update interceptor error code (#2836)

* update interceptor error code

* update

* update error string

* update interceptor error code

update

update error string

src/common/models/scan_job.go

@@ -46,6 +46,18 @@ const (
 	SevHigh
 )
 
+//String is the output function for sererity variable
+func (sev Severity) String() string {
+	name := []string{"negligible", "unknown", "low", "medium", "high"}
+	i := int64(sev)
+	switch {
+	case i >= 1 && i <= int64(SevHigh):
+		return name[i-1]
+	default:
+		return "unknown"
+	}
+}
+
 //TableName is required by by beego orm to map ScanJob to table img_scan_job
 func (s *ScanJob) TableName() string {
 	return ScanJobTable

src/ui/proxy/interceptors.go

@@ -207,9 +207,10 @@ func (vh vulnerableHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request)
 		return
 	}
 	imageSev := overview.Sev
-	if imageSev > int(projectVulnerableSeverity) {
-		log.Debugf("the image severity is higher then project setting, failing the response.")
-		http.Error(rw, marshalError("The image scan result doesn't pass the project setting.", http.StatusPreconditionFailed), http.StatusPreconditionFailed)
+	if imageSev >= int(projectVulnerableSeverity) {
+		log.Debugf("the image severity: %q is higher then project setting: %q, failing the response.", models.Severity(imageSev), projectVulnerableSeverity)
+		http.Error(rw, marshalError(fmt.Sprintf("The severity of vulnerability of the image: %q is equal or higher than the threshold in project setting: %q.", models.Severity(imageSev), projectVulnerableSeverity),
+			http.StatusPreconditionFailed), http.StatusPreconditionFailed)
 		return
 	}
 	vh.next.ServeHTTP(rw, req)
@@ -236,7 +237,7 @@ func matchNotaryDigest(img imageInfo) (bool, error) {
 	}
 	for _, t := range targets {
 		if t.Tag == img.tag {
-			log.Debugf("found tag: %s in notary, try to match digest.")
+			log.Debugf("found tag: %s in notary, try to match digest.", img.tag)
 			d, err := notary.DigestFromTarget(t)
 			if err != nil {
 				return false, err