Merge pull request #12303 from AllForNothing/allowlist

Replace all whitelist with allowlist

api/v2.0/legacy_swagger.yaml

@@ -2533,38 +2533,38 @@ paths:
           description: User need to log in first.
         '403':
           description: User does not have permission to call this API
-  '/system/CVEWhitelist':
+  '/system/CVEAllowlist':
     get:
-      summary: Get the system level whitelist of CVE.
-      description: Get the system level whitelist of CVE.  This API can be called by all authenticated users.
+      summary: Get the system level allowlist of CVE.
+      description: Get the system level allowlist of CVE.  This API can be called by all authenticated users.
       tags:
         - Products
         - System
       responses:
         '200':
-          description: Successfully retrieved the CVE whitelist.
+          description: Successfully retrieved the CVE allowlist.
           schema:
-            $ref: "#/definitions/CVEWhitelist"
+            $ref: "#/definitions/CVEAllowlist"
         '401':
           description: User is not authenticated.
         '500':
           description: Unexpected internal errors.
     put:
-      summary: Update the system level whitelist of CVE.
-      description: This API overwrites the system level whitelist of CVE with the list in request body.  Only system Admin
+      summary: Update the system level allowlist of CVE.
+      description: This API overwrites the system level allowlist of CVE with the list in request body.  Only system Admin
         has permission to call this API.
       tags:
         - Products
         - System
       parameters:
         - in: body
-          name: whitelist
-          description: The whitelist with new content
+          name: allowlist
+          description: The allowlist with new content
           schema:
-            $ref: "#/definitions/CVEWhitelist"
+            $ref: "#/definitions/CVEAllowlist"
       responses:
         '200':
-          description: Successfully updated the CVE whitelist.
+          description: Successfully updated the CVE allowlist.
         '401':
           description: User is not authenticated.
         '403':
@@ -3755,9 +3755,9 @@ definitions:
       metadata:
         description: The metadata of the project.
         $ref: '#/definitions/ProjectMetadata'
-      cve_whitelist:
-        description: The CVE whitelist of the project.
-        $ref: '#/definitions/CVEWhitelist'
+      cve_allowlist:
+        description: The CVE allowlist of the project.
+        $ref: '#/definitions/CVEAllowlist'
       count_limit:
         type: integer
         format: int64
@@ -3821,9 +3821,9 @@ definitions:
       metadata:
         description: The metadata of the project.
         $ref: '#/definitions/ProjectMetadata'
-      cve_whitelist:
-        description: The CVE whitelist of this project.
-        $ref: '#/definitions/CVEWhitelist'
+      cve_allowlist:
+        description: The CVE allowlist of this project.
+        $ref: '#/definitions/CVEAllowlist'
   ProjectMetadata:
     type: object
     properties:
@@ -3842,10 +3842,10 @@ definitions:
       auto_scan:
         type: string
         description: 'Whether scan images automatically when pushing. The valid values are "true", "false".'
-      reuse_sys_cve_whitelist:
+      reuse_sys_cve_allowlist:
         type: string
-        description: 'Whether this project reuse the system level CVE whitelist as the whitelist of its own.  The valid values are "true", "false".
-        If it is set to "true" the actual whitelist associate with this project, if any, will be ignored.'
+        description: 'Whether this project reuse the system level CVE allowlist as the allowlist of its own.  The valid values are "true", "false".
+        If it is set to "true" the actual allowlist associate with this project, if any, will be ignored.'
   ProjectSummary:
     type: object
     properties:
@@ -5056,26 +5056,26 @@ definitions:
       metadata:
         type: object
         description: The metadata of namespace
-  CVEWhitelist:
+  CVEAllowlist:
     type: object
-    description: The CVE Whitelist for system or project
+    description: The CVE Allowlist for system or project
     properties:
       id:
         type: integer
-        description: ID of the whitelist
+        description: ID of the allowlist
       project_id:
         type: integer
-        description: ID of the project which the whitelist belongs to.  For system level whitelist this attribute is zero.
+        description: ID of the project which the allowlist belongs to.  For system level allowlist this attribute is zero.
       expires_at:
         type: integer
-        description: the time for expiration of the whitelist, in the form of seconds since epoch.  This is an optional attribute, if it's not set the CVE whitelist does not expire.
+        description: the time for expiration of the allowlist, in the form of seconds since epoch.  This is an optional attribute, if it's not set the CVE allowlist does not expire.
       items:
         type: array
         items:
-          $ref: "#/definitions/CVEWhitelistItem"
-  CVEWhitelistItem:
+          $ref: "#/definitions/CVEAllowlistItem"
+  CVEAllowlistItem:
     type: object
-    description: The item in CVE whitelist
+    description: The item in CVE allowlist
     properties:
       cve_id:
         type: string

docs/README.md

@@ -45,7 +45,7 @@ This section describes how to use and maintain Harbor after deployment. These da
     - [Scan All Images](administration/vulnerability-scanning/scan-all-images.md)
     - [Schedule Scans](administration/vulnerability-scanning/schedule-scans.md)
     - [Import Vulnerability Data to an Offline Harbor instance](administration/vulnerability-scanning/import-vulnerability-data.md)
-    - [Configure System-Wide CVE Whitelists](administration/vulnerability-scanning/configure-system-whitelist.md)
+    - [Configure System-Wide CVE Allowlists](administration/vulnerability-scanning/configure-system-allowlist.md)
 - [Garbage Collection](administration/garbage-collection/_index.md)
 - [Upgrade Harbor and Migrate Data](administration/upgrade/upgrade-migrate-data.md)
   - [Upgrading Harbor Deployed with Helm](administration/upgrade/helm-upgrade.md)
@@ -63,7 +63,7 @@ This section describes how users with the developer, master, and project adminis
     - [Access and Search Project Logs](working-with-projects/access-project-logs.md)
     - [Create Robot Accounts](working-with-projects/create-robot-accounts.md)
     - [Configure Webhook Notifications](working-with-projects/configure-webhooks.md)
-    - [Configure a Per-Project CVE Whitelist](working-with-projects/configure-project-whitelist.md)
+    - [Configure a Per-Project CVE Allowlist](working-with-projects/configure-project-allowlist.md)
     - [Implementing Content Trust](working-with-projects/implementing-content-trust.md)
 - [Working with Images, Tags, and Helm Charts](working-with-projects/working-with-images.md)
     - [Pulling and Pushing Images](working-with-projects/pulling-pushing-images.md)
@@ -87,4 +87,4 @@ This section describes how developers can build from Harbor source code, customi
 - [Registry Landscape](build-customize-contribute/registry-landscape.md)
 - [E2E Test Scripting Guide](build-customize-contribute/e2e_api_python_based_scripting_guide.md)
 
-See also the list of [Articles from the Harbor Community](https://github.com/goharbor/harbor/blob/master/docs/README.md#articles-from-the-community).
+See also the list of [Articles from the Harbor Community](https://github.com/goharbor/harbor/blob/master/docs/README.md#articles-from-the-community).

docs/administration/managing-users/user-permissions-by-role.md

@@ -48,8 +48,8 @@ The following table depicts the various user permission levels in a project.
 | Add/Remove labels of helm chart version |               |       | ✓         | ✓      | ✓             |
 | See a list of project robots            |               |       |           | ✓      | ✓             |
 | Create/edit/delete project robots       |               |       |           |        | ✓             |
-| See configured CVE whitelist            | ✓             | ✓     | ✓         | ✓      | ✓             |
-| Create/edit/remove CVE whitelist        |               |       |           |        | ✓             |
+| See configured CVE allowlist            | ✓             | ✓     | ✓         | ✓      | ✓             |
+| Create/edit/remove CVE allowlist        |               |       |           |        | ✓             |
 | Enable/disable webhooks                 |               |       | ✓         | ✓      | ✓             |
 | Create/delete tag retention rules       |               |       | ✓         | ✓      | ✓             |
 | Enable/disable tag retention rules      |               |       | ✓         | ✓      | ✓             |

docs/administration/vulnerability-scanning/configure-system-allowlist.md

@@ -1,26 +1,26 @@
 ---
-title: Configure System-Wide CVE Whitelists
+title: Configure System-Wide CVE Allowlists
 weight: 50
 ---
 
-When you run vulnerability scans, images that are subject to Common Vulnerabilities and Exposures (CVE) are identified. According to the severity of the CVE and your security settings, these images might not be permitted to run. As a Harbor system administrator, you can create whitelists of CVEs to ignore during vulnerability scanning. 
+When you run vulnerability scans, images that are subject to Common Vulnerabilities and Exposures (CVE) are identified. According to the severity of the CVE and your security settings, these images might not be permitted to run. As a Harbor system administrator, you can create allowlists of CVEs to ignore during vulnerability scanning. 
 
-You can set a system-wide CVE whitelist or you can set CVE whitelists on a per-project basis. For information about per-project CVE whitelists, see [Configure a Per-Project CVE Whitelist](../../working-with-projects/project-configuration/configure-project-whitelist.md).
+You can set a system-wide CVE allowlist or you can set CVE allowlists on a per-project basis. For information about per-project CVE allowlists, see [Configure a Per-Project CVE Allowlist](../../working-with-projects/project-configuration/configure-project-allowlist.md).
 
-System-wide CVE whitelists apply to all of the projects in a Harbor instance.
+System-wide CVE allowlists apply to all of the projects in a Harbor instance.
 
 1. Go to **Configuration** > **System Settings**.
 1. Under **Deployment security**, click **Add**. 
-   ![System-wide CVE whitelist](../../../img/cve-whitelist1.png)
+   ![System-wide CVE allowlist](../../../img/cve-allowlist1.png)
 1. Enter the list of CVE IDs to ignore during vulnerability scanning. 
-   ![Add system CVE whitelist](../../../img/cve-whitelist2.png)
+   ![Add system CVE allowlist](../../../img/cve-allowlist2.png)
 
    Either use a comma-separated list or newlines to add multiple CVE IDs to the list.
 1. Click **Add** at the bottom of the window to add the list.
-1. Optionally uncheck the **Never expires** checkbox and use the calendar selector to set an expiry date for the whitelist.
-   ![Add system CVEs](../../../img/cve-whitelist3.png)
+1. Optionally uncheck the **Never expires** checkbox and use the calendar selector to set an expiry date for the allowlist.
+   ![Add system CVEs](../../../img/cve-allowlist3.png)
 1. Click **Save** at the bottom of the page to save your settings.
    
-After you have created a system whitelist, you can remove CVE IDs from the list by clicking the delete button next to it in the list. You can click **Add** to add more CVE IDs to the system whitelist.
+After you have created a system allowlist, you can remove CVE IDs from the list by clicking the delete button next to it in the list. You can click **Add** to add more CVE IDs to the system allowlist.
 
