project Harbor Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package cve
+
+import (
+	"github.com/spf13/cobra"
+)
+
+func CVEAllowlist() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:     "cve-allowlist",
+		Short:   "Manage system CVE allowlist",
+		Long:    `Managing CVE lists that are intentionally excluded from vulnerability scanning`,
+		Example: `harbor cve-allowlist list`,
+	}
+	cmd.AddCommand(
+		ListCveCommand(),
+		AddCveAllowlistCommand(),
+	)
+
+	return cmd
+}

cmd/harbor/root/cve/list.go

@@ -0,0 +1,49 @@
+// Copyright Project Harbor Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package cve
+
+import (
+	"github.com/goharbor/harbor-cli/pkg/api"
+	"github.com/goharbor/harbor-cli/pkg/utils"
+	"github.com/goharbor/harbor-cli/pkg/views/cveallowlist/list"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+func ListCveCommand() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "list",
+		Short: "List system level allowlist of cve",
+		Args:  cobra.NoArgs,
+		Run: func(cmd *cobra.Command, args []string) {
+			cve, err := api.ListSystemCve()
+			if err != nil {
+				log.Fatalf("failed to get system cve list: %v", err)
+			}
+			FormatFlag := viper.GetString("output-format")
+			if FormatFlag != "" {
+				err = utils.PrintFormat(cve, FormatFlag)
+				if err != nil {
+					log.Fatalf("failed to print cve list: %v", err)
+					return
+				}
+			} else {
+				list.ListSystemCve(cve.Payload)
+			}
+		},
+	}
+
+	return cmd
+}

doc/cli-docs/harbor-cve-allowlist-add.md

@@ -0,0 +1,39 @@
+---
+title: harbor cve allowlist add
+weight: 60
+---
+## harbor cve-allowlist add
+
+### Description
+
+##### Add cve allowlist
+
+### Synopsis
+
+Create allowlists of CVEs to ignore during vulnerability scanning
+
+```sh
+harbor cve-allowlist add [flags]
+```
+
+### Options
+
+```sh
+  -n, --cveid string        Comma-separated list of CVE IDs to be added to the allowlist
+  -d, --expiredate string   Specifies the expiration date for the CVE entries in the format 'YYYY-MM-DD'
+  -h, --help                help for add
+  -i, --isexpire            Indicates whether the CVE entries should have an expiration date. Set to true to specify an expiration date
+```
+
+### Options inherited from parent commands
+
+```sh
+  -c, --config string          config file (default is $HOME/.config/harbor-cli/config.yaml)
+  -o, --output-format string   Output format. One of: json|yaml
+  -v, --verbose                verbose output
+```
+
+### SEE ALSO
+
+* [harbor cve-allowlist](harbor-cve-allowlist.md)	 - Manage system CVE allowlist
+

doc/cli-docs/harbor-cve-allowlist-list.md

@@ -0,0 +1,32 @@
+---
+title: harbor cve allowlist list
+weight: 60
+---
+## harbor cve-allowlist list
+
+### Description
+
+##### list system level allowlist of cve
+
+```sh
+harbor cve-allowlist list [flags]
+```
+
+### Options
+
+```sh
+  -h, --help   help for list
+```
+
+### Options inherited from parent commands
+
+```sh
+  -c, --config string          config file (default is $HOME/.config/harbor-cli/config.yaml)
+  -o, --output-format string   Output format. One of: json|yaml
+  -v, --verbose                verbose output
+```
+
+### SEE ALSO
+
+* [harbor cve-allowlist](harbor-cve-allowlist.md)	 - Manage system CVE allowlist
+

doc/cli-docs/harbor-cve-allowlist.md

@@ -0,0 +1,40 @@
+---
+title: harbor cve allowlist
+weight: 70
+---
+## harbor cve-allowlist
+
+### Description
+
+##### Manage system CVE allowlist
+
+### Synopsis
+
+Managing CVE lists that are intentionally excluded from vulnerability scanning
+
+### Examples
+
+```sh
+harbor cve-allowlist list
+```
+
+### Options
+
+```sh
+  -h, --help   help for cve-allowlist
+```
+
+### Options inherited from parent commands
+
+```sh
+  -c, --config string          config file (default is $HOME/.config/harbor-cli/config.yaml)
+  -o, --output-format string   Output format. One of: json|yaml
+  -v, --verbose                verbose output
+```
+
+### SEE ALSO
+
+* [harbor](harbor.md)	 - Official Harbor CLI
+* [harbor cve-allowlist add](harbor-cve-allowlist-add.md)	 - Add cve allowlist
+* [harbor cve-allowlist list](harbor-cve-allowlist-list.md)	 - list system level allowlist of cve
+

doc/man-docs/man1/harbor-cve-allowlist-add.1

@@ -0,0 +1,47 @@
+.nh
+.TH "HARBOR" "1"  "Habor Community" "Harbor User Mannuals"
+
+.SH NAME
+harbor-cve-allowlist-add - Add cve allowlist
+
+
+.SH SYNOPSIS
+\fBharbor cve-allowlist add [flags]\fP
+
+
+.SH DESCRIPTION
+Create allowlists of CVEs to ignore during vulnerability scanning
+
+
+.SH OPTIONS
+\fB-n\fP, \fB--cveid\fP=""
+	Comma-separated list of CVE IDs to be added to the allowlist
+
+.PP
+\fB-d\fP, \fB--expiredate\fP=""
+	Specifies the expiration date for the CVE entries in the format 'YYYY-MM-DD'
+
+.PP
+\fB-h\fP, \fB--help\fP[=false]
+	help for add
+
+.PP
+\fB-i\fP, \fB--isexpire\fP[=false]
+	Indicates whether the CVE entries should have an expiration date. Set to true to specify an expiration date
+
+
+.SH OPTIONS INHERITED FROM PARENT COMMANDS
+\fB-c\fP, \fB--config\fP=""
+	config file (default is $HOME/.config/harbor-cli/config.yaml)
+
+.PP
+\fB-o\fP, \fB--output-format\fP=""
+	Output format. One of: json|yaml
+
+.PP
+\fB-v\fP, \fB--verbose\fP[=false]
+	verbose output
+
+
+.SH SEE ALSO
+\fBharbor-cve-allowlist(1)\fP

doc/man-docs/man1/harbor-cve-allowlist-list.1

@@ -0,0 +1,35 @@
+.nh
+.TH "HARBOR" "1"  "Habor Community" "Harbor User Mannuals"
+
+.SH NAME
+harbor-cve-allowlist-list - list system level allowlist of cve
+
+
+.SH SYNOPSIS
+\fBharbor cve-allowlist list [flags]\fP
+
+
+.SH DESCRIPTION
+list system level allowlist of cve
+
+
+.SH OPTIONS
+\fB-h\fP, \fB--help\fP[=false]
+	help for list
+
+
+.SH OPTIONS INHERITED FROM PARENT COMMANDS
+\fB-c\fP, \fB--config\fP=""
+	config file (default is $HOME/.config/harbor-cli/config.yaml)
+
+.PP
+\fB-o\fP, \fB--output-format\fP=""
+	Output format. One of: json|yaml
+
+.PP
+\fB-v\fP, \fB--verbose\fP[=false]
+	verbose output
+
+
+.SH SEE ALSO
+\fBharbor-cve-allowlist(1)\fP