Updated the function signatures in various services to use useragent as pointer

Signed-off-by: rafi <refaei.shikho@hotmail.com>

Author: refoo0

controllers/dependency_vuln_controller.go

@@ -405,7 +405,8 @@ func (controller DependencyVulnController) CreateEvent(ctx shared.Context) error
 	justification := status.Justification
 	mechanicalJustification := status.MechanicalJustification
 
-	ev, err := controller.dependencyVulnService.CreateVulnEventAndApply(ctx.Request().Context(), nil, asset.ID, userID, &dependencyVuln, dtos.VulnEventType(statusType), justification, mechanicalJustification, assetVersion.Name, ctx.Request().UserAgent())
+	userAgent := ctx.Request().UserAgent()
+	ev, err := controller.dependencyVulnService.CreateVulnEventAndApply(ctx.Request().Context(), nil, asset.ID, userID, &dependencyVuln, dtos.VulnEventType(statusType), justification, mechanicalJustification, assetVersion.Name, &userAgent)
 	if err != nil {
 		return err
 	}
@@ -469,7 +470,8 @@ func (controller DependencyVulnController) BatchCreateEvent(ctx shared.Context)
 			continue
 		}
 
-		ev, err := controller.dependencyVulnService.CreateVulnEventAndApply(ctx.Request().Context(), nil, asset.ID, userID, &dependencyVuln, eventType, status.Justification, status.MechanicalJustification, assetVersion.Name, ctx.Request().UserAgent())
+		userAgent := ctx.Request().UserAgent()
+		ev, err := controller.dependencyVulnService.CreateVulnEventAndApply(ctx.Request().Context(), nil, asset.ID, userID, &dependencyVuln, eventType, status.Justification, status.MechanicalJustification, assetVersion.Name, &userAgent)
 		if err != nil {
 			slog.Error("could not create event for dependencyVuln", "err", err, "vulnID", vulnID)
 			continue

controllers/first_party_vuln_controller.go

@@ -190,7 +190,8 @@ func (c FirstPartyVulnController) CreateEvent(ctx shared.Context) error {
 
 	mechanicalJustification := status.MechanicalJustification
 
-	ev, err := c.firstPartyVulnService.UpdateFirstPartyVulnState(ctx.Request().Context(), nil, userID, &firstPartyVuln, statusType, justification, mechanicalJustification, ctx.Request().UserAgent())
+	userAgent := ctx.Request().UserAgent()
+	ev, err := c.firstPartyVulnService.UpdateFirstPartyVulnState(ctx.Request().Context(), nil, userID, &firstPartyVuln, statusType, justification, mechanicalJustification, &userAgent)
 	if err != nil {
 		return err
 	}

controllers/license_risk_controller.go

@@ -79,7 +79,8 @@ func (controller LicenseRiskController) Create(ctx shared.Context) error {
 		licenseRisk = existingLicenseRisk
 	}
 
-	ev := models.NewLicenseDecisionEvent(riskHash, dtos.VulnTypeLicenseRisk, shared.GetSession(ctx).GetUserID(), "", "", newLicenseRisk.FinalLicenseDecision, ctx.Request().UserAgent())
+	userAgent := ctx.Request().UserAgent()
+	ev := models.NewLicenseDecisionEvent(riskHash, dtos.VulnTypeLicenseRisk, shared.GetSession(ctx).GetUserID(), "", "", newLicenseRisk.FinalLicenseDecision, &userAgent)
 
 	err = controller.licenseRiskRepository.ApplyAndSave(ctx.Request().Context(), nil, &licenseRisk, &ev)
 	if err != nil {
@@ -217,7 +218,8 @@ func (controller LicenseRiskController) CreateEvent(ctx shared.Context) error {
 	justification := status.Justification
 	mechanicalJustification := status.MechanicalJustification
 