-![Add and remove system CVEs](../../../img/cve-whitelist4.png)
+![Add and remove system CVEs](../../../img/cve-allowlist4.png)

docs/build-customize-contribute/registry-landscape.md

@@ -31,5 +31,5 @@ Table updated on 10/21/2019 against Harbor 1.9.
 | Upstream Registry Proxy Cache                          | ✗      | ✓                       | ✗       | ✗                                 | ✓                           | ✓           | ✗        |
 | Vulnerability Scanning & Monitoring                    | ✓      | ✓                       | ✓       | ✗                                 | ✗                           | ✓           | partial  |
 | Vulnerability Scanning Plugin Framework                | ✓      | ✗                       | ✗       | ✗                                 | ✗                           | ✗           | ✗        |
-| Vulnerability Whitelisting                             | ✓      | ✗                       | ✗       | ✗                                 | ✗                           | ✗           | ✗        |
+| Vulnerability Allowlisting                             | ✓      | ✗                       | ✗       | ✗                                 | ✗                           | ✗           | ✗        |
 | Webhooks                                               | ✓      | ✓                       | ✓       | ✓                                 | ✓                           | ✓           | ✓        |

docs/build-customize-contribute/swagger.yaml

@@ -3577,38 +3577,38 @@ paths:
           description: User need to log in first.
         '403':
           description: User does not have permission to call this API
-  '/system/CVEWhitelist':
+  '/system/CVEAllowlist':
     get:
-      summary: Get the system level whitelist of CVE.
-      description: Get the system level whitelist of CVE.  This API can be called by all authenticated users.
+      summary: Get the system level allowlist of CVE.
+      description: Get the system level allowlist of CVE.  This API can be called by all authenticated users.
       tags:
         - Products
         - System
       responses:
         '200':
-          description: Successfully retrieved the CVE whitelist.
+          description: Successfully retrieved the CVE allowlist.
           schema:
-            $ref: "#/definitions/CVEWhitelist"
+            $ref: "#/definitions/CVEAllowlist"
         '401':
           description: User is not authenticated.
         '500':
           description: Unexpected internal errors.
     put:
-      summary: Update the system level whitelist of CVE.
-      description: This API overwrites the system level whitelist of CVE with the list in request body.  Only system Admin
+      summary: Update the system level allowlist of CVE.
+      description: This API overwrites the system level allowlist of CVE with the list in request body.  Only system Admin
         has permission to call this API.
       tags:
         - Products
         - System
       parameters:
         - in: body
-          name: whitelist
-          description: The whitelist with new content
+          name: allowlist
+          description: The allowlist with new content
           schema:
-            $ref: "#/definitions/CVEWhitelist"
+            $ref: "#/definitions/CVEAllowlist"
       responses:
         '200':
-          description: Successfully updated the CVE whitelist.
+          description: Successfully updated the CVE allowlist.
         '401':
           description: User is not authenticated.
         '403':
@@ -4458,9 +4458,9 @@ definitions:
       metadata:
         description: The metadata of the project.
         $ref: '#/definitions/ProjectMetadata'
-      cve_whitelist:
-        description: The CVE whitelist of the project.
-        $ref: '#/definitions/CVEWhitelist'
+      cve_allowlist:
+        description: The CVE allowlist of the project.
+        $ref: '#/definitions/CVEAllowlist'
       count_limit:
         type: integer
         format: int64
@@ -4510,9 +4510,9 @@ definitions:
       metadata:
         description: The metadata of the project.
         $ref: '#/definitions/ProjectMetadata'
-      cve_whitelist:
-        description: The CVE whitelist of this project.
-        $ref: '#/definitions/CVEWhitelist'
+      cve_allowlist:
+        description: The CVE allowlist of this project.
+        $ref: '#/definitions/CVEAllowlist'
   ProjectMetadata:
     type: object
     properties:
@@ -4531,10 +4531,10 @@ definitions:
       auto_scan:
         type: string
         description: 'Whether scan images automatically when pushing. The valid values are "true", "false".'
-      reuse_sys_cve_whitelist:
+      reuse_sys_cve_allowlist:
         type: string
-        description: 'Whether this project reuse the system level CVE whitelist as the whitelist of its own.  The valid values are "true", "false".
-        If it is set to "true" the actual whitelist associate with this project, if any, will be ignored.'
+        description: 'Whether this project reuse the system level CVE allowlist as the allowlist of its own.  The valid values are "true", "false".
+        If it is set to "true" the actual allowlist associate with this project, if any, will be ignored.'
   ProjectSummary:
     type: object
     properties:
@@ -6036,26 +6036,26 @@ definitions:
       metadata:
         type: object
         description: The metadata of namespace
-  CVEWhitelist:
+  CVEAllowlist:
     type: object
-    description: The CVE Whitelist for system or project
+    description: The CVE Allowlist for system or project
     properties:
       id:
         type: integer
-        description: ID of the whitelist
+        description: ID of the allowlist
       project_id:
         type: integer
-        description: ID of the project which the whitelist belongs to.  For system level whitelist this attribute is zero.
+        description: ID of the project which the allowlist belongs to.  For system level allowlist this attribute is zero.
       expires_at:
         type: integer
-        description: the time for expiration of the whitelist, in the form of seconds since epoch.  This is an optional attribute, if it's not set the CVE whitelist does not expire.
+        description: the time for expiration of the allowlist, in the form of seconds since epoch.  This is an optional attribute, if it's not set the CVE allowlist does not expire.
       items:
         type: array
         items:
-          $ref: "#/definitions/CVEWhitelistItem"
-  CVEWhitelistItem:
+          $ref: "#/definitions/CVEAllowlistItem"
+  CVEAllowlistItem:
     type: object
-    description: The item in CVE whitelist
+    description: The item in CVE allowlist
     properties:
       cve_id:
         type: string

docs/working-with-projects/project-configuration/configure-project-allowlist.md

@@ -0,0 +1,32 @@
+---
+title: Configure a Per-Project CVE Allowlist
+weight: 50
+---
+
+When you run vulnerability scans, images that are subject to Common Vulnerabilities and Exposures (CVE) are identified. According to the severity of the CVE and your security settings, these images might not be permitted to run. You can create allowlists of CVEs to ignore during vulnerability scanning. 
+
+Harbor administrators can set a system-wide CVE allowlist. For information about site-wide CVE allowlists, see [Configure System-Wide CVE Allowlists](../../administration/vulnerability-scanning/configure-system-allowlist.md). By default, the system allowlist is applied to all projects. You can configure different CVE allowlists for individual projects, that override the system allowlist. 
+
+1. Go to **Projects**, select a project, and select **Configuration**.
+1. Under **CVE allowlist**, select **Project allowlist**.
+
+    ![Project CVE allowlist](../../../img/cve-allowlist5.png)
+
+1. Optionally click **Copy From System** to add all of the CVE IDs from the system CVE allowlist to this project allowlist.
+1. Click **Add** and enter a list of additional CVE IDs to ignore during vulnerability scanning of this project.
+
+    ![Add project CVEs](../../../img/cve-allowlist6.png)
+
+    Either use a comma-separated list or newlines to add multiple CVE IDs to the list.
+
+1. Click **Add** at the bottom of the window to add the CVEs to the project allowlist.
+1. Optionally uncheck the **Never expires** checkbox and use the calendar selector to set an expiry date for the allowlist.
+1. Click **Save** at the bottom of the page to save your settings.
+
+After you have created a project allowlist, you can remove CVE IDs from the list by clicking the delete button next to it in the list. You can click **Add** at any time to add more CVE IDs to this project allowlist. 
+
+If CVEs are added to the system allowlist after you have created a project allowlist, click **Copy From System** to add the new entries from the system allowlist to the project allowlist. 
+
+{{< note >}}
+If CVEs are deleted from the system allowlist after you have created a project allowlist, and if you added the system allowlist to the project allowlist, you must manually remove the deleted CVEs from the project allowlist. If you click **Copy From System** after CVEs have been deleted from the system allowlist, the deleted CVEs are not automatically removed from the project allowlist.
+{{< /note >}}

docs/working-with-projects/project-configuration/configure-project-whitelist.md

@@ -1,32 +0,0 @@
----
-title: Configure a Per-Project CVE Whitelist
-weight: 50
----
-
-When you run vulnerability scans, images that are subject to Common Vulnerabilities and Exposures (CVE) are identified. According to the severity of the CVE and your security settings, these images might not be permitted to run. You can create whitelists of CVEs to ignore during vulnerability scanning. 
-
-Harbor administrators can set a system-wide CVE whitelist. For information about site-wide CVE whitelists, see [Configure System-Wide CVE Whitelists](../../administration/vulnerability-scanning/configure-system-whitelist.md). By default, the system whitelist is applied to all projects. You can configure different CVE whitelists for individual projects, that override the system whitelist. 
-
-1. Go to **Projects**, select a project, and select **Configuration**.
-1. Under **CVE whitelist**, select **Project whitelist**.
-
-    ![Project CVE whitelist](../../../img/cve-whitelist5.png)
-
-1. Optionally click **Copy From System** to add all of the CVE IDs from the system CVE whitelist to this project whitelist.
-1. Click **Add** and enter a list of additional CVE IDs to ignore during vulnerability scanning of this project.
-
-    ![Add project CVEs](../../../img/cve-whitelist6.png)
-
-    Either use a comma-separated list or newlines to add multiple CVE IDs to the list.
-
-1. Click **Add** at the bottom of the window to add the CVEs to the project whitelist.
-1. Optionally uncheck the **Never expires** checkbox and use the calendar selector to set an expiry date for the whitelist.
-1. Click **Save** at the bottom of the page to save your settings.
-
-After you have created a project whitelist, you can remove CVE IDs from the list by clicking the delete button next to it in the list. You can click **Add** at any time to add more CVE IDs to this project whitelist. 
-
-If CVEs are added to the system whitelist after you have created a project whitelist, click **Copy From System** to add the new entries from the system whitelist to the project whitelist. 
-
-{{< note >}}
-If CVEs are deleted from the system whitelist after you have created a project whitelist, and if you added the system whitelist to the project whitelist, you must manually remove the deleted CVEs from the project whitelist. If you click **Copy From System** after CVEs have been deleted from the system whitelist, the deleted CVEs are not automatically removed from the project whitelist.
-{{< /note >}}

make/migrations/postgresql/0040_2.1.0_schema.up.sql

@@ -1,4 +1,5 @@
 ALTER TABLE project ADD COLUMN IF NOT EXISTS registry_id int;
+ALTER TABLE IF EXISTS cve_whitelist RENAME TO cve_allowlist;
 
 CREATE TABLE IF NOT EXISTS execution (
     id SERIAL NOT NULL,

src/common/dao/cve_allowlist.go

@@ -21,16 +21,16 @@ import (
 	"github.com/goharbor/harbor/src/lib/log"
 )
 
-// CreateCVEWhitelist creates the CVE whitelist
-func CreateCVEWhitelist(l models.CVEWhitelist) (int64, error) {
+// CreateCVEAllowlist creates the CVE allowlist
+func CreateCVEAllowlist(l models.CVEAllowlist) (int64, error) {
 	o := GetOrmer()
 	itemsBytes, _ := json.Marshal(l.Items)
 	l.ItemsText = string(itemsBytes)
 	return o.Insert(&l)
 }
 
-// UpdateCVEWhitelist Updates the vulnerability white list to DB
-func UpdateCVEWhitelist(l models.CVEWhitelist) (int64, error) {
+// UpdateCVEAllowlist Updates the vulnerability white list to DB
+func UpdateCVEAllowlist(l models.CVEAllowlist) (int64, error) {
 	o := GetOrmer()
 	itemsBytes, _ := json.Marshal(l.Items)
 	l.ItemsText = string(itemsBytes)
@@ -38,22 +38,22 @@ func UpdateCVEWhitelist(l models.CVEWhitelist) (int64, error) {
 	return id, err
 }
 
-// GetCVEWhitelist Gets the CVE whitelist of the project based on the project ID in parameter
-func GetCVEWhitelist(pid int64) (*models.CVEWhitelist, error) {
+// GetCVEAllowlist Gets the CVE allowlist of the project based on the project ID in parameter
+func GetCVEAllowlist(pid int64) (*models.CVEAllowlist, error) {
 	o := GetOrmer()
-	qs := o.QueryTable(&models.CVEWhitelist{})
+	qs := o.QueryTable(&models.CVEAllowlist{})
 	qs = qs.Filter("ProjectID", pid)
-	r := []*models.CVEWhitelist{}
+	r := []*models.CVEAllowlist{}
 	_, err := qs.All(&r)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get CVE whitelist for project %d, error: %v", pid, err)
+		return nil, fmt.Errorf("failed to get CVE allowlist for project %d, error: %v", pid, err)
 	}
 	if len(r) == 0 {
 		return nil, nil
 	} else if len(r) > 1 {
-		log.Infof("Multiple CVE whitelists found for project %d, length: %d, returning first element.", pid, len(r))
+		log.Infof("Multiple CVE allowlists found for project %d, length: %d, returning first element.", pid, len(r))
 	}
-	items := []models.CVEWhitelistItem{}
+	items := []models.CVEAllowlistItem{}
 	err = json.Unmarshal([]byte(r[0].ItemsText), &items)
 	if err != nil {
 		log.Errorf("Failed to decode item list, err: %v, text: %s", err, r[0].ItemsText)

src/common/dao/cve_allowlist_test.go

@@ -21,35 +21,35 @@ import (
 	"testing"
 )
 
