From dd2e16db6e952fd5135dadb99ce8ec4b6ea65361 Mon Sep 17 00:00:00 2001
From: Hank Donnay <hdonnay@redhat.com>
Date: Fri, 20 Nov 2020 13:18:03 -0600
Subject: [PATCH] notifier: optionally disable per-manifest summary

Signed-off-by: Hank Donnay <hdonnay@redhat.com>
---
 notifier/postgres/e2e_test.go |  5 +++--
 notifier/processor.go         | 38 +++++++++++++++++++++++------------
 notifier/vulnsummary.go       |  2 +-
 3 files changed, 29 insertions(+), 16 deletions(-)

diff --git a/notifier/postgres/e2e_test.go b/notifier/postgres/e2e_test.go
index 6446dec893..7bcf5ac8d3 100644
--- a/notifier/postgres/e2e_test.go
+++ b/notifier/postgres/e2e_test.go
@@ -8,10 +8,11 @@ import (
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/google/uuid"
 	"github.com/jmoiron/sqlx"
-	"github.com/quay/clair/v4/notifier"
 	"github.com/quay/claircore"
 	cctest "github.com/quay/claircore/test"
 	"github.com/quay/claircore/test/integration"
+
+	"github.com/quay/clair/v4/notifier"
 )
 
 const (
@@ -27,7 +28,7 @@ func TestE2E(t *testing.T) {
 	notificationID := uuid.New()
 	// this function puts a single noification undertest
 	vuln, vsummary := cctest.GenUniqueVulnerabilities(1, updater)[0], notifier.VulnSummary{}
-	vsummary.FromVulnerability(*vuln)
+	vsummary.FromVulnerability(vuln)
 	notifications := []notifier.Notification{
 		{
 			Manifest:      digest,
diff --git a/notifier/processor.go b/notifier/processor.go
index 311fa72a06..c3055c0683 100644
--- a/notifier/processor.go
+++ b/notifier/processor.go
@@ -6,13 +6,14 @@ import (
 	"fmt"
 
 	"github.com/google/uuid"
-	clairerror "github.com/quay/clair/v4/clair-error"
-	"github.com/quay/clair/v4/indexer"
-	"github.com/quay/clair/v4/matcher"
 	"github.com/quay/claircore"
 	"github.com/quay/claircore/libvuln/driver"
 	"github.com/quay/claircore/pkg/distlock"
 	"github.com/rs/zerolog"
+
+	clairerror "github.com/quay/clair/v4/clair-error"
+	"github.com/quay/clair/v4/indexer"
+	"github.com/quay/clair/v4/matcher"
 )
 
 // Processor listen for new UOIDs, creates notifications, and persists
@@ -21,6 +22,12 @@ import (
 // Processor(s) create atomic boundaries, no two Processor(s) will be creating
 // notifications for the same UOID at once.
 type Processor struct {
+	// NoSummary controls whether per-manifest vulnerability summarization
+	// should happen.
+	NoSummary bool
+	// NoSummary is a little awkward to use, but reversing the boolean this way
+	// makes the defaults line up better.
+
 	// distributed lock used for mutual exclusion
 	distLock distlock.Locker
 	// a handle to an indexer service
@@ -146,21 +153,26 @@ func (p *Processor) create(ctx context.Context, e Event, prev uuid.UUID) error {
 	notifications := []Notification{}
 	create := func(r Reason, affected claircore.AffectedManifests) error {
 		for manifest, vulns := range affected.VulnerableManifests {
-			// summarize most severe vuln affecting manifest
-			// the vulns array will be sorted by most severe
-			vuln := affected.Vulnerabilities[vulns[0]]
-
 			digest, err := claircore.ParseDigest(manifest)
 			if err != nil {
 				return err
 			}
-			n := Notification{
-				Manifest: digest,
-				Reason:   r,
-			}
-			n.Vulnerability.FromVulnerability(*vuln)
+			// The vulns slice is sorted most severe to lease severe.
+			for i := range vulns {
+				vuln := affected.Vulnerabilities[vulns[i]]
+
+				n := Notification{
+					Manifest: digest,
+					Reason:   r,
+				}
+				n.Vulnerability.FromVulnerability(vuln)
 
-			notifications = append(notifications, n)
+				notifications = append(notifications, n)
+
+				if !p.NoSummary {
+					break
+				}
+			}
 		}
 		return nil
 	}
diff --git a/notifier/vulnsummary.go b/notifier/vulnsummary.go
index 6f85bb9ca2..df0db29da9 100644
--- a/notifier/vulnsummary.go
+++ b/notifier/vulnsummary.go
@@ -15,7 +15,7 @@ type VulnSummary struct {
 	Links          string                  `json:"links"`
 }
 
-func (vs *VulnSummary) FromVulnerability(v claircore.Vulnerability) {
+func (vs *VulnSummary) FromVulnerability(v *claircore.Vulnerability) {
 	*vs = VulnSummary{
 		Name:           v.Name,
 		Description:    v.Description,