-	event, err := controller.licenseRiskService.UpdateLicenseRiskState(ctx.Request().Context(), nil, userID, &licenseRisk, statusType, justification, mechanicalJustification, ctx.Request().UserAgent())
+	userAgent := ctx.Request().UserAgent()
+	event, err := controller.licenseRiskService.UpdateLicenseRiskState(ctx.Request().Context(), nil, userID, &licenseRisk, statusType, justification, mechanicalJustification, &userAgent)
 	if err != nil {
 		return err
 	}

daemons/daemon_asset_pipeline.go

@@ -715,7 +715,7 @@ func (runner *DaemonRunner) AutoReopenTickets(input <-chan assetWithProjectAndOr
 			span.SetAttributes(attribute.Int("asset.vulns_to_reopen", len(vulnerabilities)))
 			errs := make([]error, 0)
 			for _, vuln := range vulnerabilities {
-				event := models.NewReopenedEvent(vuln.ID, dtos.VulnTypeDependencyVuln, "system", fmt.Sprintf("Automatically reopened since the vulnerability was accepted more than %d days ago", *asset.VulnAutoReopenAfterDays), false, "")
+				event := models.NewReopenedEvent(vuln.ID, dtos.VulnTypeDependencyVuln, "system", fmt.Sprintf("Automatically reopened since the vulnerability was accepted more than %d days ago", *asset.VulnAutoReopenAfterDays), false, nil)
 
 				if err := runner.dependencyVulnRepository.ApplyAndSave(stageCtx, nil, &vuln, &event); err != nil {
 					slog.Error("failed to apply and save vulnerability event", "vulnerabilityID", vuln.ID, "error", err)

database/models/vulnevent_model.go

@@ -112,86 +112,86 @@ func (event VulnEvent) TableName() string {
 	return "vuln_events"
 }
 
-func NewAcceptedEvent(vulnID uuid.UUID, vulnType dtos.VulnType, userID, justification string, createdByRule bool, userAgent string) VulnEvent {
+func NewAcceptedEvent(vulnID uuid.UUID, vulnType dtos.VulnType, userID, justification string, createdByRule bool, userAgent *string) VulnEvent {
 	ev := VulnEvent{
 		Type:             dtos.EventTypeAccepted,
 		UserID:           userID,
 		Justification:    &justification,
 		CreatedByVexRule: createdByRule,
-		UserAgent:        &userAgent,
+		UserAgent:        userAgent,
 	}
 	SetVulnIDOnEvent(&ev, vulnID, vulnType)
 	return ev
 }
 
-func NewReopenedEvent(vulnID uuid.UUID, vulnType dtos.VulnType, userID, justification string, createdByRule bool, userAgent string) VulnEvent {
+func NewReopenedEvent(vulnID uuid.UUID, vulnType dtos.VulnType, userID, justification string, createdByRule bool, userAgent *string) VulnEvent {
 	ev := VulnEvent{
 		Type:             dtos.EventTypeReopened,
 		UserID:           userID,
 		Justification:    &justification,
 		CreatedByVexRule: createdByRule,
-		UserAgent:        &userAgent,
+		UserAgent:        userAgent,
 	}
 	SetVulnIDOnEvent(&ev, vulnID, vulnType)
 	return ev
 }
 
-func NewCommentEvent(vulnID uuid.UUID, vulnType dtos.VulnType, userID, justification string, createdByRule bool, userAgent string) VulnEvent {
+func NewCommentEvent(vulnID uuid.UUID, vulnType dtos.VulnType, userID, justification string, createdByRule bool, userAgent *string) VulnEvent {
 	ev := VulnEvent{
 		Type:             dtos.EventTypeComment,
 		UserID:           userID,
 		Justification:    &justification,
 		CreatedByVexRule: createdByRule,
-		UserAgent:        &userAgent,
+		UserAgent:        userAgent,
 	}
 	SetVulnIDOnEvent(&ev, vulnID, vulnType)
 	return ev
 }
 