-func TestUpdateAndGetCVEWhitelist(t *testing.T) {
-	require.Nil(t, ClearTable("cve_whitelist"))
-	l2, err := GetCVEWhitelist(5)
+func TestUpdateAndGetCVEAllowlist(t *testing.T) {
+	require.Nil(t, ClearTable("cve_allowlist"))
+	l2, err := GetCVEAllowlist(5)
 	assert.Nil(t, err)
 	assert.Nil(t, l2)
 
-	longList := []models.CVEWhitelistItem{}
+	longList := []models.CVEAllowlistItem{}
 	for i := 0; i < 50; i++ {
-		longList = append(longList, models.CVEWhitelistItem{CVEID: "CVE-1999-0067"})
+		longList = append(longList, models.CVEAllowlistItem{CVEID: "CVE-1999-0067"})
 	}
 
 	e := int64(1573254000)
-	in1 := models.CVEWhitelist{ProjectID: 3, Items: longList, ExpiresAt: &e}
-	_, err = UpdateCVEWhitelist(in1)
+	in1 := models.CVEAllowlist{ProjectID: 3, Items: longList, ExpiresAt: &e}
+	_, err = UpdateCVEAllowlist(in1)
 	require.Nil(t, err)
 	// assert.Equal(t, int64(1), n)
-	out1, err := GetCVEWhitelist(3)
+	out1, err := GetCVEAllowlist(3)
 	require.Nil(t, err)
 	assert.Equal(t, int64(3), out1.ProjectID)
 	assert.Equal(t, longList, out1.Items)
 	assert.Equal(t, e, *out1.ExpiresAt)
 
-	sysCVEs := []models.CVEWhitelistItem{
+	sysCVEs := []models.CVEAllowlistItem{
 		{CVEID: "CVE-2019-10164"},
 		{CVEID: "CVE-2017-12345"},
 	}
-	in3 := models.CVEWhitelist{Items: sysCVEs}
-	_, err = UpdateCVEWhitelist(in3)
+	in3 := models.CVEAllowlist{Items: sysCVEs}
+	_, err = UpdateCVEAllowlist(in3)
 	require.Nil(t, err)
 
-	require.Nil(t, ClearTable("cve_whitelist"))
+	require.Nil(t, ClearTable("cve_allowlist"))
 }

src/common/models/base.go

@@ -36,6 +36,6 @@ func init() {
 		new(NotificationJob),
 		new(ProjectBlob),
 		new(ArtifactAndBlob),
-		new(CVEWhitelist),
+		new(CVEAllowlist),
 	)
 }

src/common/models/cve_allowlist.go

@@ -16,29 +16,29 @@ package models
 
 import "time"
 
-// CVEWhitelist defines the data model for a CVE whitelist
-type CVEWhitelist struct {
+// CVEAllowlist defines the data model for a CVE allowlist
+type CVEAllowlist struct {
 	ID           int64              `orm:"pk;auto;column(id)" json:"id"`
 	ProjectID    int64              `orm:"column(project_id)" json:"project_id"`
 	ExpiresAt    *int64             `orm:"column(expires_at)" json:"expires_at,omitempty"`
-	Items        []CVEWhitelistItem `orm:"-" json:"items"`
+	Items        []CVEAllowlistItem `orm:"-" json:"items"`
 	ItemsText    string             `orm:"column(items)" json:"-"`
 	CreationTime time.Time          `orm:"column(creation_time);auto_now_add" json:"creation_time"`
 	UpdateTime   time.Time          `orm:"column(update_time);auto_now" json:"update_time"`
 }
 
-// CVEWhitelistItem defines one item in the CVE whitelist
-type CVEWhitelistItem struct {
+// CVEAllowlistItem defines one item in the CVE allowlist
+type CVEAllowlistItem struct {
 	CVEID string `json:"cve_id"`
 }
 
 // TableName ...
-func (c *CVEWhitelist) TableName() string {
-	return "cve_whitelist"
+func (c *CVEAllowlist) TableName() string {
+	return "cve_allowlist"
 }
 
-// CVESet returns the set of CVE id of the items in the whitelist to help filter the vulnerability list
-func (c *CVEWhitelist) CVESet() map[string]struct{} {
+// CVESet returns the set of CVE id of the items in the allowlist to help filter the vulnerability list
+func (c *CVEAllowlist) CVESet() map[string]struct{} {
 	r := map[string]struct{}{}
 	for _, it := range c.Items {
 		r[it.CVEID] = struct{}{}
@@ -46,8 +46,8 @@ func (c *CVEWhitelist) CVESet() map[string]struct{} {
 	return r
 }
 
-// IsExpired returns whether the whitelist is expired
-func (c *CVEWhitelist) IsExpired() bool {
+// IsExpired returns whether the allowlist is expired
+func (c *CVEAllowlist) IsExpired() bool {
 	if c.ExpiresAt == nil {
 		return false
 	}

src/common/models/cve_allowlist_test.go

@@ -21,38 +21,38 @@ import (
 	"time"
 )
 
-func TestCVEWhitelist_All(t *testing.T) {
+func TestCVEAllowlist_All(t *testing.T) {
 	future := int64(4411494000)
 	now := time.Now().Unix()
 	cases := []struct {
-		input   CVEWhitelist
+		input   CVEAllowlist
 		cveset  map[string]struct{}
 		expired bool
 	}{
 		{
-			input: CVEWhitelist{
+			input: CVEAllowlist{
 				ID:        1,
 				ProjectID: 0,
-				Items:     []CVEWhitelistItem{},
+				Items:     []CVEAllowlistItem{},
 			},
 			cveset:  map[string]struct{}{},
 			expired: false,
 		},
 		{
-			input: CVEWhitelist{
+			input: CVEAllowlist{
 				ID:        1,
 				ProjectID: 0,
-				Items:     []CVEWhitelistItem{},
+				Items:     []CVEAllowlistItem{},
 				ExpiresAt: &now,
 			},
 			cveset:  map[string]struct{}{},
 			expired: true,
 		},
 		{
-			input: CVEWhitelist{
+			input: CVEAllowlist{
 				ID:        2,
 				ProjectID: 3,
-				Items: []CVEWhitelistItem{
+				Items: []CVEAllowlistItem{
 					{CVEID: "CVE-1999-0067"},
 					{CVEID: "CVE-2016-7654321"},
 				},

src/common/models/pro_meta.go

@@ -25,7 +25,7 @@ const (
 	ProMetaPreventVul           = "prevent_vul" // prevent vulnerable images from being pulled
 	ProMetaSeverity             = "severity"
 	ProMetaAutoScan             = "auto_scan"
-	ProMetaReuseSysCVEWhitelist = "reuse_sys_cve_whitelist"
+	ProMetaReuseSysCVEAllowlist = "reuse_sys_cve_allowlist"
 )
 
 // ProjectMetadata holds the metadata of a project.

src/common/models/project.go

@@ -44,7 +44,7 @@ type Project struct {
 	RepoCount    int64             `orm:"-" json:"repo_count"`
 	ChartCount   uint64            `orm:"-" json:"chart_count"`
 	Metadata     map[string]string `orm:"-" json:"metadata"`
-	CVEWhitelist CVEWhitelist      `orm:"-" json:"cve_whitelist"`
+	CVEAllowlist CVEAllowlist      `orm:"-" json:"cve_allowlist"`
 	RegistryID   int64             `orm:"column(registry_id)" json:"registry_id"`
 }
 
@@ -93,9 +93,9 @@ func (p *Project) VulPrevented() bool {
 	return isTrue(prevent)
 }
 
-// ReuseSysCVEWhitelist ...
-func (p *Project) ReuseSysCVEWhitelist() bool {
-	r, ok := p.GetMetadata(ProMetaReuseSysCVEWhitelist)
+// ReuseSysCVEAllowlist ...
+func (p *Project) ReuseSysCVEAllowlist() bool {
+	r, ok := p.GetMetadata(ProMetaReuseSysCVEAllowlist)
 	if !ok {
 		return true
 	}
@@ -177,7 +177,7 @@ type ProjectRequest struct {
 	Name         string            `json:"project_name"`
 	Public       *int              `json:"public"` // deprecated, reserved for project creation in replication
 	Metadata     map[string]string `json:"metadata"`
-	CVEWhitelist CVEWhitelist      `json:"cve_whitelist"`
+	CVEAllowlist CVEAllowlist      `json:"cve_allowlist"`
 
 	StorageLimit *int64 `json:"storage_limit,omitempty"`
 	RegistryID   int64  `json:"registry_id"`

src/controller/event/handler/webhook/chart/chart_test.go

@@ -46,7 +46,7 @@ func TestChartPreprocessHandler_Handle(t *testing.T) {
 			models.ProMetaEnableContentTrust:   "true",
 			models.ProMetaPreventVul:           "true",
 			models.ProMetaSeverity:             "Low",
-			models.ProMetaReuseSysCVEWhitelist: "false",
+			models.ProMetaReuseSysCVEAllowlist: "false",
 		},
 	})
 	defer func(id int64) {

src/controller/project/controller.go

@@ -22,7 +22,7 @@ import (
 	"github.com/goharbor/harbor/src/lib/errors"
 	"github.com/goharbor/harbor/src/lib/log"
 	"github.com/goharbor/harbor/src/pkg/project"
-	"github.com/goharbor/harbor/src/pkg/scan/whitelist"
+	"github.com/goharbor/harbor/src/pkg/scan/allowlist"
 )
 
 var (
@@ -45,14 +45,14 @@ func NewController() Controller {
 	return &controller{
 		projectMgr:   project.Mgr,
 		metaMgr:      metamgr.NewDefaultProjectMetadataManager(),
-		whitelistMgr: whitelist.NewDefaultManager(),
+		allowlistMgr: allowlist.NewDefaultManager(),
 	}
 }
 
 type controller struct {
 	projectMgr   project.Manager
 	metaMgr      metamgr.ProjectMetadataManager
-	whitelistMgr whitelist.Manager
+	allowlistMgr allowlist.Manager
 }
 
 func (c *controller) Get(ctx context.Context, projectID int64, options ...Option) (*models.Project, error) {
@@ -114,23 +114,23 @@ func (c *controller) assembleProject(ctx context.Context, p *models.Project, opt
 		}
 	}
 
-	if opts.CVEWhitelist {
-		if p.ReuseSysCVEWhitelist() {
-			wl, err := c.whitelistMgr.GetSys()
+	if opts.CVEAllowlist {
+		if p.ReuseSysCVEAllowlist() {
+			wl, err := c.allowlistMgr.GetSys()
 			if err != nil {
-				log.Errorf("get system CVE whitelist failed, error: %v", err)
+				log.Errorf("get system CVE allowlist failed, error: %v", err)
 				return nil, err
 			}
 
 			wl.ProjectID = p.ProjectID
-			p.CVEWhitelist = *wl
+			p.CVEAllowlist = *wl
 		} else {
-			wl, err := c.whitelistMgr.Get(p.ProjectID)
+			wl, err := c.allowlistMgr.Get(p.ProjectID)
 			if err != nil {
 				return nil, err
 			}
 
-			p.CVEWhitelist = *wl
+			p.CVEAllowlist = *wl
 		}
 
 	}

src/controller/project/options.go

@@ -19,14 +19,14 @@ type Option func(*Options)
 
 // Options options used by `Get` method of `Controller`
 type Options struct {
-	CVEWhitelist bool // get project with cve whitelist
+	CVEAllowlist bool // get project with cve allowlist
 	Metadata     bool // get project with metadata
 }
 
