Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-23 10:45:45 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2982 from reasonerjt/tc-vuln-data

Browse Source 
add tc for vulnerability transform
This commit is contained in:
Daniel Jiang 2017-08-08 12:15:54 +08:00 committed by GitHub
commit 383a09e21f
3 changed files with 51 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/common/utils/clair/test/total-12.json Normal file
View File

@ -0,0 +1 @@
{"Layer":{"Name":"03adedf41d4e0ea1b2458546a5b4717bf5f24b23489b25589e20c692aaf84d19","NamespaceName":"alpine:v3.4","ParentName":"61171f6a2863a80d24d842e11d277d6a8b216502456d90833d87759fb6a30516","IndexedByVersion":3,"Features":[{"Name":"musl","NamespaceName":"alpine:v3.4","VersionFormat":"dpkg","Version":"1.1.14-r11","Vulnerabilities":[{"Name":"CVE-2016-8859","NamespaceName":"alpine:v3.4","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8859","Severity":"High","Metadata":{"NVD":{"CVSSv2":{"Score":7.5,"Vectors":"AV:N/AC:L/Au:N/C:P/I:P"}}},"FixedBy":"1.1.14-r13"}],"AddedBy":"63e57014ab640f34a397c174f7cd085729aec27eca7715832786412ac7ffbd71"},{"Name":"libssl1.0","NamespaceName":"alpine:v3.4","VersionFormat":"dpkg","Version":"1.0.2h-r4","AddedBy":"63e57014ab640f34a397c174f7cd085729aec27eca7715832786412ac7ffbd71"},{"Name":"busybox","NamespaceName":"alpine:v3.4","VersionFormat":"dpkg","Version":"1.24.2-r11","Vulnerabilities":[{"Name":"CVE-2016-6301","NamespaceName":"alpine:v3.4","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6301","Severity":"High","Metadata":{"NVD":{"CVSSv2":{"Score":7.8,"Vectors":"AV:N/AC:L/Au:N/C:N/I:N"}}},"FixedBy":"1.24.2-r12"}],"AddedBy":"63e57014ab640f34a397c174f7cd085729aec27eca7715832786412ac7ffbd71"},{"Name":"alpine-keys","NamespaceName":"alpine:v3.4","VersionFormat":"dpkg","Version":"1.1-r0","AddedBy":"63e57014ab640f34a397c174f7cd085729aec27eca7715832786412ac7ffbd71"},{"Name":"alpine-baselayout","NamespaceName":"alpine:v3.4","VersionFormat":"dpkg","Version":"3.0.3-r0","AddedBy":"63e57014ab640f34a397c174f7cd085729aec27eca7715832786412ac7ffbd71"},{"Name":"libcrypto1.0","NamespaceName":"alpine:v3.4","VersionFormat":"dpkg","Version":"1.0.2h-r4","AddedBy":"63e57014ab640f34a397c174f7cd085729aec27eca7715832786412ac7ffbd71"},{"Name":"musl-utils","NamespaceName":"alpine:v3.4","VersionFormat":"dpkg","Version":"1.1.14-r11","AddedBy":"63e57014ab640f34a397c174f7cd085729aec27eca7715832786412ac7ffbd71"},{"Name":"apk-tools","NamespaceName":"alpine:v3.4","VersionFormat":"dpkg","Version":"2.6.7-r0","AddedBy":"63e57014ab640f34a397c174f7cd085729aec27eca7715832786412ac7ffbd71"},{"Name":"zlib","NamespaceName":"alpine:v3.4","VersionFormat":"dpkg","Version":"1.2.8-r2","Vulnerabilities":[{"Name":"CVE-2016-9841","NamespaceName":"alpine:v3.4","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9841","Severity":"High","Metadata":{"NVD":{"CVSSv2":{"Score":7.5,"Vectors":"AV:N/AC:L/Au:N/C:P/I:P"}}},"FixedBy":"1.2.11-r0"},{"Name":"CVE-2016-9843","NamespaceName":"alpine:v3.4","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9843","Severity":"High","Metadata":{"NVD":{"CVSSv2":{"Score":7.5,"Vectors":"AV:N/AC:L/Au:N/C:P/I:P"}}},"FixedBy":"1.2.11-r0"},{"Name":"CVE-2016-9840","NamespaceName":"alpine:v3.4","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9840","Severity":"Medium","Metadata":{"NVD":{"CVSSv2":{"Score":6.8,"Vectors":"AV:N/AC:M/Au:N/C:P/I:P"}}},"FixedBy":"1.2.11-r0"},{"Name":"CVE-2016-9842","NamespaceName":"alpine:v3.4","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9842","Severity":"Medium","Metadata":{"NVD":{"CVSSv2":{"Score":6.8,"Vectors":"AV:N/AC:M/Au:N/C:P/I:P"}}},"FixedBy":"1.2.11-r0"}],"AddedBy":"63e57014ab640f34a397c174f7cd085729aec27eca7715832786412ac7ffbd71"},{"Name":"libc-utils","NamespaceName":"alpine:v3.4","VersionFormat":"dpkg","Version":"0.7-r0","AddedBy":"63e57014ab640f34a397c174f7cd085729aec27eca7715832786412ac7ffbd71"},{"Name":"scanelf","NamespaceName":"alpine:v3.4","VersionFormat":"dpkg","Version":"1.1.6-r0","AddedBy":"63e57014ab640f34a397c174f7cd085729aec27eca7715832786412ac7ffbd71"},{"Name":"dnsmasq","NamespaceName":"alpine:v3.4","VersionFormat":"dpkg","Version":"2.76-r0","AddedBy":"73cda0d278577331d47943734385a88b3de2c69355d9f9edfe87fb48d7af7528"}]}}