-func NewFalsePositiveEvent(vulnID uuid.UUID, vulnType dtos.VulnType, userID, justification string, mechanicalJustification dtos.MechanicalJustificationType, artifactName string, createdByRule bool, userAgent string) VulnEvent {
+func NewFalsePositiveEvent(vulnID uuid.UUID, vulnType dtos.VulnType, userID, justification string, mechanicalJustification dtos.MechanicalJustificationType, artifactName string, createdByRule bool, userAgent *string) VulnEvent {
 	ev := VulnEvent{
 		Type:                    dtos.EventTypeFalsePositive,
 		UserID:                  userID,
 		Justification:           &justification,
 		MechanicalJustification: mechanicalJustification,
 		CreatedByVexRule:        createdByRule,
-		UserAgent:               &userAgent,
+		UserAgent:               userAgent,
 	}
 	SetVulnIDOnEvent(&ev, vulnID, vulnType)
 	ev.SetArbitraryJSONData(map[string]any{"artifactNames": artifactName})
 	return ev
 }
 
-func NewFixedEvent(vulnID uuid.UUID, vulnType dtos.VulnType, userID string, artifactName string, createdByRule bool, userAgent string) VulnEvent {
+func NewFixedEvent(vulnID uuid.UUID, vulnType dtos.VulnType, userID string, artifactName string, createdByRule bool, userAgent *string) VulnEvent {
 	ev := VulnEvent{
 		Type:             dtos.EventTypeFixed,
 		UserID:           userID,
 		CreatedByVexRule: createdByRule,
-		UserAgent:        &userAgent,
+		UserAgent:        userAgent,
 	}
 	SetVulnIDOnEvent(&ev, vulnID, vulnType)
 	ev.SetArbitraryJSONData(map[string]any{"artifactNames": artifactName})
 	return ev
 }
 
-func NewLicenseDecisionEvent(vulnID uuid.UUID, vulnType dtos.VulnType, userID string, justification, artifactName string, finalLicenseDecision string, userAgent string) VulnEvent {
+func NewLicenseDecisionEvent(vulnID uuid.UUID, vulnType dtos.VulnType, userID string, justification, artifactName string, finalLicenseDecision string, userAgent *string) VulnEvent {
 	ev := VulnEvent{
 		Type:          dtos.EventTypeLicenseDecision,
 		UserID:        userID,
 		Justification: &justification,
-		UserAgent:     &userAgent,
+		UserAgent:     userAgent,
 	}
 	SetVulnIDOnEvent(&ev, vulnID, vulnType)
 	ev.SetArbitraryJSONData(map[string]any{"artifactNames": artifactName, "finalLicenseDecision": finalLicenseDecision})
 	return ev
 }
 
-func NewDetectedEvent(vulnID uuid.UUID, vulnType dtos.VulnType, userID string, riskCalculationReport dtos.RiskCalculationReport, scannerID string, createdByRule bool, userAgent string) VulnEvent {
+func NewDetectedEvent(vulnID uuid.UUID, vulnType dtos.VulnType, userID string, riskCalculationReport dtos.RiskCalculationReport, scannerID string, createdByRule bool, userAgent *string) VulnEvent {
 	ev := VulnEvent{
 		Type:             dtos.EventTypeDetected,
 		UserID:           userID,
 		CreatedByVexRule: createdByRule,
-		UserAgent:        &userAgent,
+		UserAgent:        userAgent,
 	}
 	SetVulnIDOnEvent(&ev, vulnID, vulnType)
 
@@ -203,12 +203,12 @@ func NewDetectedEvent(vulnID uuid.UUID, vulnType dtos.VulnType, userID string, r
 	return ev
 }
 
-func NewMitigateEvent(vulnID uuid.UUID, vulnType dtos.VulnType, userID string, justification string, arbitraryData map[string]any, userAgent string) VulnEvent {
+func NewMitigateEvent(vulnID uuid.UUID, vulnType dtos.VulnType, userID string, justification string, arbitraryData map[string]any, userAgent *string) VulnEvent {
 	ev := VulnEvent{
 		Type:          dtos.EventTypeMitigate,
 		UserID:        userID,
 		Justification: &justification,
-		UserAgent:     &userAgent,
+		UserAgent:     userAgent,
 	}
 	SetVulnIDOnEvent(&ev, vulnID, vulnType)
 	ev.SetArbitraryJSONData(arbitraryData)

integrations/commonint/integration_helper.go

@@ -139,19 +139,19 @@ func RenderMarkdownForLicenseRisk(licenseRisk models.LicenseRisk, baseURL, orgSl
 	return str.String()
 }
 
-func CreateNewVulnEventBasedOnComment(vulnID uuid.UUID, vulnType dtos.VulnType, userID, comment string, artifactName string) models.VulnEvent {
+func CreateNewVulnEventBasedOnComment(vulnID uuid.UUID, vulnType dtos.VulnType, userID, comment string, artifactName string, userAgent *string) models.VulnEvent {
 
 	event, mechanicalJustification, justification := commentTrimmedPrefix(vulnType, comment)
 
 	switch event {
 	case dtos.EventTypeAccepted:
-		return models.NewAcceptedEvent(vulnID, vulnType, userID, justification, false, "")
+		return models.NewAcceptedEvent(vulnID, vulnType, userID, justification, false, userAgent)
 	case dtos.EventTypeFalsePositive:
-		return models.NewFalsePositiveEvent(vulnID, vulnType, userID, justification, mechanicalJustification, artifactName, false, "")
+		return models.NewFalsePositiveEvent(vulnID, vulnType, userID, justification, mechanicalJustification, artifactName, false, userAgent)
 	case dtos.EventTypeReopened:
-		return models.NewReopenedEvent(vulnID, vulnType, userID, justification, false, "")
+		return models.NewReopenedEvent(vulnID, vulnType, userID, justification, false, userAgent)
 	case dtos.EventTypeComment:
-		return models.NewCommentEvent(vulnID, vulnType, userID, comment, false, "")
+		return models.NewCommentEvent(vulnID, vulnType, userID, comment, false, userAgent)
 	}
 
 	return models.VulnEvent{}

integrations/githubint/github_integration.go

@@ -224,6 +224,8 @@ func (githubIntegration *GithubIntegration) HandleWebhook(ctx shared.Context) er
 	var vuln models.Vuln
 	doUpdateArtifactRiskHistory := false
 
+	userAgent := req.UserAgent()
+
 	switch event := event.(type) {
 	case *github.IssuesEvent:
 		if event.Sender.GetType() == "Bot" {
@@ -269,7 +271,7 @@ func (githubIntegration *GithubIntegration) HandleWebhook(ctx shared.Context) er
 
 		switch action {
 		case "closed":
-			vulnEvent := models.NewAcceptedEvent(vuln.GetID(), vuln.GetType(), fmt.Sprintf("github:%d", event.Sender.GetID()), fmt.Sprintf("This Vulnerability is marked as accepted by %s, due to closing of the github ticket.", event.Sender.GetLogin()), false, "")
+			vulnEvent := models.NewAcceptedEvent(vuln.GetID(), vuln.GetType(), fmt.Sprintf("github:%d", event.Sender.GetID()), fmt.Sprintf("This Vulnerability is marked as accepted by %s, due to closing of the github ticket.", event.Sender.GetLogin()), false, &userAgent)
 
 			err := githubIntegration.aggregatedVulnRepository.ApplyAndSave(reqCtx, nil, vuln, &vulnEvent)
 			if err != nil {
@@ -278,7 +280,7 @@ func (githubIntegration *GithubIntegration) HandleWebhook(ctx shared.Context) er
 			doUpdateArtifactRiskHistory = true
 
 		case "reopened":
-			vulnEvent := models.NewReopenedEvent(vuln.GetID(), vuln.GetType(), fmt.Sprintf("github:%d", event.Sender.GetID()), fmt.Sprintf("This Vulnerability is reopened by %s", event.Sender.GetLogin()), false, "")
+			vulnEvent := models.NewReopenedEvent(vuln.GetID(), vuln.GetType(), fmt.Sprintf("github:%d", event.Sender.GetID()), fmt.Sprintf("This Vulnerability is reopened by %s", event.Sender.GetLogin()), false, &userAgent)
 
 			err := githubIntegration.aggregatedVulnRepository.ApplyAndSave(reqCtx, nil, vuln, &vulnEvent)
 			if err != nil {
@@ -287,7 +289,7 @@ func (githubIntegration *GithubIntegration) HandleWebhook(ctx shared.Context) er
 			doUpdateArtifactRiskHistory = true
 