-// CVEWhitelist set CVEWhitelist for the Options
-func CVEWhitelist(whitelist bool) Option {
+// CVEAllowlist set CVEAllowlist for the Options
+func CVEAllowlist(allowlist bool) Option {
 	return func(opts *Options) {
-		opts.CVEWhitelist = whitelist
+		opts.CVEAllowlist = allowlist
 	}
 }
 

src/controller/scan/checker.go

@@ -87,10 +87,10 @@ func (c *checker) IsScannable(ctx context.Context, art *artifact.Artifact) (bool
 // hasCapability returns true when scanner has capability for the artifact
 // See https://github.com/goharbor/pluggable-scanner-spec/issues/2 to get more info
 func hasCapability(r *models.Registration, a *artifact.Artifact) bool {
-	// use whitelist here because currently only docker image is supported by the scanner
+	// use allowlist here because currently only docker image is supported by the scanner
 	// https://github.com/goharbor/pluggable-scanner-spec/issues/2
-	whitelist := []string{image.ArtifactTypeImage}
-	for _, t := range whitelist {
+	allowlist := []string{image.ArtifactTypeImage}
+	for _, t := range allowlist {
 		if a.Type == t {
 			return r.HasCapability(a.ManifestMediaType)
 		}

src/core/api/harborapi_test.go

@@ -134,7 +134,7 @@ func init() {
 	beego.Router("/api/system/gc/:id([0-9]+)/log", &GCAPI{}, "get:GetLog")
 	beego.Router("/api/system/gc/schedule", &GCAPI{}, "get:Get;put:Put;post:Post")
 	beego.Router("/api/system/scanAll/schedule", &ScanAllAPI{}, "get:Get;put:Put;post:Post")
-	beego.Router("/api/system/CVEWhitelist", &SysCVEWhitelistAPI{}, "get:Get;put:Put")
+	beego.Router("/api/system/CVEAllowlist", &SysCVEAllowlistAPI{}, "get:Get;put:Put")
 	beego.Router("/api/system/oidc/ping", &OIDCAPI{}, "post:Ping")
 
 	beego.Router("/api/projects/:pid([0-9]+)/robots/", &RobotAPI{}, "post:Post;get:List")

src/core/api/project.go

@@ -513,7 +513,7 @@ func (p *ProjectAPI) Put() {
 	if err := p.ProjectMgr.Update(p.project.ProjectID,
 		&models.Project{
 			Metadata:     req.Metadata,
-			CVEWhitelist: req.CVEWhitelist,
+			CVEAllowlist: req.CVEAllowlist,
 		}); err != nil {
 		p.ParseAndHandleError(fmt.Sprintf("failed to update project %d",
 			p.project.ProjectID), err)

src/core/api/sys_cve_allowlist.go

@@ -19,18 +19,18 @@ import (
 	"fmt"
 	"github.com/goharbor/harbor/src/common/models"
 	"github.com/goharbor/harbor/src/lib/log"
-	"github.com/goharbor/harbor/src/pkg/scan/whitelist"
+	"github.com/goharbor/harbor/src/pkg/scan/allowlist"
 	"net/http"
 )
 
-// SysCVEWhitelistAPI Handles the requests to manage system level CVE whitelist
-type SysCVEWhitelistAPI struct {
+// SysCVEAllowlistAPI Handles the requests to manage system level CVE allowlist
+type SysCVEAllowlistAPI struct {
 	BaseController
-	manager whitelist.Manager
+	manager allowlist.Manager
 }
 
 // Prepare validates the request initially
-func (sca *SysCVEWhitelistAPI) Prepare() {
+func (sca *SysCVEAllowlistAPI) Prepare() {
 	sca.BaseController.Prepare()
 	if !sca.SecurityCtx.IsAuthenticated() {
 		sca.SendUnAuthorizedError(errors.New("Unauthorized"))
@@ -42,11 +42,11 @@ func (sca *SysCVEWhitelistAPI) Prepare() {
 		sca.SendForbiddenError(errors.New(msg))
 		return
 	}
-	sca.manager = whitelist.NewDefaultManager()
+	sca.manager = allowlist.NewDefaultManager()
 }
 
-// Get handles the GET request to retrieve the system level CVE whitelist
-func (sca *SysCVEWhitelistAPI) Get() {
+// Get handles the GET request to retrieve the system level CVE allowlist
+func (sca *SysCVEAllowlistAPI) Get() {
 	l, err := sca.manager.GetSys()
 	if err != nil {
 		sca.SendInternalServerError(err)
@@ -55,23 +55,23 @@ func (sca *SysCVEWhitelistAPI) Get() {
 	sca.WriteJSONData(l)
 }
 
-// Put handles the PUT request to update the system level CVE whitelist
-func (sca *SysCVEWhitelistAPI) Put() {
-	var l models.CVEWhitelist
+// Put handles the PUT request to update the system level CVE allowlist
+func (sca *SysCVEAllowlistAPI) Put() {
+	var l models.CVEAllowlist
 	if err := sca.DecodeJSONReq(&l); err != nil {
 		log.Errorf("Failed to decode JSON array from request")
 		sca.SendBadRequestError(err)
 		return
 	}
 	if l.ProjectID != 0 {
-		msg := fmt.Sprintf("Non-zero project ID for system CVE whitelist: %d.", l.ProjectID)
+		msg := fmt.Sprintf("Non-zero project ID for system CVE allowlist: %d.", l.ProjectID)
 		log.Error(msg)
 		sca.SendBadRequestError(errors.New(msg))
 		return
 	}
 	if err := sca.manager.SetSys(l); err != nil {
-		if whitelist.IsInvalidErr(err) {
-			log.Errorf("Invalid CVE whitelist: %v", err)
+		if allowlist.IsInvalidErr(err) {
+			log.Errorf("Invalid CVE allowlist: %v", err)
 			sca.SendBadRequestError(err)
 			return
 		}

src/core/api/sys_cve_allowlist_test.go

@@ -19,8 +19,8 @@ import (
 	"testing"
 )
 
-func TestSysCVEWhitelistAPIGet(t *testing.T) {
-	url := "/api/system/CVEWhitelist"
+func TestSysCVEAllowlistAPIGet(t *testing.T) {
+	url := "/api/system/CVEAllowlist"
 	cases := []*codeCheckingCase{
 		// 401
 		{
@@ -43,8 +43,8 @@ func TestSysCVEWhitelistAPIGet(t *testing.T) {
 	runCodeCheckingCases(t, cases...)
 }
 
-func TestSysCVEWhitelistAPIPut(t *testing.T) {
-	url := "/api/system/CVEWhitelist"
+func TestSysCVEAllowlistAPIPut(t *testing.T) {
+	url := "/api/system/CVEAllowlist"
 	s := int64(1573254000)
 	cases := []*codeCheckingCase{
 		// 401
@@ -79,9 +79,9 @@ func TestSysCVEWhitelistAPIPut(t *testing.T) {
 			request: &testingRequest{
 				method: http.MethodPut,
 				url:    url,
-				bodyJSON: models.CVEWhitelist{
+				bodyJSON: models.CVEAllowlist{
 					ExpiresAt: &s,
-					Items: []models.CVEWhitelistItem{
+					Items: []models.CVEAllowlistItem{
 						{CVEID: "CVE-2019-12310"},
 					},
 					ProjectID: 2,
@@ -95,9 +95,9 @@ func TestSysCVEWhitelistAPIPut(t *testing.T) {
 			request: &testingRequest{
 				method: http.MethodPut,
 				url:    url,
-				bodyJSON: models.CVEWhitelist{
+				bodyJSON: models.CVEAllowlist{
 					ExpiresAt: &s,
-					Items: []models.CVEWhitelistItem{
+					Items: []models.CVEAllowlistItem{
 						{CVEID: "CVE-2019-12310"},
 						{CVEID: "CVE-2019-12310"},
 					},
@@ -111,9 +111,9 @@ func TestSysCVEWhitelistAPIPut(t *testing.T) {
 			request: &testingRequest{
 				method: http.MethodPut,
 				url:    url,
-				bodyJSON: models.CVEWhitelist{
+				bodyJSON: models.CVEAllowlist{
 					ExpiresAt: &s,
-					Items: []models.CVEWhitelistItem{
+					Items: []models.CVEAllowlistItem{
 						{CVEID: "CVE-2019-12310"},
 						{CVEID: "RHSA-2019:2237"},
 					},

src/core/promgr/promgr.go

@@ -16,7 +16,7 @@ package promgr
 
 import (
 	"fmt"
-	"github.com/goharbor/harbor/src/pkg/scan/whitelist"
+	"github.com/goharbor/harbor/src/pkg/scan/allowlist"
 	"strconv"
 
 	"github.com/goharbor/harbor/src/common/models"
@@ -47,7 +47,7 @@ type defaultProjectManager struct {
 	pmsDriver      pmsdriver.PMSDriver
 	metaMgrEnabled bool // if metaMgrEnabled is enabled, metaMgr will be used to CURD metadata
 	metaMgr        metamgr.ProjectMetadataManager
-	whitelistMgr   whitelist.Manager
+	allowlistMgr   allowlist.Manager
 }
 
 // NewDefaultProjectManager returns an instance of defaultProjectManager,
@@ -60,7 +60,7 @@ func NewDefaultProjectManager(driver pmsdriver.PMSDriver, metaMgrEnabled bool) P
 	}
 	if metaMgrEnabled {
 		mgr.metaMgr = metamgr.NewDefaultProjectMetadataManager()
-		mgr.whitelistMgr = whitelist.NewDefaultManager()
+		mgr.allowlistMgr = allowlist.NewDefaultManager()
 	}
 	return mgr
 }
@@ -82,11 +82,11 @@ func (d *defaultProjectManager) Get(projectIDOrName interface{}) (*models.Projec
 		for k, v := range meta {
 			project.Metadata[k] = v
 		}
-		wl, err := d.whitelistMgr.Get(project.ProjectID)
+		wl, err := d.allowlistMgr.Get(project.ProjectID)
 		if err != nil {
 			return nil, err
 		}
-		project.CVEWhitelist = *wl
+		project.CVEAllowlist = *wl
 	}
 	return project, nil
 }
@@ -96,7 +96,7 @@ func (d *defaultProjectManager) Create(project *models.Project) (int64, error) {
 		return 0, err
 	}
 	if d.metaMgrEnabled {
-		d.whitelistMgr.CreateEmpty(id)
+		d.allowlistMgr.CreateEmpty(id)
 		if len(project.Metadata) > 0 {
 			if err = d.metaMgr.Add(id, project.Metadata); err != nil {
 				log.Errorf("failed to add metadata for project %s: %v", project.Name, err)
@@ -132,7 +132,7 @@ func (d *defaultProjectManager) Update(projectIDOrName interface{}, project *mod
 	}
 	// TODO transaction?
 	if d.metaMgrEnabled {
-		if err := d.whitelistMgr.Set(pro.ProjectID, project.CVEWhitelist); err != nil {
+		if err := d.allowlistMgr.Set(pro.ProjectID, project.CVEAllowlist); err != nil {
 			return err
 		}
 		if len(project.Metadata) > 0 {
@@ -195,7 +195,7 @@ func (d *defaultProjectManager) List(query *models.ProjectQueryParam) (*models.P
 			project.Metadata = meta
 		}
 	}
-	// the whitelist is not populated deliberately
+	// the allowlist is not populated deliberately
 	return result, nil
 }
 

src/pkg/scan/allowlist/manager.go

@@ -0,0 +1,92 @@
+// Copyright Project Harbor Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package allowlist
+
+import (
+	"github.com/goharbor/harbor/src/common/dao"
+	"github.com/goharbor/harbor/src/common/models"
+	"github.com/goharbor/harbor/src/jobservice/logger"
+	"github.com/goharbor/harbor/src/lib/log"
+)
+
+// Manager defines the interface of CVE allowlist manager, it support both system level and project level allowlists
+type Manager interface {
+	// CreateEmpty creates empty allowlist for given project
+	CreateEmpty(projectID int64) error
+	// Set sets the allowlist for given project (create or update)
+	Set(projectID int64, list models.CVEAllowlist) error
+	// Get gets the allowlist for given project
+	Get(projectID int64) (*models.CVEAllowlist, error)
+	// SetSys sets system level allowlist
+	SetSys(list models.CVEAllowlist) error
+	// GetSys gets system level allowlist
+	GetSys() (*models.CVEAllowlist, error)
+}
+
+type defaultManager struct{}
+
+// CreateEmpty creates empty allowlist for given project
+func (d *defaultManager) CreateEmpty(projectID int64) error {
+	l := models.CVEAllowlist{
+		ProjectID: projectID,
+		Items:     []models.CVEAllowlistItem{},
+	}
+	_, err := dao.CreateCVEAllowlist(l)
+	if err != nil {
+		logger.Errorf("Failed to create empty CVE allowlist for project: %d, error: %v", projectID, err)
+	}
+	return err
+}
+
+// Set sets the allowlist for given project (create or update)
+func (d *defaultManager) Set(projectID int64, list models.CVEAllowlist) error {
+	list.ProjectID = projectID
+	if err := Validate(list); err != nil {
+		return err
+	}
+	_, err := dao.UpdateCVEAllowlist(list)
+	return err
+}
+
+// Get gets the allowlist for given project
+func (d *defaultManager) Get(projectID int64) (*models.CVEAllowlist, error) {
+	wl, err := dao.GetCVEAllowlist(projectID)
+	if err != nil {
+		return nil, err
+	}
+
+	if wl == nil {
+		log.Debugf("No CVE allowlist found for project %d, returning empty list.", projectID)
+		wl = &models.CVEAllowlist{ProjectID: projectID, Items: []models.CVEAllowlistItem{}}
+	} else if wl.Items == nil {
+		wl.Items = []models.CVEAllowlistItem{}
+	}
+	return wl, nil
+}
+
+// SetSys sets the system level allowlist
+func (d *defaultManager) SetSys(list models.CVEAllowlist) error {
+	return d.Set(0, list)
+}
+
+// GetSys gets the system level allowlist
+func (d *defaultManager) GetSys() (*models.CVEAllowlist, error) {
+	return d.Get(0)
+}
+
+// NewDefaultManager return a new instance of defaultManager
+func NewDefaultManager() Manager {
+	return &defaultManager{}
+}

