mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-18 14:47:38 +01:00
fix(vulnerable): fix the wrong count of vulnerabilities in message
Signed-off-by: He Weiwei <hweiwei@vmware.com>
This commit is contained in:
parent
6ad855f0ee
commit
20115b92c7
@ -143,8 +143,13 @@ func Middleware() func(http.Handler) http.Handler {
|
||||
|
||||
// Do judgement
|
||||
if summary.Severity.Code() >= projectSeverity.Code() {
|
||||
msg := fmt.Sprintf(`current image with %d vulnerabilities cannot be pulled due to configured policy in 'Prevent images with vulnerability severity of "%s" or higher from running.' `+
|
||||
`To continue with pull, please contact your project administrator to exempt matched vulnerabilities through configuring the CVE whitelist.`, summary.TotalCount, projectSeverity)
|
||||
thing := "vulnerability"
|
||||
if summary.Summary.Total > 1 {
|
||||
thing = "vulnerabilities"
|
||||
}
|
||||
msg := fmt.Sprintf(`current image with %d %s cannot be pulled due to configured policy in 'Prevent images with vulnerability severity of "%s" or higher from running.' `+
|
||||
`To continue with pull, please contact your project administrator to exempt matched vulnerabilities through configuring the CVE whitelist.`,
|
||||
summary.Summary.Total, thing, projectSeverity)
|
||||
return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage(msg)
|
||||
}
|
||||
|
||||
|
@ -339,19 +339,44 @@ func (suite *MiddlewareTestSuite) TestPrevented() {
|
||||
mock.OnAnything(suite.artifactController, "GetByReference").Return(suite.artifact, nil)
|
||||
mock.OnAnything(suite.projectController, "Get").Return(suite.project, nil)
|
||||
mock.OnAnything(suite.checker, "IsScannable").Return(true, nil)
|
||||
mock.OnAnything(suite.scanController, "GetSummary").Return(map[string]interface{}{
|
||||
v1.MimeTypeNativeReport: &vuln.NativeReportSummary{
|
||||
ScanStatus: "Success",
|
||||
Severity: vuln.Critical,
|
||||
Summary: &vuln.VulnerabilitySummary{Total: 1},
|
||||
},
|
||||
}, nil)
|
||||
|
||||
req := suite.makeRequest()
|
||||
rr := httptest.NewRecorder()
|
||||
{
|
||||
// only one vulnerability
|
||||
mock.OnAnything(suite.scanController, "GetSummary").Return(map[string]interface{}{
|
||||
v1.MimeTypeNativeReport: &vuln.NativeReportSummary{
|
||||
ScanStatus: "Success",
|
||||
Severity: vuln.Critical,
|
||||
Summary: &vuln.VulnerabilitySummary{Total: 1},
|
||||
},
|
||||
}, nil).Once()
|
||||
|
||||
Middleware()(suite.next).ServeHTTP(rr, req)
|
||||
suite.Equal(rr.Code, http.StatusPreconditionFailed)
|
||||
req := suite.makeRequest()
|
||||
rr := httptest.NewRecorder()
|
||||
|
||||
Middleware()(suite.next).ServeHTTP(rr, req)
|
||||
suite.Equal(rr.Code, http.StatusPreconditionFailed)
|
||||
|
||||
suite.Contains(rr.Body.String(), "current image with 1 vulnerability cannot be pulled")
|
||||
}
|
||||
|
||||
{
|
||||
// multiple vulnerabilities
|
||||
mock.OnAnything(suite.scanController, "GetSummary").Return(map[string]interface{}{
|
||||
v1.MimeTypeNativeReport: &vuln.NativeReportSummary{
|
||||
ScanStatus: "Success",
|
||||
Severity: vuln.Critical,
|
||||
Summary: &vuln.VulnerabilitySummary{Total: 2},
|
||||
},
|
||||
}, nil).Once()
|
||||
|
||||
req := suite.makeRequest()
|
||||
rr := httptest.NewRecorder()
|
||||
|
||||
Middleware()(suite.next).ServeHTTP(rr, req)
|
||||
suite.Equal(rr.Code, http.StatusPreconditionFailed)
|
||||
|
||||
suite.Contains(rr.Body.String(), "current image with 2 vulnerabilities cannot be pulled")
|
||||
}
|
||||
}
|
||||
|
||||
func (suite *MiddlewareTestSuite) TestArtifactIsImageIndex() {
|
||||
|
Loading…
Reference in New Issue
Block a user