 		case "deleted":
-			vulnEvent := models.NewFalsePositiveEvent(vuln.GetID(), vuln.GetType(), fmt.Sprintf("github:%d", event.Sender.GetID()), fmt.Sprintf("This Vulnerability is marked as a false positive by %s, due to the deletion of the github ticket.", event.Sender.GetLogin()), dtos.VulnerableCodeNotInExecutePath, vuln.GetScannerIDsOrArtifactNames(), false, "")
+			vulnEvent := models.NewFalsePositiveEvent(vuln.GetID(), vuln.GetType(), fmt.Sprintf("github:%d", event.Sender.GetID()), fmt.Sprintf("This Vulnerability is marked as a false positive by %s, due to the deletion of the github ticket.", event.Sender.GetLogin()), dtos.VulnerableCodeNotInExecutePath, vuln.GetScannerIDsOrArtifactNames(), false, &userAgent)
 
 			err := githubIntegration.aggregatedVulnRepository.ApplyAndSave(reqCtx, nil, vuln, &vulnEvent)
 			if err != nil {
@@ -370,7 +372,7 @@ func (githubIntegration *GithubIntegration) HandleWebhook(ctx shared.Context) er
 		comment := event.Comment.GetBody()
 
 		// create a new event based on the comment
-		vulnEvent := commonint.CreateNewVulnEventBasedOnComment(vuln.GetID(), vuln.GetType(), fmt.Sprintf("github:%d", event.Comment.User.GetID()), comment, vuln.GetScannerIDsOrArtifactNames())
+		vulnEvent := commonint.CreateNewVulnEventBasedOnComment(vuln.GetID(), vuln.GetType(), fmt.Sprintf("github:%d", event.Comment.User.GetID()), comment, vuln.GetScannerIDsOrArtifactNames(), &userAgent)
 
 		statemachine.Apply(vuln, vulnEvent)
 
@@ -775,7 +777,7 @@ func (githubIntegration *GithubIntegration) UpdateIssue(ctx context.Context, ass
 		//check if err is 404 - if so, we can not reopen the issue
 		if err.Error() == "404 Not Found" {
 			// we can not reopen the issue - it is deleted
-			vulnEvent := models.NewFalsePositiveEvent(vuln.GetID(), vuln.GetType(), "system", "This Vulnerability is marked as a false positive due to deletion", dtos.VulnerableCodeNotInExecutePath, vuln.GetScannerIDsOrArtifactNames(), false, "")
+			vulnEvent := models.NewFalsePositiveEvent(vuln.GetID(), vuln.GetType(), "system", "This Vulnerability is marked as a false positive due to deletion", dtos.VulnerableCodeNotInExecutePath, vuln.GetScannerIDsOrArtifactNames(), false, nil)
 			// save the event
 			err = githubIntegration.aggregatedVulnRepository.ApplyAndSave(ctx, nil, vuln, &vulnEvent)
 			if err != nil {
@@ -893,7 +895,7 @@ func (githubIntegration *GithubIntegration) CreateIssue(ctx context.Context, ass
 	vulnEvent := models.NewMitigateEvent(vuln.GetID(), vuln.GetType(), userID, justification, map[string]any{
 		"ticketId":  vuln.GetTicketID(),
 		"ticketUrl": vuln.GetTicketURL(),
-	}, "")
+	}, nil)
 	// save the dependencyVuln and the event in a transaction
 	err = githubIntegration.aggregatedVulnRepository.ApplyAndSave(ctx, nil, vuln, &vulnEvent)
 	// if an error did happen, delete the issue from github

integrations/gitlabint/gitlab_integration.go

@@ -1270,7 +1270,7 @@ func (g *GitlabIntegration) UpdateIssue(ctx context.Context, asset models.Asset,
 		if err.Error() == "404 Not Found" {
 