src/pkg/scan/allowlist/manager_test.go

@@ -1,4 +1,4 @@
-package whitelist
+package allowlist
 
 import (
 	"github.com/goharbor/harbor/src/common/dao"

src/pkg/scan/allowlist/validator.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package whitelist
+package allowlist
 
 import (
 	"fmt"
@@ -42,8 +42,8 @@ func IsInvalidErr(err error) bool {
 
 const cveIDPattern = `^CVE-\d{4}-\d+$`
 
-// Validate help validates the CVE whitelist, to ensure the CVE ID is valid and there's no duplication
-func Validate(wl models.CVEWhitelist) error {
+// Validate help validates the CVE allowlist, to ensure the CVE ID is valid and there's no duplication
+func Validate(wl models.CVEAllowlist) error {
 	m := map[string]struct{}{}
 	//	re := regexp.MustCompile(cveIDPattern)
 	for _, it := range wl.Items {
@@ -52,7 +52,7 @@ func Validate(wl models.CVEWhitelist) error {
 		//			return &invalidErr{fmt.Sprintf("invalid CVE ID: %s", it.CVEID)}
 		//		}
 		if _, ok := m[it.CVEID]; ok {
-			return &invalidErr{fmt.Sprintf("duplicate CVE ID in whitelist: %s", it.CVEID)}
+			return &invalidErr{fmt.Sprintf("duplicate CVE ID in allowlist: %s", it.CVEID)}
 		}
 		m[it.CVEID] = struct{}{}
 	}

src/pkg/scan/allowlist/validator_test.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package whitelist
+package allowlist
 
 import (
 	"fmt"
@@ -48,24 +48,24 @@ func TestIsInvalidErr(t *testing.T) {
 
 func TestValidate(t *testing.T) {
 	cases := []struct {
-		l       models.CVEWhitelist
+		l       models.CVEAllowlist
 		noError bool
 	}{
 		{
-			l: models.CVEWhitelist{
+			l: models.CVEAllowlist{
 				Items: nil,
 			},
 			noError: true,
 		},
 		{
-			l: models.CVEWhitelist{
-				Items: []models.CVEWhitelistItem{},
+			l: models.CVEAllowlist{
+				Items: []models.CVEAllowlistItem{},
 			},
 			noError: true,
 		},
 		{
-			l: models.CVEWhitelist{
-				Items: []models.CVEWhitelistItem{
+			l: models.CVEAllowlist{
+				Items: []models.CVEAllowlistItem{
 					{CVEID: "breakit"},
 					{CVEID: "breakit"},
 				},
@@ -73,8 +73,8 @@ func TestValidate(t *testing.T) {
 			noError: false,
 		},
 		{
-			l: models.CVEWhitelist{
-				Items: []models.CVEWhitelistItem{
+			l: models.CVEAllowlist{
+				Items: []models.CVEAllowlistItem{
 					{CVEID: "CVE-2014-456132"},
 					{CVEID: "CVE-2014-7654321"},
 				},
@@ -82,8 +82,8 @@ func TestValidate(t *testing.T) {
 			noError: true,
 		},
 		{
-			l: models.CVEWhitelist{
-				Items: []models.CVEWhitelistItem{
+			l: models.CVEAllowlist{
+				Items: []models.CVEAllowlistItem{
 					{CVEID: "CVE-2014-456132"},
 					{CVEID: "CVE-2014-456132"},
 					{CVEID: "CVE-2014-7654321"},

src/pkg/scan/report/summary.go

@@ -24,7 +24,7 @@ import (
 	"github.com/goharbor/harbor/src/pkg/scan/vuln"
 )
 
-// CVESet defines the CVE whitelist with a hash set way for easy query.
+// CVESet defines the CVE allowlist with a hash set way for easy query.
 type CVESet map[string]struct{}
 
 // Contains checks whether the specified CVE is in the set or not.
@@ -39,16 +39,16 @@ type Options struct {
 	// If it is set, the returned report will contains artifact digest for the vulnerabilities
 	ArtifactDigest string
 	// If it is set, the returned summary will not count the CVEs in the list in.
-	CVEWhitelist CVESet
+	CVEAllowlist CVESet
 }
 
 // Option for getting the report w/ summary with func template way.
 type Option func(options *Options)
 
-// WithCVEWhitelist is an option of setting CVE whitelist.
-func WithCVEWhitelist(set *CVESet) Option {
+// WithCVEAllowlist is an option of setting CVE allowlist.
+func WithCVEAllowlist(set *CVESet) Option {
 	return func(options *Options) {
-		options.CVEWhitelist = *set
+		options.CVEAllowlist = *set
 	}
 }
 
@@ -127,7 +127,7 @@ func GenerateNativeSummary(r *scan.Report, options ...Option) (interface{}, erro
 	if sum.Duration < 0 {
 		sum.Duration = 0
 	}
-	if len(ops.CVEWhitelist) > 0 {
+	if len(ops.CVEAllowlist) > 0 {
 		sum.CVEBypassed = make([]string, 0)
 	}
 
@@ -170,11 +170,11 @@ func GenerateNativeSummary(r *scan.Report, options ...Option) (interface{}, erro
 
 	overallSev := vuln.None
 	for _, v := range rp.Vulnerabilities {
-		if len(ops.CVEWhitelist) > 0 && ops.CVEWhitelist.Contains(v.ID) {
-			// If whitelist is set, then check if we need to bypass it
+		if len(ops.CVEAllowlist) > 0 && ops.CVEAllowlist.Contains(v.ID) {
+			// If allowlist is set, then check if we need to bypass it
 			// Reduce the total
 			vsum.Total--
-			// Append the by passed CVEs specified in the whitelist
+			// Append the by passed CVEs specified in the allowlist
 			sum.CVEBypassed = append(sum.CVEBypassed, v.ID)
 
 			continue
@@ -199,7 +199,7 @@ func GenerateNativeSummary(r *scan.Report, options ...Option) (interface{}, erro
 	sum.Summary = vsum
 
 	// Override the overall severity of the filtered list if needed.
-	if len(ops.CVEWhitelist) > 0 {
+	if len(ops.CVEAllowlist) > 0 {
 		sum.Severity = overallSev
 	}
 

src/pkg/scan/report/summary_test.go

@@ -111,7 +111,7 @@ func (suite *SummaryTestSuite) TestSummaryGenerateSummaryWithOptions() {
 	cveSet := make(CVESet)
 	cveSet["2019-0980-0909"] = struct{}{}
 
-	summaries, err := GenerateSummary(suite.r, WithCVEWhitelist(&cveSet))
+	summaries, err := GenerateSummary(suite.r, WithCVEAllowlist(&cveSet))
 	require.NoError(suite.T(), err)
 	require.NotNil(suite.T(), summaries)
 

src/pkg/scan/vuln/severity.go

@@ -21,7 +21,7 @@ import (
 const (
 	// None - only used to mark the overall severity of the scanned artifacts,
 	// means no vulnerabilities attached with the artifacts,
-	// (might be bypassed by the CVE whitelist).
+	// (might be bypassed by the CVE allowlist).
 	None Severity = "None"
 	// Unknown - either a security problem that has not been assigned to a priority yet or
 	// a priority that the scanner did not recognize.

src/pkg/scan/whitelist/manager.go

@@ -1,92 +0,0 @@
-// Copyright Project Harbor Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//    http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package whitelist
-
-import (
-	"github.com/goharbor/harbor/src/common/dao"
-	"github.com/goharbor/harbor/src/common/models"
-	"github.com/goharbor/harbor/src/jobservice/logger"
-	"github.com/goharbor/harbor/src/lib/log"
-)
-
-// Manager defines the interface of CVE whitelist manager, it support both system level and project level whitelists
-type Manager interface {
-	// CreateEmpty creates empty whitelist for given project
-	CreateEmpty(projectID int64) error
-	// Set sets the whitelist for given project (create or update)
-	Set(projectID int64, list models.CVEWhitelist) error
-	// Get gets the whitelist for given project
-	Get(projectID int64) (*models.CVEWhitelist, error)
-	// SetSys sets system level whitelist
-	SetSys(list models.CVEWhitelist) error
-	// GetSys gets system level whitelist
-	GetSys() (*models.CVEWhitelist, error)
-}
-
-type defaultManager struct{}
-
-// CreateEmpty creates empty whitelist for given project
-func (d *defaultManager) CreateEmpty(projectID int64) error {
-	l := models.CVEWhitelist{
-		ProjectID: projectID,
-		Items:     []models.CVEWhitelistItem{},
-	}
-	_, err := dao.CreateCVEWhitelist(l)
-	if err != nil {
-		logger.Errorf("Failed to create empty CVE whitelist for project: %d, error: %v", projectID, err)
-	}
-	return err
-}
-
-// Set sets the whitelist for given project (create or update)
-func (d *defaultManager) Set(projectID int64, list models.CVEWhitelist) error {
-	list.ProjectID = projectID
-	if err := Validate(list); err != nil {
-		return err
-	}
-	_, err := dao.UpdateCVEWhitelist(list)
-	return err
-}
-
-// Get gets the whitelist for given project
-func (d *defaultManager) Get(projectID int64) (*models.CVEWhitelist, error) {
-	wl, err := dao.GetCVEWhitelist(projectID)
-	if err != nil {
-		return nil, err
-	}
-
-	if wl == nil {
-		log.Debugf("No CVE whitelist found for project %d, returning empty list.", projectID)
-		wl = &models.CVEWhitelist{ProjectID: projectID, Items: []models.CVEWhitelistItem{}}
-	} else if wl.Items == nil {
-		wl.Items = []models.CVEWhitelistItem{}
-	}
-	return wl, nil
-}
-
-// SetSys sets the system level whitelist
-func (d *defaultManager) SetSys(list models.CVEWhitelist) error {
-	return d.Set(0, list)
-}
-
-// GetSys gets the system level whitelist
-func (d *defaultManager) GetSys() (*models.CVEWhitelist, error) {
-	return d.Get(0)
-}
-
-// NewDefaultManager return a new instance of defaultManager
-func NewDefaultManager() Manager {
-	return &defaultManager{}
-}

