feat(server): Apply filters for IgnoreCves and PkgsRegexps on server mode

server/server.go

@@ -23,6 +23,8 @@ import (
 // VulsHandler is used for vuls server mode
 type VulsHandler struct {
 	ToLocalFile bool
+	IgnoreUnfixed bool
+	IgnoreUnscoredCves bool
 }
 
 // ServeHTTP is http handler
@@ -95,6 +97,32 @@ func (h VulsHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 
 	detector.FillCweDict(&r)
 
+	// IgnoreCves
+	ignoreCves := []string{}
+	if r.Container.Name == "" {
+		ignoreCves = config.Conf.Servers[r.ServerName].IgnoreCves
+	} else if con, ok := config.Conf.Servers[r.ServerName].Containers[r.Container.Name]; ok {
+		ignoreCves = con.IgnoreCves
+	}
+	r.ScannedCves = r.ScannedCves.FilterIgnoreCves(ignoreCves)
+
+	// ignorePkgs
+	ignorePkgsRegexps := []string{}
+	if r.Container.Name == "" {
+		ignorePkgsRegexps = config.Conf.Servers[r.ServerName].IgnorePkgsRegexp
+	} else if s, ok := config.Conf.Servers[r.ServerName].Containers[r.Container.Name]; ok {
+		ignorePkgsRegexps = s.IgnorePkgsRegexp
+	}
+	r.ScannedCves = r.ScannedCves.FilterIgnorePkgs(ignorePkgsRegexps)
+
+	// IgnoreUnfixed
+	r.ScannedCves = r.ScannedCves.FilterUnfixed(h.IgnoreUnfixed)
+
+	// IgnoreUnscoredCves
+	if h.IgnoreUnscoredCves {
+		r.ScannedCves = r.ScannedCves.FindScoredVulns()
+	}
+
 	// set ReportedAt to current time when it's set to the epoch, ensures that ReportedAt will be set
 	// properly for scans sent to vuls when running in server mode
 	if r.ReportedAt.IsZero() {

subcmds/server.go

@@ -18,9 +18,11 @@ import (
 
 // ServerCmd is subcommand for server
 type ServerCmd struct {
-	configPath  string
-	listen      string
-	toLocalFile bool
+	configPath         string
+	listen             string
+	toLocalFile        bool
+	ignoreUnfixed      bool
+	ignoreUnscoredCves bool
 }
 
 // Name return subcommand name
@@ -70,12 +72,12 @@ func (p *ServerCmd) SetFlags(f *flag.FlagSet) {
 	f.Float64Var(&config.Conf.CvssScoreOver, "cvss-over", 0,
 		"-cvss-over=6.5 means Servering CVSS Score 6.5 and over (default: 0 (means Server all))")
 
-	f.BoolVar(&config.Conf.IgnoreUnscoredCves, "ignore-unscored-cves", false,
-		"Don't Server the unscored CVEs")
-
-	f.BoolVar(&config.Conf.IgnoreUnfixed, "ignore-unfixed", false,
+	f.BoolVar(&p.ignoreUnfixed, "ignore-unfixed", false,
 		"Don't show the unfixed CVEs")
 
+	f.BoolVar(&p.ignoreUnscoredCves, "ignore-unscored-cves", false,
+		"Don't show the unscored CVEs")
+
 	f.StringVar(&config.Conf.HTTPProxy, "http-proxy", "",
 		"http://proxy-url:port (default: empty)")
 
@@ -99,7 +101,9 @@ func (p *ServerCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 	}
 
 	http.Handle("/vuls", server.VulsHandler{
-		ToLocalFile: p.toLocalFile,
+		ToLocalFile:        p.toLocalFile,
+		IgnoreUnfixed:      p.ignoreUnfixed,
+		IgnoreUnscoredCves: p.ignoreUnscoredCves,
 	})
 	http.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) {
 		fmt.Fprintf(w, "ok")