 			// we can not reopen the issue - it is deleted
-			vulnEvent := models.NewFalsePositiveEvent(vuln.GetID(), vuln.GetType(), "user", "This Vulnerability is marked as a false positive due to deletion", dtos.VulnerableCodeNotInExecutePath, vuln.GetScannerIDsOrArtifactNames(), false, "")
+			vulnEvent := models.NewFalsePositiveEvent(vuln.GetID(), vuln.GetType(), "user", "This Vulnerability is marked as a false positive due to deletion", dtos.VulnerableCodeNotInExecutePath, vuln.GetScannerIDsOrArtifactNames(), false, nil)
 			// save the event
 			err := g.aggregatedVulnRepository.ApplyAndSave(ctx, nil, vuln, &vulnEvent)
 			if err != nil {
@@ -1427,7 +1427,7 @@ func (g *GitlabIntegration) CreateIssue(ctx context.Context, asset models.Asset,
 		map[string]any{
 			"ticketId":  vuln.GetTicketID(),
 			"ticketUrl": createdIssue.WebURL,
-		}, "")
+		}, nil)
 
 	return g.aggregatedVulnRepository.ApplyAndSave(ctx, nil, vuln, &vulnEvent)
 }

integrations/gitlabint/gitlab_webhook.go

@@ -47,6 +47,7 @@ func (g *GitlabIntegration) HandleWebhook(ctx shared.Context) error {
 
 	gitlabSecretToken := ctx.Request().Header.Get("X-Gitlab-Token")
 
+	userAgent := ctx.Request().UserAgent()
 	var vulnEvent models.VulnEvent
 	var client shared.GitlabClientFacade
 	var vuln models.Vuln
@@ -115,7 +116,7 @@ func (g *GitlabIntegration) HandleWebhook(ctx shared.Context) error {
 				return nil
 			}
 
-			vulnEvent = models.NewAcceptedEvent(vuln.GetID(), vuln.GetType(), fmt.Sprintf("gitlab:%d", event.User.ID), fmt.Sprintf("This Vulnerability is marked as accepted by %s, due to closing of the gitlab ticket.", event.User.Name), false, "")
+			vulnEvent = models.NewAcceptedEvent(vuln.GetID(), vuln.GetType(), fmt.Sprintf("gitlab:%d", event.User.ID), fmt.Sprintf("This Vulnerability is marked as accepted by %s, due to closing of the gitlab ticket.", event.User.Name), false, &userAgent)
 
 			err = g.aggregatedVulnRepository.ApplyAndSave(reqCtx, nil, vuln, &vulnEvent)
 			if err != nil {
@@ -128,7 +129,7 @@ func (g *GitlabIntegration) HandleWebhook(ctx shared.Context) error {
 				return nil
 			}
 
-			vulnEvent = models.NewReopenedEvent(vuln.GetID(), vuln.GetType(), fmt.Sprintf("gitlab:%d", event.User.ID), fmt.Sprintf("This Vulnerability is marked as accepted by %s, due to closing of the gitlab ticket.", event.User.Name), false, "")
+			vulnEvent = models.NewReopenedEvent(vuln.GetID(), vuln.GetType(), fmt.Sprintf("gitlab:%d", event.User.ID), fmt.Sprintf("This Vulnerability is marked as accepted by %s, due to closing of the gitlab ticket.", event.User.Name), false, &userAgent)
 
 			err := g.aggregatedVulnRepository.ApplyAndSave(reqCtx, nil, vuln, &vulnEvent)
 			if err != nil {
@@ -228,7 +229,7 @@ func (g *GitlabIntegration) HandleWebhook(ctx shared.Context) error {
 		})
 
 		// create a new event based on the comment
-		vulnEvent = commonint.CreateNewVulnEventBasedOnComment(vuln.GetID(), vuln.GetType(), fmt.Sprintf("gitlab:%d", event.User.ID), comment, vuln.GetScannerIDsOrArtifactNames())
+		vulnEvent = commonint.CreateNewVulnEventBasedOnComment(vuln.GetID(), vuln.GetType(), fmt.Sprintf("gitlab:%d", event.User.ID), comment, vuln.GetScannerIDsOrArtifactNames(), &userAgent)
 
 		statemachine.Apply(vuln, vulnEvent)