src/portal/src/i18n/lang/en-us-lang.json

@@ -1208,24 +1208,24 @@
         "TIP_REPO": "A repository name is broken up into path components. A component of a repository name must be at least one lowercase, alpha-numeric characters, optionally separated by periods, dashes or underscores. More strictly, it must match the regular expression [a-z0-9]+(?:[._-][a-z0-9]+)*.If a repository name has two or more path components, they must be separated by a forward slash ('/').The total length of a repository name, including slashes, must be less the 256 characters.",
         "TIP_TAG": "A tag is a label applied to a Docker image in a repository. Tags are how various images in a repository are distinguished from each other.It need to match Regex: (`[\\w][\\w.-]{0,127}`)"
     },
-    "CVE_WHITELIST": {
+    "CVE_ALLOWLIST": {
         "DEPLOYMENT_SECURITY": "Deployment security",
-        "CVE_WHITELIST": "CVE whitelist",
-        "SYS_WHITELIST_EXPLAIN": "System whitelist allows vulnerabilities in this list to be ignored when calculating the vulnerability of an image.",
-        "ADD_SYS": "Add CVE IDs to the system whitelist",
-        "WARNING_SYS": "The system CVE whitelist has expired. You can enable the whitelist by extending the expiration date.",
-        "WARNING_PRO": "The project CVE whitelist has expired. You can enable the whitelist by extending the expiration date.",
+        "CVE_ALLOWLIST": "CVE allowlist",
+        "SYS_ALLOWLIST_EXPLAIN": "System allowlist allows vulnerabilities in this list to be ignored when calculating the vulnerability of an image.",
+        "ADD_SYS": "Add CVE IDs to the system allowlist",
+        "WARNING_SYS": "The system CVE allowlist has expired. You can enable the allowlist by extending the expiration date.",
+        "WARNING_PRO": "The project CVE allowlist has expired. You can enable the allowlist by extending the expiration date.",
         "ADD": "ADD",
         "ENTER": "Enter CVE ID(s)",
         "HELP": "Separator: commas or newline characters",
         "NONE": "None",
         "EXPIRES_AT": "Expires at",
         "NEVER_EXPIRES": "Never expires",
-        "PRO_WHITELIST_EXPLAIN": "Project whitelist allows vulnerabilities in this list to be ignored in this project when pushing and pulling images.",
-        "PRO_OR_SYS": "You can either use the default whitelist configured at the system level or click on 'Project whitelist' to create a new whitelist",
-        "MERGE_INTO": "Add individual CVE IDs before clicking 'COPY FROM SYSTEM' to add system whitelist as well.",
-        "SYS_WHITELIST": "System whitelist",
-        "PRO_WHITELIST": "Project whitelist",
+        "PRO_ALLOWLIST_EXPLAIN": "Project allowlist allows vulnerabilities in this list to be ignored in this project when pushing and pulling images.",
+        "PRO_OR_SYS": "You can either use the default allowlist configured at the system level or click on 'Project allowlist' to create a new allowlist",
+        "MERGE_INTO": "Add individual CVE IDs before clicking 'COPY FROM SYSTEM' to add system allowlist as well.",
+        "SYS_ALLOWLIST": "System allowlist",
+        "PRO_ALLOWLIST": "Project allowlist",
         "ADD_SYSTEM": "COPY FROM SYSTEM"
     },
     "TAG_RETENTION": {

src/portal/src/i18n/lang/es-es-lang.json

@@ -1206,24 +1206,24 @@
         "TIP_REPO": "A repository name is broken up into path components. A component of a repository name must be at least one lowercase, alpha-numeric characters, optionally separated by periods, dashes or underscores. More strictly, it must match the regular expression [a-z0-9]+(?:[._-][a-z0-9]+)*.If a repository name has two or more path components, they must be separated by a forward slash ('/').The total length of a repository name, including slashes, must be less the 256 characters.",
         "TIP_TAG": "A tag is a label applied to a Docker image in a repository. Tags are how various images in a repository are distinguished from each other.It need to match Regex: (`[\\w][\\w.-]{0,127}`)"
     },
-    "CVE_WHITELIST": {
+    "CVE_ALLOWLIST": {
         "DEPLOYMENT_SECURITY": "Deployment security",
-        "CVE_WHITELIST": "CVE whitelist",
-        "SYS_WHITELIST_EXPLAIN": "System whitelist allows vulnerabilities in this list to be ignored when calculating the vulnerability of an image.",
-        "ADD_SYS": "Add CVE IDs to the system whitelist",
-        "WARNING_SYS": "The system CVE whitelist has expired. You can enable the whitelist by extending the expiration date.",
-        "WARNING_PRO": "The project CVE whitelist has expired. You can enable the whitelist by extending the expiration date.",
+        "CVE_ALLOWLIST": "CVE allowlist",
+        "SYS_ALLOWLIST_EXPLAIN": "System allowlist allows vulnerabilities in this list to be ignored when calculating the vulnerability of an image.",
+        "ADD_SYS": "Add CVE IDs to the system allowlist",
+        "WARNING_SYS": "The system CVE allowlist has expired. You can enable the allowlist by extending the expiration date.",
+        "WARNING_PRO": "The project CVE allowlist has expired. You can enable the allowlist by extending the expiration date.",
         "ADD": "ADD",
         "ENTER": "Enter CVE ID(s)",
         "HELP": "Separator: commas or newline characters",
         "NONE": "None",
         "EXPIRES_AT": "Expires at",
         "NEVER_EXPIRES": "Never expires",
-        "PRO_WHITELIST_EXPLAIN": "Project whitelist allows vulnerabilities in this list to be ignored in this project when pushing and pulling images.",
-        "PRO_OR_SYS": "You can either use the default whitelist configured at the system level or click on 'Project whitelist' to create a new whitelist",
-        "MERGE_INTO": "Add individual CVE IDs before clicking 'COPY FROM SYSTEM' to add system whitelist as well.",
-        "SYS_WHITELIST": "System whitelist",
-        "PRO_WHITELIST": "Project whitelist",
+        "PRO_ALLOWLIST_EXPLAIN": "Project allowlist allows vulnerabilities in this list to be ignored in this project when pushing and pulling images.",
+        "PRO_OR_SYS": "You can either use the default allowlist configured at the system level or click on 'Project allowlist' to create a new allowlist",
+        "MERGE_INTO": "Add individual CVE IDs before clicking 'COPY FROM SYSTEM' to add system allowlist as well.",
+        "SYS_ALLOWLIST": "System allowlist",
+        "PRO_ALLOWLIST": "Project allowlist",
         "ADD_SYSTEM": "COPY FROM SYSTEM"
     },
     "TAG_RETENTION": {

src/portal/src/i18n/lang/fr-fr-lang.json

@@ -1176,24 +1176,24 @@
         "TIP_REPO": "A repository name is broken up into path components. A component of a repository name must be at least one lowercase, alpha-numeric characters, optionally separated by periods, dashes or underscores. More strictly, it must match the regular expression [a-z0-9]+(?:[._-][a-z0-9]+)*.If a repository name has two or more path components, they must be separated by a forward slash ('/').The total length of a repository name, including slashes, must be less the 256 characters.",
         "TIP_TAG": "A tag is a label applied to a Docker image in a repository. Tags are how various images in a repository are distinguished from each other.It need to match Regex: (`[\\w][\\w.-]{0,127}`)"
     },
-    "CVE_WHITELIST": {
+    "CVE_ALLOWLIST": {
         "DEPLOYMENT_SECURITY": "Deployment security",
-        "CVE_WHITELIST": "CVE whitelist",
-        "SYS_WHITELIST_EXPLAIN": "System whitelist allows vulnerabilities in this list to be ignored when calculating the vulnerability of an image.",
-        "ADD_SYS": "Add CVE IDs to the system whitelist",
-        "WARNING_SYS": "The system CVE whitelist has expired. You can enable the whitelist by extending the expiration date.",
-        "WARNING_PRO": "The project CVE whitelist has expired. You can enable the whitelist by extending the expiration date.",
+        "CVE_ALLOWLIST": "CVE allowlist",
+        "SYS_ALLOWLIST_EXPLAIN": "System allowlist allows vulnerabilities in this list to be ignored when calculating the vulnerability of an image.",
+        "ADD_SYS": "Add CVE IDs to the system allowlist",
+        "WARNING_SYS": "The system CVE allowlist has expired. You can enable the allowlist by extending the expiration date.",
+        "WARNING_PRO": "The project CVE allowlist has expired. You can enable the allowlist by extending the expiration date.",
         "ADD": "ADD",
         "ENTER": "Enter CVE ID(s)",
         "HELP": "Separator: commas or newline characters",
         "NONE": "None",
         "EXPIRES_AT": "Expires at",
         "NEVER_EXPIRES": "Never expires",
-        "PRO_WHITELIST_EXPLAIN": "Project whitelist allows vulnerabilities in this list to be ignored in this project when pushing and pulling images.",
-        "PRO_OR_SYS": "You can either use the default whitelist configured at the system level or click on 'Project whitelist' to create a new whitelist",
-        "MERGE_INTO": "Add individual CVE IDs before clicking 'COPY FROM SYSTEM' to add system whitelist as well.",
-        "SYS_WHITELIST": "System whitelist",
-        "PRO_WHITELIST": "Project whitelist",
+        "PRO_ALLOWLIST_EXPLAIN": "Project allowlist allows vulnerabilities in this list to be ignored in this project when pushing and pulling images.",
+        "PRO_OR_SYS": "You can either use the default allowlist configured at the system level or click on 'Project allowlist' to create a new allowlist",
+        "MERGE_INTO": "Add individual CVE IDs before clicking 'COPY FROM SYSTEM' to add system allowlist as well.",
+        "SYS_ALLOWLIST": "System allowlist",
+        "PRO_ALLOWLIST": "Project allowlist",
         "ADD_SYSTEM": "COPY FROM SYSTEM"
     },
     "TAG_RETENTION": {

src/portal/src/i18n/lang/pt-br-lang.json

@@ -1204,24 +1204,24 @@
         "TIP_REPO": "A repository name is broken up into path components. A component of a repository name must be at least one lowercase, alpha-numeric characters, optionally separated by periods, dashes or underscores. More strictly, it must match the regular expression [a-z0-9]+(?:[._-][a-z0-9]+)*.If a repository name has two or more path components, they must be separated by a forward slash ('/').The total length of a repository name, including slashes, must be less the 256 characters.",
         "TIP_TAG": "A tag is a label applied to a Docker image in a repository. Tags are how various images in a repository are distinguished from each other.It need to match Regex: (`[\\w][\\w.-]{0,127}`)"
     },
-    "CVE_WHITELIST": {
+    "CVE_ALLOWLIST": {
         "DEPLOYMENT_SECURITY": "Deployment security",
-        "CVE_WHITELIST": "CVE whitelist",
-        "SYS_WHITELIST_EXPLAIN": "System whitelist allows vulnerabilities in this list to be ignored when calculating the vulnerability of an image.",
-        "ADD_SYS": "Add CVE IDs to the system whitelist",
-        "WARNING_SYS": "The system CVE whitelist has expired. You can enable the whitelist by extending the expiration date.",
-        "WARNING_PRO": "The project CVE whitelist has expired. You can enable the whitelist by extending the expiration date.",
+        "CVE_ALLOWLIST": "CVE allowlist",
+        "SYS_ALLOWLIST_EXPLAIN": "System allowlist allows vulnerabilities in this list to be ignored when calculating the vulnerability of an image.",
+        "ADD_SYS": "Add CVE IDs to the system allowlist",
+        "WARNING_SYS": "The system CVE allowlist has expired. You can enable the allowlist by extending the expiration date.",
+        "WARNING_PRO": "The project CVE allowlist has expired. You can enable the allowlist by extending the expiration date.",
         "ADD": "ADD",
         "ENTER": "Enter CVE ID(s)",
         "HELP": "Separator: commas or newline characters",
         "NONE": "None",
         "EXPIRES_AT": "Expires at",
         "NEVER_EXPIRES": "Never expires",
-        "PRO_WHITELIST_EXPLAIN": "Project whitelist allows vulnerabilities in this list to be ignored in this project when pushing and pulling images.",
-        "PRO_OR_SYS": "You can either use the default whitelist configured at the system level or click on 'Project whitelist' to create a new whitelist",
-        "MERGE_INTO": "Add individual CVE IDs before clicking 'COPY FROM SYSTEM' to add system whitelist as well.",
-        "SYS_WHITELIST": "System whitelist",
-        "PRO_WHITELIST": "Project whitelist",
+        "PRO_ALLOWLIST_EXPLAIN": "Project allowlist allows vulnerabilities in this list to be ignored in this project when pushing and pulling images.",
+        "PRO_OR_SYS": "You can either use the default allowlist configured at the system level or click on 'Project allowlist' to create a new allowlist",
+        "MERGE_INTO": "Add individual CVE IDs before clicking 'COPY FROM SYSTEM' to add system allowlist as well.",
+        "SYS_ALLOWLIST": "System allowlist",
+        "PRO_ALLOWLIST": "Project allowlist",
         "ADD_SYSTEM": "COPY FROM SYSTEM"
     },
     "TAG_RETENTION": {

