Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: handling when image contains no trivy-target (#1405)

Browse Source 
* fix: handling when image contains no trivy-target

* refactor: use scanResult.Optional

* fix: add suppoted list to error message
This commit is contained in:
Satoru Nihei
2022-03-02 06:13:26 +09:00
committed by GitHub
parent 2fbc0a001e
commit 2f05864813
2 changed files with 89 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
contrib/trivy/parser/v2/parser.go
View File

@@ -5,6 +5,7 @@ import (
"time"
"github.com/aquasecurity/trivy/pkg/report"
"golang.org/x/xerrors"
"github.com/future-architect/vuls/constant"
"github.com/future-architect/vuls/contrib/trivy/pkg"
@@ -27,13 +28,15 @@ func (p ParserV2) Parse(vulnJSON []byte) (result *models.ScanResult, err error)
return nil, err
}
setScanResultMeta(scanResult, &report)
if err := setScanResultMeta(scanResult, &report); err != nil {
return nil, err
}
return scanResult, nil
}
func setScanResultMeta(scanResult *models.ScanResult, report *report.Report) {
func setScanResultMeta(scanResult *models.ScanResult, report *report.Report) error {
const trivyTarget = "trivy-target"
for _, r := range report.Results {
const trivyTarget = "trivy-target"
if pkg.IsTrivySupportedOS(r.Type) {
scanResult.Family = r.Type
scanResult.ServerName = r.Target
@@ -57,4 +60,9 @@ func setScanResultMeta(scanResult *models.ScanResult, report *report.Report) {
scanResult.ScannedBy = "trivy"
scanResult.ScannedVia = "trivy"
}
if _, ok := scanResult.Optional[trivyTarget]; !ok {
return xerrors.Errorf("scanned images or libraries are not supported by Trivy. see https://aquasecurity.github.io/trivy/dev/vulnerability/detection/os/, https://aquasecurity.github.io/trivy/dev/vulnerability/detection/language/")
}
return nil
}

78
contrib/trivy/parser/v2/parser_test.go
View File

@@ -4,6 +4,7 @@ import (
"testing"
"github.com/d4l3k/messagediff"
"golang.org/x/xerrors"
"github.com/future-architect/vuls/models"
)
@@ -723,3 +724,80 @@ var osAndLibSR = &models.ScanResult{
"trivy-target": "quay.io/fluentd_elasticsearch/fluentd:v2.9.0 (debian 10.2)",
},
}
func TestParseError(t *testing.T) {
cases := map[string]struct {
vulnJSON []byte
expected error
}{
"image hello-world": {
vulnJSON: helloWorldTrivy,
expected: xerrors.Errorf("scanned images or libraries are not supported by Trivy. see https://aquasecurity.github.io/trivy/dev/vulnerability/detection/os/, https://aquasecurity.github.io/trivy/dev/vulnerability/detection/language/"),
},
}
for testcase, v := range cases {
_, err := ParserV2{}.Parse(v.vulnJSON)
diff, equal := messagediff.PrettyDiff(
v.expected,
err,
messagediff.IgnoreStructField("frame"),
)
if !equal {
t.Errorf("test: %s, diff %s", testcase, diff)
}
}
}
var helloWorldTrivy = []byte(`
{
"SchemaVersion": 2,
"ArtifactName": "hello-world:latest",
"ArtifactType": "container_image",
"Metadata": {
"ImageID": "sha256:feb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412",
"DiffIDs": [
"sha256:e07ee1baac5fae6a26f30cabfe54a36d3402f96afda318fe0a96cec4ca393359"
],
"RepoTags": [
"hello-world:latest"
],
"RepoDigests": [
"hello-world@sha256:97a379f4f88575512824f3b352bc03cd75e239179eea0fecc38e597b2209f49a"
],
"ImageConfig": {
"architecture": "amd64",
"container": "8746661ca3c2f215da94e6d3f7dfdcafaff5ec0b21c9aff6af3dc379a82fbc72",
"created": "2021-09-23T23:47:57.442225064Z",
"docker_version": "20.10.7",
"history": [
{
"created": "2021-09-23T23:47:57Z",
"created_by": "/bin/sh -c #(nop) COPY file:50563a97010fd7ce1ceebd1fa4f4891ac3decdf428333fb2683696f4358af6c2 in / "
},
{
"created": "2021-09-23T23:47:57Z",
"created_by": "/bin/sh -c #(nop) CMD [\"/hello\"]",
"empty_layer": true
}
],
"os": "linux",
"rootfs": {
"type": "layers",
"diff_ids": [
"sha256:e07ee1baac5fae6a26f30cabfe54a36d3402f96afda318fe0a96cec4ca393359"
]
},
"config": {
"Cmd": [
"/hello"
],
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Image": "sha256:b9935d4e8431fb1a7f0989304ec86b3329a99a25f5efdc7f09f3f8c41434ca6d"
}
}
}
}`)