Skip to content

G
gitlab-ce
Commit 16d9aa7a authored by Kamil Trzciński's avatar Kamil Trzciński
Browse files
Options

Merge branch '9090-follow_up_on_store_container_scanning_results_in_db' into 'master' 

Fix container scanning parser

Closes #9090

See merge request gitlab-org/gitlab-ee!9078
parents 7b4a2919 eed2bcf0
Hide whitespace changes
Inline Side-by-side
Showing with 42 additions and 28 deletions
ee/lib/gitlab/ci/parsers/security/container_scanning.rb
View file @ 16d9aa7a
......@@ -51,26 +51,35 @@ module Gitlab
def format_vulnerability(vulnerability)
{
'category' => 'container_scanning',
'message' => name(vulnerability),
'description' => vulnerability['description'],
'cve' => vulnerability['vulnerability'],
'severity' => translate_severity(vulnerability['severity']),
'solution' => solution(vulnerability),
'confidence' => 'Medium',
'scanner' => { 'id' => 'clair', 'name' => 'Clair' },
'identifiers' => [
{
'type' => 'cve',
'name' => vulnerability['vulnerability'],
'value' => vulnerability['vulnerability'],
'url' => vulnerability['link']
}
],
'links' => [{ 'url' => vulnerability['link'] }],
'priority' => 'Unknown',
'url' => vulnerability['link'],
'tool' => 'clair'
'category' => 'container_scanning',
'message' => name(vulnerability),
'description' => vulnerability['description'],
'cve' => vulnerability['vulnerability'],
'severity' => translate_severity(vulnerability['severity']),
'solution' => solution(vulnerability),
'confidence' => 'Medium',
'location' => {
'operating_system' => vulnerability["namespace"],
'dependency' => {
'package' => {
'name' => vulnerability["featurename"]
},
'version' => vulnerability["featureversion"]
}
},
'scanner' => { 'id' => 'clair', 'name' => 'Clair' },
'identifiers' => [
{
'type' => 'cve',
'name' => vulnerability['vulnerability'],
'value' => vulnerability['vulnerability'],
'url' => vulnerability['link']
}
],
'links' => [{ 'url' => vulnerability['link'] }],
'priority' => 'Unknown',
'url' => vulnerability['link'],
'tool' => 'clair'
}
end
......@@ -99,14 +108,8 @@ module Gitlab
"#{vulnerability['featurename']} - #{vulnerability['vulnerability']}"
end
def metadata_version(vulnerability)
'1.3'
end
def generate_location_fingerprint(location)
# Location is irrelevant for Clair vulnerabilities.
# SHA1 value for 'clair'
'cb750fa5a7a31c527d5c15388a432c4ba3338457'
Digest::SHA1.hexdigest("#{location['operating_system']}:#{location.dig('dependency', 'package', 'name')}")
end
end
end
......
ee/spec/lib/gitlab/ci/parsers/security/container_scanning_spec.rb
View file @ 16d9aa7a
......@@ -32,7 +32,9 @@ describe Gitlab::Ci::Parsers::Security::ContainerScanning do
end
it "generates expected location fingerprint" do
expect(report.occurrences.first[:location_fingerprint]).to eq('cb750fa5a7a31c527d5c15388a432c4ba3338457')
expected = Digest::SHA1.hexdigest('debian:9:glibc')
expect(report.occurrences.first[:location_fingerprint]).to eq(expected)
end
it "generates expected metadata_version" do
......@@ -55,6 +57,15 @@ describe Gitlab::Ci::Parsers::Security::ContainerScanning do
'url' => 'https://security-tracker.debian.org/tracker/CVE-2017-18269'
}
],
'location' => {
'operating_system' => 'debian:9',
'dependency' => {
'package' => {
'name' => 'glibc'
},
'version' => '2.24-11+deb9u3'
}
},
'links' => [{ 'url' => 'https://security-tracker.debian.org/tracker/CVE-2017-18269' }],
'description' => 'SSE2-optimized memmove implementation problem.',
'priority' => 'Unknown',
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7