src/portal/src/i18n/lang/tr-tr-lang.json

@@ -1208,10 +1208,10 @@
         "TIP_REPO": "Bir depo adı yol bileşenlerine bölünmüştür. Depo adının bir bileşeni, isteğe bağlı olarak nokta, kısa çizgi veya alt çizgi ile ayrılmış en az bir küçük harf, alfa sayısal karakterler olmalıdır. Daha kesin olarak, [a-z0-9] + (?: [._-] [a-z0-9] +) * normal ifadesiyle eşleşmelidir. Eğer bir depo adı iki veya daha fazla yol bileşenine sahipse, eğik çizgi ile ayrılmış ('/').Eğik çizgi içeren bir depo adının toplam uzunluğu, 256 karakterden az olmalıdır.",
         "TIP_TAG": "Etiket, bir depodaki Docker imajına uygulanan bir etikettir. Etiketler, bir depodaki çeşitli imajların birbirlerinden nasıl ayırt edildikleridir. Regex ile eşleşmesi gerekir: (`[\\ w] [\\ w .-] {0,127}`)"
     },
-    "CVE_WHITELIST": {
+    "CVE_ALLOWLIST": {
         "DEPLOYMENT_SECURITY": "Dağıtım güvenliği",
-        "CVE_WHITELIST": "CVE beyaz listesi",
-        "SYS_WHITELIST_EXPLAIN": "Sistem beyaz listesi, bir görüntünün güvenlik açığını hesaplarken bu listedeki güvenlik açıklarının göz ardı edilmesine izin verir.",
+        "CVE_ALLOWLIST": "CVE beyaz listesi",
+        "SYS_ALLOWLIST_EXPLAIN": "Sistem beyaz listesi, bir görüntünün güvenlik açığını hesaplarken bu listedeki güvenlik açıklarının göz ardı edilmesine izin verir.",
         "ADD_SYS": "Sistemin beyaz listesine CVE kimlikleri ekle",
         "WARNING_SYS": "Sistem CVE beyaz listesinin süresi doldu. Beyaz listeyi son kullanma tarihini uzatarak etkinleştirebilirsiniz.",
         "WARNING_PRO": "Proje CVE beyaz listesinin süresi doldu. Beyaz listeyi son kullanma tarihini uzatarak etkinleştirebilirsiniz.",
@@ -1221,11 +1221,11 @@
         "NONE": "Hiç",
         "EXPIRES_AT": "Sonunda sona eriyor",
         "NEVER_EXPIRES": "Hiçbir zaman sona ermez",
-        "PRO_WHITELIST_EXPLAIN": "Proje beyaz listesi, görüntüleri iterken ve çekerken bu listedeki güvenlik açıklarının bu projede göz ardı edilmesine izin verir.",
+        "PRO_ALLOWLIST_EXPLAIN": "Proje beyaz listesi, görüntüleri iterken ve çekerken bu listedeki güvenlik açıklarının bu projede göz ardı edilmesine izin verir.",
         "PRO_OR_SYS": "Sistemin beyaz listesini olduğu gibi kullanın veya yeni bir beyaz liste oluşturmak için “Proje beyaz listesini” seçin.",
         "MERGE_INTO": "Sistemin beyaz listesini bu projeye dahil edin, bireysel CVE ID'leri ekleyin.",
-        "SYS_WHITELIST": "Sistem beyaz listesi",
-        "PRO_WHITELIST": "Proje beyaz listesi",
+        "SYS_ALLOWLIST": "Sistem beyaz listesi",
+        "PRO_ALLOWLIST": "Proje beyaz listesi",
         "ADD_SYSTEM": "SİSTEM EKLE"
     },
     "TAG_RETENTION": {

src/portal/src/i18n/lang/zh-cn-lang.json

@@ -1205,25 +1205,25 @@
         "TIP_REPO": "镜像仓库名被分解为路径组件。仓库名必须至少有一个小写字母、字母数字字符，可选句点、破折号或下划线分隔。严格意义上说，它必须匹配正则表达式[a-z0-9]+(?[.-][a-z0-9]+)*.如果仓库名有两个或多个路径组件，则它们必须用正斜杠('/')分隔。包括斜杠在内的仓库名的总长度必须小于256个字符。",
         "TIP_TAG": "Tag 是应用于存储库中的 Docker 映像的一种标签，它用于区分多种镜像。它需要匹配 Regex：([\\w][\\w.-]{0,127})"
     },
-    "CVE_WHITELIST": {
+    "CVE_ALLOWLIST": {
         "DEPLOYMENT_SECURITY": "部署安全性",
-        "CVE_WHITELIST": "CVE白名单",
-        "SYS_WHITELIST_EXPLAIN": "在计算镜像的的安全性漏洞时，在系统的CVE白名单中的漏洞将会被忽略。",
-        "ADD_SYS": "可添加一条或多条CVE ID至系统的CVE白名单中",
-        "WARNING_SYS": "系统的CVE白名单已过期. 请延长有效期以使白名单生效",
-        "WARNING_PRO": "该项目的CVE白名单已过期. 请延长有效期以使白名单生效",
+        "CVE_ALLOWLIST": "CVE特赦名单",
+        "SYS_ALLOWLIST_EXPLAIN": "在计算镜像的的安全性漏洞时，在系统的CVE特赦名单中的漏洞将会被忽略。",
+        "ADD_SYS": "可添加一条或多条CVE ID至系统的CVE特赦名单中",
+        "WARNING_SYS": "系统的CVE特赦名单已过期. 请延长有效期以使特赦名单生效",
+        "WARNING_PRO": "该项目的CVE特赦名单已过期. 请延长有效期以使特赦名单生效",
         "ADD": "添加",
         "ENTER": "输入一条或多条CVE ID",
         "HELP": "CVE ID之间请用英文逗号隔开或者换行",
         "NONE": "无",
         "EXPIRES_AT": "有效期至",
         "NEVER_EXPIRES": "永不过期",
-        "PRO_WHITELIST_EXPLAIN": "在推送和拉取镜像时，在项目的CVE白名单中的漏洞将会被忽略",
-        "PRO_OR_SYS": "您可以选择使用系统的CVE白名单作为该项目的白名单，也可勾选“启用项目白名单”项来建立该项目自己的CVE白名单，",
-        "MERGE_INTO": "您可以点击“复制系统白名单”项将系统白名单合并至该项目白名单中，并可为该项目白名单添加特有的CVE IDs",
-        "SYS_WHITELIST": "启用系统白名单",
-        "PRO_WHITELIST": "启用项目白名单",
-        "ADD_SYSTEM": "复制系统白名单"
+        "PRO_ALLOWLIST_EXPLAIN": "在推送和拉取镜像时，在项目的CVE特赦名单中的漏洞将会被忽略",
+        "PRO_OR_SYS": "您可以选择使用系统的CVE特赦名单作为该项目的特赦名单，也可勾选“启用项目特赦名单”项来建立该项目自己的CVE特赦名单，",
+        "MERGE_INTO": "您可以点击“复制系统特赦名单”项将系统特赦名单合并至该项目特赦名单中，并可为该项目特赦名单添加特有的CVE IDs",
+        "SYS_ALLOWLIST": "启用系统特赦名单",
+        "PRO_ALLOWLIST": "启用项目特赦名单",
+        "ADD_SYSTEM": "复制系统特赦名单"
     },
     "TAG_RETENTION": {
         "TAG_RETENTION": "Tag保留",

src/portal/src/i18n/lang/zh-tw-lang.json

@@ -1192,25 +1192,25 @@
     "TIP_REPO": "鏡像倉庫名被分解為路徑組件。倉庫名必須至少有一個小寫字母、字母數字字符,可選句點、破折號或下劃線分隔。嚴格意義上說,它必須匹配正規表達式[a- z0-9]+(?[.-][a-z0-9]+)*.如果倉庫名有兩個或多個路徑組件,則它們必須用正斜杠('/')分隔。包括斜槓在內的倉庫名的總長度必須小於256個字符。",
     "TIP_TAG": "Tag 是應用於存儲庫中的Docker 映像的一種標籤,它用於區分多種鏡像。它需要匹配Regex：([\\w][\\w.-]{0,127}) "
   },
-  "CVE_WHITELIST":{
+  "CVE_ALLOWLIST":{
     "DEPLOYMENT_SECURITY": "部署安全性",
-    "CVE_WHITELIST": "CVE白名單",
-    "SYS_WHITELIST_EXPLAIN": "在計算鏡像的的安全性漏洞時,在系統的CVE白名單中的漏洞將會被忽略。",
-    "ADD_SYS": "可添加一條或多條CVE ID至系統的CVE白名單中",
-    "WARNING_SYS": "系統的CVE白名單已過期. 請延長有效期以使白名單生效",
-    "WARNING_PRO": "該項目的CVE白名單已過期. 請延長有效期以使白名單生效",
+    "CVE_ALLOWLIST": "CVE特赦名單",
+    "SYS_ALLOWLIST_EXPLAIN": "在計算鏡像的的安全性漏洞時,在系統的CVE特赦名單中的漏洞將會被忽略。",
+    "ADD_SYS": "可添加一條或多條CVE ID至系統的CVE特赦名單中",
+    "WARNING_SYS": "系統的CVE特赦名單已過期. 請延長有效期以使特赦名單生效",
+    "WARNING_PRO": "該項目的CVE特赦名單已過期. 請延長有效期以使特赦名單生效",
     "ADD":"添加",
     "ENTER": "輸入一條或多條CVE ID",
     "HELP": "CVE ID之間請用英文逗號隔開或者換行",
     "NONE":"無",
     "EXPIRES_AT": "有效期至",
     "NEVER_EXPIRES": "永不過期",
-    "PRO_WHITELIST_EXPLAIN": "在推送和拉取鏡像時,在項目的CVE白名單中的漏洞將會被忽略",
-    "PRO_OR_SYS": "您可以選擇使用系統的CVE白名單作為該項目的白名單,也可勾選“啟用項目白名單”項來建立該項目自己的CVE白名單,",
-    "MERGE_INTO": "您可以點擊“複製系統白名單”項將系統白名單合併至該項目白名單中,並可為該項目白名單添加特有的CVE IDs",
-    "SYS_WHITELIST": "啟用系統白名單",
-    "PRO_WHITELIST": "啟用項目白名單",
-    "ADD_SYSTEM": "複製系統白名單"
+    "PRO_ALLOWLIST_EXPLAIN": "在推送和拉取鏡像時,在項目的CVE特赦名單中的漏洞將會被忽略",
+    "PRO_OR_SYS": "您可以選擇使用系統的CVE特赦名單作為該項目的特赦名單,也可勾選“啟用項目特赦名單”項來建立該項目自己的CVE特赦名單,",
+    "MERGE_INTO": "您可以點擊“複製系統特赦名單”項將系統特赦名單合併至該項目特赦名單中,並可為該項目特赦名單添加特有的CVE IDs",
+    "SYS_ALLOWLIST": "啟用系統特赦名單",
+    "PRO_ALLOWLIST": "啟用項目特赦名單",
+    "ADD_SYSTEM": "複製系統特赦名單"
   },
   "TAG_RETENTION":{
     "TAG_RETENTION":"標籤保留",

src/portal/src/lib/components/config/registry-config.component.spec.ts

@@ -19,7 +19,7 @@ import {
   ScanningResultDefaultService,
   SystemInfoService,
   SystemInfoDefaultService,
-  SystemInfo, SystemCVEWhitelist
+  SystemInfo, SystemCVEAllowlist
 } from '../../services';
 import { Configuration } from './config';
 import { of } from 'rxjs';
@@ -57,7 +57,7 @@ describe('RegistryConfigComponent (inline template)', () => {
     "harbor_version": "v1.1.1-rc1-160-g565110d",
     "next_scan_all": 0
   };
-  let mockSystemWhitelist: SystemCVEWhitelist = {
+  let mockSystemAllowlist: SystemCVEAllowlist = {
     "expires_at": 1561996800,
     "id": 1,
     "items": [],
@@ -96,7 +96,7 @@ describe('RegistryConfigComponent (inline template)', () => {
     systemInfoService = fixture.debugElement.injector.get(SystemInfoService);
     spy = spyOn(cfgService, 'getConfigurations').and.returnValue(of(mockConfig));
     spySystemInfo = spyOn(systemInfoService, 'getSystemInfo').and.returnValue(of(mockSystemInfo));
-    spySystemInfo = spyOn(systemInfoService, 'getSystemWhitelist').and.returnValue(of(mockSystemWhitelist));
+    spySystemInfo = spyOn(systemInfoService, 'getSystemAllowlist').and.returnValue(of(mockSystemAllowlist));
     fixture.detectChanges();
   });
 