12
src/common/utils/clair/utils.go
View File

@ -59,8 +59,13 @@ func UpdateScanOverview(digest, layerName string, l ...*log.Logger) error {
logger.Errorf("Failed to get result from Clair, error: %v", err)
return err
}
compOverview, sev := transformVuln(res)
return dao.UpdateImgScanOverview(digest, layerName, sev, compOverview)
}
func transformVuln(clairVuln *models.ClairLayerEnvelope) (*models.ComponentsOverview, models.Severity) {
vulnMap := make(map[models.Severity]int)
features := res.Layer.Features
features := clairVuln.Layer.Features
totalComponents := len(features)
var temp models.Severity
for _, f := range features {
@ -85,9 +90,8 @@ func UpdateScanOverview(digest, layerName string, l ...*log.Logger) error {
}
compSummary = append(compSummary, entry)
}
compOverview := &models.ComponentsOverview{
return &models.ComponentsOverview{
Total: totalComponents,
Summary: compSummary,
}
return dao.UpdateImgScanOverview(digest, layerName, overallSev, compOverview)
}, overallSev
}

42
src/common/utils/clair/utils_test.go
View File

@ -14,6 +14,10 @@
package clair
import (
"encoding/json"
"io/ioutil"
"path"
"runtime"
"testing"
"github.com/stretchr/testify/assert"
@ -33,3 +37,41 @@ func TestParseServerity(t *testing.T) {
assert.Equal(v, ParseClairSev(k))
}
}
func TestTransformVuln(t *testing.T) {
var clairVuln = &models.ClairLayerEnvelope{}
assert := assert.New(t)
empty := []byte(`{"Layer":{"Features":[]}}`)
loadVuln(empty, clairVuln)
output, o := transformVuln(clairVuln)
assert.Equal(0, output.Total)
assert.Equal(models.SevNone, o)
_, f, _, ok := runtime.Caller(0)
if !ok {
panic("Failed to get current directory")
}
curDir := path.Dir(f)
real, err := ioutil.ReadFile(path.Join(curDir, "test/total-12.json"))
if err != nil {
panic(err)
}
loadVuln(real, clairVuln)
output, o = transformVuln(clairVuln)
assert.Equal(12, output.Total)
assert.Equal(models.SevHigh, o)
hit := false
for _, s := range output.Summary {
if s.Sev == int(models.SevHigh) {
assert.Equal(3, s.Count, "There should be 3 components with High severity")
hit = true
}
}
assert.True(hit, "Not found entry for high severity in summary list")
}
func loadVuln(input []byte, data *models.ClairLayerEnvelope) {
err := json.Unmarshal(input, data)
if err != nil {
panic(err)
}
}