Commit 16d9aa7a authored by Kamil Trzciński's avatar Kamil Trzciński

Merge branch '9090-follow_up_on_store_container_scanning_results_in_db' into 'master'

Fix container scanning parser

Closes #9090

See merge request gitlab-org/gitlab-ee!9078
parents 7b4a2919 eed2bcf0
...@@ -58,6 +58,15 @@ module Gitlab ...@@ -58,6 +58,15 @@ module Gitlab
'severity' => translate_severity(vulnerability['severity']), 'severity' => translate_severity(vulnerability['severity']),
'solution' => solution(vulnerability), 'solution' => solution(vulnerability),
'confidence' => 'Medium', 'confidence' => 'Medium',
'location' => {
'operating_system' => vulnerability["namespace"],
'dependency' => {
'package' => {
'name' => vulnerability["featurename"]
},
'version' => vulnerability["featureversion"]
}
},
'scanner' => { 'id' => 'clair', 'name' => 'Clair' }, 'scanner' => { 'id' => 'clair', 'name' => 'Clair' },
'identifiers' => [ 'identifiers' => [
{ {
...@@ -99,14 +108,8 @@ module Gitlab ...@@ -99,14 +108,8 @@ module Gitlab
"#{vulnerability['featurename']} - #{vulnerability['vulnerability']}" "#{vulnerability['featurename']} - #{vulnerability['vulnerability']}"
end end
def metadata_version(vulnerability)
'1.3'
end
def generate_location_fingerprint(location) def generate_location_fingerprint(location)
# Location is irrelevant for Clair vulnerabilities. Digest::SHA1.hexdigest("#{location['operating_system']}:#{location.dig('dependency', 'package', 'name')}")
# SHA1 value for 'clair'
'cb750fa5a7a31c527d5c15388a432c4ba3338457'
end end
end end
end end
......
...@@ -32,7 +32,9 @@ describe Gitlab::Ci::Parsers::Security::ContainerScanning do ...@@ -32,7 +32,9 @@ describe Gitlab::Ci::Parsers::Security::ContainerScanning do
end end
it "generates expected location fingerprint" do it "generates expected location fingerprint" do
expect(report.occurrences.first[:location_fingerprint]).to eq('cb750fa5a7a31c527d5c15388a432c4ba3338457') expected = Digest::SHA1.hexdigest('debian:9:glibc')
expect(report.occurrences.first[:location_fingerprint]).to eq(expected)
end end
it "generates expected metadata_version" do it "generates expected metadata_version" do
...@@ -55,6 +57,15 @@ describe Gitlab::Ci::Parsers::Security::ContainerScanning do ...@@ -55,6 +57,15 @@ describe Gitlab::Ci::Parsers::Security::ContainerScanning do
'url' => 'https://security-tracker.debian.org/tracker/CVE-2017-18269' 'url' => 'https://security-tracker.debian.org/tracker/CVE-2017-18269'
} }
], ],
'location' => {
'operating_system' => 'debian:9',
'dependency' => {
'package' => {
'name' => 'glibc'
},
'version' => '2.24-11+deb9u3'
}
},
'links' => [{ 'url' => 'https://security-tracker.debian.org/tracker/CVE-2017-18269' }], 'links' => [{ 'url' => 'https://security-tracker.debian.org/tracker/CVE-2017-18269' }],
'description' => 'SSE2-optimized memmove implementation problem.', 'description' => 'SSE2-optimized memmove implementation problem.',
'priority' => 'Unknown', 'priority' => 'Unknown',
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment