fix(policy-checker): add func to transform project severity to vuln.Severity

The severity saved in db is lowercase but the severities in vuln pkg begin with upper letter, this fix use func to transform project severity value from db to vuln.Severity. Signed-off-by: He Weiwei <hweiwei@vmware.com>
2024-11-22 18:25:56 +01:00 · 2019-10-31 14:07:39 +00:00 · 2019-10-31 14:07:39 +00:00 · ae8931e816
commit ae8931e816
parent 86312d722e
4 changed files with 29 additions and 11 deletions
--- a/src/common/models/pro_meta.go
+++ b/src/common/models/pro_meta.go
@ -26,7 +26,7 @@ const (
 	ProMetaSeverity             = "severity"
 	ProMetaAutoScan             = "auto_scan"
 	ProMetaReuseSysCVEWhitelist = "reuse_sys_cve_whitelist"
-	SeverityNone                = "negligible"
+	SeverityNegligible          = "negligible"
 	SeverityLow                 = "low"
 	SeverityMedium              = "medium"
 	SeverityHigh                = "high"
--- a/src/core/api/metadata.go
+++ b/src/core/api/metadata.go
@ -231,7 +231,7 @@ func validateProjectMetadata(metas map[string]string) (map[string]string, error)
 	value, exist := metas[models.ProMetaSeverity]
 	if exist {
 		switch strings.ToLower(value) {
-		case models.SeverityHigh, models.SeverityMedium, models.SeverityLow, models.SeverityNone:
+		case models.SeverityHigh, models.SeverityMedium, models.SeverityLow, models.SeverityNegligible:
 			metas[models.ProMetaSeverity] = strings.ToLower(value)
 		default:
 			return nil, fmt.Errorf("invalid severity %s", value)
--- a/src/core/middlewares/util/util.go
+++ b/src/core/middlewares/util/util.go
@ -366,27 +366,28 @@ func (pc PmsPolicyChecker) VulnerablePolicy(name string) (bool, vuln.Severity, m
 		log.Errorf("Unexpected error when getting the project, error: %v", err)
 		return true, vuln.Unknown, wl
 	}
+
 	mgr := whitelist.NewDefaultManager()
 	if project.ReuseSysCVEWhitelist() {
 		w, err := mgr.GetSys()
 		if err != nil {
 			log.Error(errors.Wrap(err, "policy checker: vulnerable policy"))
-			return project.VulPrevented(), vuln.Severity(project.Severity()), wl
-		}
-		wl = *w
+		} else {
+			wl = *w

-		// Use the real project ID
-		wl.ProjectID = project.ProjectID
+			// Use the real project ID
+			wl.ProjectID = project.ProjectID
+		}
 	} else {
 		w, err := mgr.Get(project.ProjectID)
 		if err != nil {
 			log.Error(errors.Wrap(err, "policy checker: vulnerable policy"))
-			return project.VulPrevented(), vuln.Severity(project.Severity()), wl
+		} else {
+			wl = *w
 		}
-		wl = *w
 	}
-	return project.VulPrevented(), vuln.Severity(project.Severity()), wl

+	return project.VulPrevented(), getProjectVulnSeverity(project), wl
 }

 // NewPMSPolicyChecker returns an instance of an pmsPolicyChecker
@ -561,3 +562,20 @@ func ParseManifestInfoFromPath(req *http.Request) (*ManifestInfo, error) {

 	return info, nil
 }
+
+func getProjectVulnSeverity(project *models.Project) vuln.Severity {
+	mp := map[string]vuln.Severity{
+		models.SeverityNegligible: vuln.Negligible,
+		models.SeverityLow:        vuln.Low,
+		models.SeverityMedium:     vuln.Medium,
+		models.SeverityHigh:       vuln.High,
+		models.SeverityCritical:   vuln.Critical,
+	}
+
+	severity, ok := mp[project.Severity()]
+	if !ok {
+		return vuln.Unknown
+	}
+
+	return severity
+}
--- a/src/core/middlewares/util/util_test.go
+++ b/src/core/middlewares/util/util_test.go
@ -171,7 +171,7 @@ func TestPMSPolicyChecker(t *testing.T) {
 		Metadata: map[string]string{
 			models.ProMetaEnableContentTrust:   "true",
 			models.ProMetaPreventVul:           "true",
-			models.ProMetaSeverity:             "Low",
+			models.ProMetaSeverity:             "low", // validateProjectMetadata function make the severity to lowercase
 			models.ProMetaReuseSysCVEWhitelist: "false",
 		},
 	})