mirror of
https://github.com/goharbor/harbor.git
synced 2024-09-27 13:02:59 +02:00
Refine total artifact and scanned artifact (#19228)
Artifact include all accessory, child artifact fixes #19215 Signed-off-by: stonezdj <daojunz@vmware.com>
This commit is contained in:
parent
444404f7f4
commit
298ecbbe7d
@ -48,38 +48,16 @@ where a.digest = s.digest
|
|||||||
order by s.critical_cnt desc, s.high_cnt desc, s.medium_cnt desc, s.low_cnt desc
|
order by s.critical_cnt desc, s.high_cnt desc, s.medium_cnt desc, s.low_cnt desc
|
||||||
limit 5`
|
limit 5`
|
||||||
|
|
||||||
// sql to query the total artifact count,
|
// sql to query the total artifact count, include all artifacts in the artifact table
|
||||||
// 1. exclude the artifact accessory,
|
totalArtifactCountSQL = `SELECT COUNT(1) FROM artifact`
|
||||||
// 2. exclude child artifact without tag
|
|
||||||
// 3. include top level artifact in image index
|
|
||||||
// The totalArtifactCountSQL and scannedArtifactCountSQL should use the same criteria to filter the artifact
|
|
||||||
totalArtifactCountSQL = `SELECT COUNT(1)
|
|
||||||
FROM artifact a
|
|
||||||
WHERE NOT EXISTS (select 1 from artifact_accessory acc WHERE acc.artifact_id = a.id)
|
|
||||||
AND (EXISTS (SELECT 1 FROM tag WHERE tag.artifact_id = a.id)
|
|
||||||
OR NOT EXISTS (SELECT 1 FROM artifact_reference ref WHERE ref.child_id = a.id))`
|
|
||||||
|
|
||||||
// sql to query the scanned artifact count,
|
// sql to query the scanned artifact count, include all artifacts in the artifact table
|
||||||
// exclude the artifact accessory, and child artifact in image index (without tag),
|
|
||||||
// include the image index artifact which at least one child artifact is scanned
|
|
||||||
scannedArtifactCountSQL = `SELECT COUNT(1)
|
scannedArtifactCountSQL = `SELECT COUNT(1)
|
||||||
FROM artifact a
|
FROM artifact a
|
||||||
WHERE EXISTS (SELECT 1
|
WHERE EXISTS (SELECT 1
|
||||||
FROM scan_report s
|
FROM scan_report s
|
||||||
WHERE a.digest = s.digest
|
WHERE a.digest = s.digest
|
||||||
AND s.registration_uuid = ?)
|
AND s.registration_uuid = ?)`
|
||||||
-- exclude artifact accessory
|
|
||||||
AND NOT EXISTS (SELECT 1 FROM artifact_accessory acc WHERE acc.artifact_id = a.id)
|
|
||||||
-- not a child without tag
|
|
||||||
AND NOT EXISTS (SELECT 1 FROM artifact_reference WHERE child_id = a.id AND NOT EXISTS (SELECT 1 FROM tag WHERE artifact_id = a.id))
|
|
||||||
-- include image index which is scanned
|
|
||||||
OR EXISTS (SELECT 1
|
|
||||||
FROM scan_report s,
|
|
||||||
artifact_reference ref
|
|
||||||
WHERE s.digest = ref.child_digest
|
|
||||||
AND ref.parent_id = a.id AND s.registration_uuid = ? AND NOT EXISTS (SELECT 1
|
|
||||||
FROM scan_report s
|
|
||||||
WHERE s.digest = a.digest and s.registration_uuid = ?))`
|
|
||||||
|
|
||||||
// sql to query the dangerous CVEs
|
// sql to query the dangerous CVEs
|
||||||
// sort the CVEs by CVSS score and severity level, make sure it is referred by a report
|
// sort the CVEs by CVSS score and severity level, make sure it is referred by a report
|
||||||
@ -268,7 +246,7 @@ func (d *dao) ScannedArtifactsCount(ctx context.Context, scannerUUID string, pro
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return cnt, err
|
return cnt, err
|
||||||
}
|
}
|
||||||
err = o.Raw(scannedArtifactCountSQL, scannerUUID, scannerUUID, scannerUUID).QueryRow(&cnt)
|
err = o.Raw(scannedArtifactCountSQL, scannerUUID).QueryRow(&cnt)
|
||||||
return cnt, err
|
return cnt, err
|
||||||
}
|
}
|
||||||
func (d *dao) DangerousCVEs(ctx context.Context, scannerUUID string, projectID int64, query *q.Query) ([]*scan.VulnerabilityRecord, error) {
|
func (d *dao) DangerousCVEs(ctx context.Context, scannerUUID string, projectID int64, query *q.Query) ([]*scan.VulnerabilityRecord, error) {
|
||||||
|
@ -79,9 +79,9 @@ func (suite *SecurityDaoTestSuite) TearDownTest() {
|
|||||||
testDao.ExecuteBatchSQL([]string{
|
testDao.ExecuteBatchSQL([]string{
|
||||||
`delete from scan_report where uuid = 'uuid'`,
|
`delete from scan_report where uuid = 'uuid'`,
|
||||||
`delete from tag where id = 1001`,
|
`delete from tag where id = 1001`,
|
||||||
`delete from artifact where digest = 'digest1001'`,
|
|
||||||
`delete from artifact_accessory where id = 1001`,
|
`delete from artifact_accessory where id = 1001`,
|
||||||
`delete from artifact_reference where id = 1001`,
|
`delete from artifact_reference where id = 1001`,
|
||||||
|
`delete from artifact where digest = 'digest1001'`,
|
||||||
`delete from scanner_registration where uuid='ruuid'`,
|
`delete from scanner_registration where uuid='ruuid'`,
|
||||||
`delete from scanner_registration where uuid='uuid2'`,
|
`delete from scanner_registration where uuid='uuid2'`,
|
||||||
`delete from vulnerability_record where cve_id='2023-4567-12345'`,
|
`delete from vulnerability_record where cve_id='2023-4567-12345'`,
|
||||||
@ -149,7 +149,7 @@ func Test_checkQFilter(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (suite *SecurityDaoTestSuite) TestExacthMatchFilter() {
|
func (suite *SecurityDaoTestSuite) TestExactMatchFilter() {
|
||||||
type args struct {
|
type args struct {
|
||||||
ctx context.Context
|
ctx context.Context
|
||||||
key string
|
key string
|
||||||
@ -199,7 +199,8 @@ func (suite *SecurityDaoTestSuite) TestRangeFilter() {
|
|||||||
func (suite *SecurityDaoTestSuite) TestCountArtifact() {
|
func (suite *SecurityDaoTestSuite) TestCountArtifact() {
|
||||||
count, err := suite.dao.TotalArtifactsCount(suite.Context(), 0)
|
count, err := suite.dao.TotalArtifactsCount(suite.Context(), 0)
|
||||||
suite.NoError(err)
|
suite.NoError(err)
|
||||||
suite.Equal(int64(1), count)
|
// includes artifact_accessory(1), child artifact of image index(1), image index(1)
|
||||||
|
suite.Equal(int64(3), count)
|
||||||
}
|
}
|
||||||
func (suite *SecurityDaoTestSuite) TestCountVul() {
|
func (suite *SecurityDaoTestSuite) TestCountVul() {
|
||||||
count, err := suite.dao.CountVulnerabilities(suite.Context(), "ruuid", 0, true, nil)
|
count, err := suite.dao.CountVulnerabilities(suite.Context(), "ruuid", 0, true, nil)
|
||||||
|
Loading…
Reference in New Issue
Block a user