Skip to content

G
gitlab-ce
Commit 144ab22b authored by Olivier Gonzalez's avatar Olivier Gonzalez Committed by Kamil Trzciński
Browse files
Options

Skip whitelisted vulnerabilities in Container Scanning 

Update fixture to provide meaningful data.
parent 9d95687e
Hide whitespace changes
Inline Side-by-side
Showing with 28 additions and 6 deletions
ee/changelogs/unreleased/9251-skip_whitelisted_vulnerabilities.yml 0 → 100644
View file @ 144ab22b
---
title: Skip whitelisted vulnerabilities in Container Scanning reports
merge_request: 9528
author:
type: fixed
ee/lib/gitlab/ci/parsers/security/container_scanning.rb
View file @ 144ab22b
...@@ -26,9 +26,13 @@ module Gitlab ...@@ -26,9 +26,13 @@ module Gitlab
# Transforms the Clair JSON report into the expected format # Transforms the Clair JSON report into the expected format
def format_report(data) def format_report(data)
vulnerabilities = data['vulnerabilities'] vulnerabilities = data['vulnerabilities']
unapproved = data['unapproved']
results = [] results = []
vulnerabilities.each do |vulnerability| vulnerabilities.each do |vulnerability|
# We only report unapproved vulnerabilities
next unless unapproved.include?(vulnerability['vulnerability'])
results.append(format_vulnerability(vulnerability)) results.append(format_vulnerability(vulnerability))
end end
......
ee/spec/lib/gitlab/ci/parsers/security/container_scanning_spec.rb
View file @ 144ab22b
...@@ -25,7 +25,7 @@ describe Gitlab::Ci::Parsers::Security::ContainerScanning do ...@@ -25,7 +25,7 @@ describe Gitlab::Ci::Parsers::Security::ContainerScanning do
end end
end end
it "parses all identifiers and occurrences" do it "parses all identifiers and occurrences for unapproved vulnerabilities" do
expect(report.occurrences.length).to eq(8) expect(report.occurrences.length).to eq(8)
expect(report.identifiers.length).to eq(8) expect(report.identifiers.length).to eq(8)
expect(report.scanners.length).to eq(1) expect(report.scanners.length).to eq(1)
......
spec/fixtures/security-reports/master/gl-container-scanning-report.json
View file @ 144ab22b
{ {
"image": "registry.gitlab.com/groulot/container-scanning-test/master:5f21de6956aee99ddb68ae49498662d9872f50ff", "image": "registry.gitlab.com/groulot/container-scanning-test/master:5f21de6956aee99ddb68ae49498662d9872f50ff",
"unapproved": [ "unapproved": [
"CVE-2017-18018", "CVE-2017-18269",
"CVE-2016-2781", "CVE-2017-16997",
"CVE-2017-12424", "CVE-2018-1000001",
"CVE-2007-5686", "CVE-2016-10228",
"CVE-2013-4235" "CVE-2018-18520",
"CVE-2010-4052",
"CVE-2018-16869",
"CVE-2018-18311"
], ],
"vulnerabilities": [ "vulnerabilities": [
{ {
...@@ -87,6 +90,16 @@ ...@@ -87,6 +90,16 @@
"link": "https://security-tracker.debian.org/tracker/CVE-2018-18311", "link": "https://security-tracker.debian.org/tracker/CVE-2018-18311",
"severity": "Unknown", "severity": "Unknown",
"fixedby": "5.24.1-3+deb9u5" "fixedby": "5.24.1-3+deb9u5"
},
{
"featurename": "foo",
"featureversion": "1.3",
"vulnerability": "CVE-2018-666",
"namespace": "debian:9",
"description": "Foo has a vulnerability nobody cares about and whitelist.",
"link": "https://security-tracker.debian.org/tracker/CVE-2018-666",
"severity": "Unknown",
"fixedby": "1.4"
} }
] ]
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7