src/portal/src/lib/components/config/system/system-settings.component.html

@@ -74,49 +74,49 @@
 
 
         <div class="clr-form-control d-f">
-            <label for="systemWhitelist"
-                class="clr-control-label">{{'CVE_WHITELIST.DEPLOYMENT_SECURITY'|translate}}</label>
+            <label for="systemAllowlist"
+                class="clr-control-label">{{'CVE_ALLOWLIST.DEPLOYMENT_SECURITY'|translate}}</label>
             <div class="form-content">
                 <div class="font-size-13">
                     <div class="mt-05">
-                        <span class="title font-size-13">{{'CVE_WHITELIST.CVE_WHITELIST'|translate}}</span>
+                        <span class="title font-size-13">{{'CVE_ALLOWLIST.CVE_ALLOWLIST'|translate}}</span>
                     </div>
                     <div class="mt-05">
-                        <span>{{'CVE_WHITELIST.SYS_WHITELIST_EXPLAIN'|translate}}</span>
+                        <span>{{'CVE_ALLOWLIST.SYS_ALLOWLIST_EXPLAIN'|translate}}</span>
                     </div>
                     <div class="mt-05">
-                        <span>{{'CVE_WHITELIST.ADD_SYS'|translate}}</span>
+                        <span>{{'CVE_ALLOWLIST.ADD_SYS'|translate}}</span>
                     </div>
                     <div class="mt-05" *ngIf="hasExpired">
-                        <span class="label label-warning">{{'CVE_WHITELIST.WARNING_SYS'|translate}}</span>
+                        <span class="label label-warning">{{'CVE_ALLOWLIST.WARNING_SYS'|translate}}</span>
                     </div>
                 </div>
                 <div class="clr-row width-90per">
                     <div class="position-relative pl-05">
                         <div>
                             <button id="show-add-modal-button" (click)="showAddModal=!showAddModal"
-                                class="btn btn-link">{{'CVE_WHITELIST.ADD'|translate}}</button>
+                                class="btn btn-link">{{'CVE_ALLOWLIST.ADD'|translate}}</button>
                         </div>
                         <div class="add-modal add-modal-dark" *ngIf="showAddModal">
                             <clr-icon (click)="showAddModal=false" class="float-lg-right margin-top-4"
                                 shape="window-close"></clr-icon>
                             <div>
                                 <clr-textarea-container class="flex-direction-column">
-                                    <label>{{'CVE_WHITELIST.ENTER'|translate}}</label>
-                                    <textarea id="whitelist-textarea" class="w-100 font-italic" clrTextarea [(ngModel)]="cveIds"
+                                    <label>{{'CVE_ALLOWLIST.ENTER'|translate}}</label>
+                                    <textarea id="allowlist-textarea" class="w-100 font-italic" clrTextarea [(ngModel)]="cveIds"
                                         name="cveIds"></textarea>
-                                    <clr-control-helper>{{'CVE_WHITELIST.HELP'|translate}}</clr-control-helper>
+                                    <clr-control-helper>{{'CVE_ALLOWLIST.HELP'|translate}}</clr-control-helper>
                                 </clr-textarea-container>
                             </div>
                             <div>
-                                <button id="add-to-system" [disabled]="isDisabled()" (click)="addToSystemWhitelist()"
-                                    class="btn btn-link">{{'CVE_WHITELIST.ADD'|translate}}</button>
+                                <button id="add-to-system" [disabled]="isDisabled()" (click)="addToSystemAllowlist()"
+                                    class="btn btn-link">{{'CVE_ALLOWLIST.ADD'|translate}}</button>
                             </div>
                         </div>
-                        <ul class="whitelist-window">
-                            <li *ngIf="systemWhitelist?.items?.length<1" class="none">{{'CVE_WHITELIST.NONE'|translate}}
+                        <ul class="allowlist-window">
+                            <li *ngIf="systemAllowlist?.items?.length<1" class="none">{{'CVE_ALLOWLIST.NONE'|translate}}
                             </li>
-                            <li *ngFor="let item of systemWhitelist?.items;let i = index;">
+                            <li *ngFor="let item of systemAllowlist?.items;let i = index;">
                                 <a href="javascript:void(0)" (click)="goToDetail(item.cve_id)">{{item.cve_id}}</a>
                                 <a  class="float-lg-right" href="javascript:void(0)" (click)="deleteItem(i)">
                                     <clr-icon shape="times-circle"></clr-icon>
@@ -127,9 +127,9 @@
                     <div class="clr-col padding-top-8">
                         <div class="clr-row expire-data">
                             <label class="bottom-line clr-col-4"
-                                for="expires">{{'CVE_WHITELIST.EXPIRES_AT'|translate}}</label>
+                                for="expires">{{'CVE_ALLOWLIST.EXPIRES_AT'|translate}}</label>
                             <div>
-                                <input #dateInput placeholder="{{'CVE_WHITELIST.NEVER_EXPIRES'|translate}}" readonly
+                                <input #dateInput placeholder="{{'CVE_ALLOWLIST.NEVER_EXPIRES'|translate}}" readonly
                                     type="date" [(clrDate)]="expiresDate" newFormLayout="true">
                             </div>
                         </div>
@@ -139,7 +139,7 @@
                                 <input [checked]="neverExpires" [(ngModel)]="neverExpires" type="checkbox" clrCheckbox
                                     name="neverExpires" id="neverExpires" />
                                 <label>
-                                    {{'CVE_WHITELIST.NEVER_EXPIRES'|translate}}
+                                    {{'CVE_ALLOWLIST.NEVER_EXPIRES'|translate}}
                                 </label>
                             </clr-checkbox-wrapper>
                         </div>
@@ -167,10 +167,10 @@
 </form>
 <div>
     <button type="button" id="config_system_save" class="btn btn-primary" (click)="save()"
-        [disabled]="(!isValid() || !hasChanges()) && (!hasWhitelistChanged) || inProgress">{{'BUTTON.SAVE'
+        [disabled]="(!isValid() || !hasChanges()) && (!hasAllowlistChanged) || inProgress">{{'BUTTON.SAVE'
         | translate}}</button>
     <button type="button" id="config_system_cancel" class="btn btn-outline" (click)="cancel()"
-        [disabled]="(!isValid() || !hasChanges()) && (!hasWhitelistChanged) || inProgress">{{'BUTTON.CANCEL'
+        [disabled]="(!isValid() || !hasChanges()) && (!hasAllowlistChanged) || inProgress">{{'BUTTON.CANCEL'
         | translate}}</button>
 </div>
 <confirmation-dialog #cfgConfirmationDialog (confirmAction)="confirmCancel($event)"></confirmation-dialog>

src/portal/src/lib/components/config/system/system-settings.component.scss

@@ -50,7 +50,7 @@
   margin-top: 4px;
 }
 
-.whitelist-window {
+.allowlist-window {
   border: 1px solid #ccc;
   border-radius: 3px;
   padding: 12px;

src/portal/src/lib/components/config/system/system-settings.component.spec.ts

@@ -14,7 +14,7 @@ describe('SystemSettingsComponent', () => {
   const config: IServiceConfig = {
     baseEndpoint: CURRENT_BASE_HREF + "/testing"
   };
-  const mockedWhitelist = {
+  const mockedAllowlist = {
     id: 1,
     project_id: 1,
     expires_at: null,
@@ -23,13 +23,13 @@ describe('SystemSettingsComponent', () => {
     ]
   };
   const fakedSystemInfoService = {
-    getSystemWhitelist() {
-       return of(mockedWhitelist);
+    getSystemAllowlist() {
+       return of(mockedAllowlist);
     },
     getSystemInfo() {
        return of({});
     },
-    updateSystemWhitelist() {
+    updateSystemAllowlist() {
       return of(true);
     }
   };
@@ -65,7 +65,7 @@ describe('SystemSettingsComponent', () => {
     expect(component).toBeTruthy();
   });
   it('cancel button should works', () => {
-    component.systemWhitelist.items.push({cve_id: 'CVE-2019-456'});
+    component.systemAllowlist.items.push({cve_id: 'CVE-2019-456'});
     const readOnly: HTMLElement = fixture.nativeElement.querySelector('#repoReadOnly');
     readOnly.click();
     fixture.detectChanges();
@@ -75,13 +75,13 @@ describe('SystemSettingsComponent', () => {
     expect(component.confirmationDlg.opened).toBeTruthy();
   });
   it('save button should works', () => {
-    component.systemWhitelist.items[0].cve_id = 'CVE-2019-789';
+    component.systemAllowlist.items[0].cve_id = 'CVE-2019-789';
     const readOnly: HTMLElement = fixture.nativeElement.querySelector('#repoReadOnly');
     readOnly.click();
     fixture.detectChanges();
     const save: HTMLButtonElement = fixture.nativeElement.querySelector('#config_system_save');
     save.click();
     fixture.detectChanges();
-    expect(component.systemWhitelistOrigin.items[0].cve_id).toEqual('CVE-2019-789');
+    expect(component.systemAllowlistOrigin.items[0].cve_id).toEqual('CVE-2019-789');
   });
 });

src/portal/src/lib/components/config/system/system-settings.component.ts

@@ -20,7 +20,7 @@ import {ConfirmationDialogComponent} from '../../confirmation-dialog/confirmatio
 import {ConfirmationState, ConfirmationTargets} from '../../../entities/shared.const';
 import {ConfirmationAcknowledgement} from '../../confirmation-dialog/confirmation-state-message';
 import {
-    ConfigurationService, SystemCVEWhitelist, SystemInfo, SystemInfoService, VulnerabilityItem
+    ConfigurationService, SystemCVEAllowlist, SystemInfo, SystemInfoService, VulnerabilityItem
 } from '../../../services';
 import {forkJoin} from "rxjs";
 
@@ -42,8 +42,8 @@ export class SystemSettingsComponent implements OnChanges, OnInit {
     private originalConfig: Configuration;
     downloadLink: string;
     robotTokenExpiration: string;
-    systemWhitelist: SystemCVEWhitelist;
-    systemWhitelistOrigin: SystemCVEWhitelist;
+    systemAllowlist: SystemCVEAllowlist;
+    systemAllowlistOrigin: SystemCVEAllowlist;
     cveIds: string;
     showAddModal: boolean = false;
     systemInfo: SystemInfo;
@@ -139,14 +139,14 @@ export class SystemSettingsComponent implements OnChanges, OnInit {
      */
     public save(): void {
         let changes = this.getChanges();
-        if (!isEmpty(changes) || !compareValue(this.systemWhitelistOrigin, this.systemWhitelist)) {
+        if (!isEmpty(changes) || !compareValue(this.systemAllowlistOrigin, this.systemAllowlist)) {
             this.onGoing = true;
             let observables = [];
             if (!isEmpty(changes)) {
                 observables.push(this.configService.saveConfigurations(changes));
             }
-            if (!compareValue(this.systemWhitelistOrigin, this.systemWhitelist)) {
-                observables.push(this.systemInfoService.updateSystemWhitelist(this.systemWhitelist));
+            if (!compareValue(this.systemAllowlistOrigin, this.systemAllowlist)) {
+                observables.push(this.systemInfoService.updateSystemAllowlist(this.systemAllowlist));
             }
             forkJoin(observables).subscribe(result => {
                 this.onGoing = false;
@@ -163,8 +163,8 @@ export class SystemSettingsComponent implements OnChanges, OnInit {
 
                     this.reloadSystemConfig.emit();
                 }
-                if (!compareValue(this.systemWhitelistOrigin, this.systemWhitelist)) {
-                    this.systemWhitelistOrigin = clone(this.systemWhitelist);
+                if (!compareValue(this.systemAllowlistOrigin, this.systemAllowlist)) {
+                    this.systemAllowlistOrigin = clone(this.systemAllowlist);
                 }
                 this.errorHandler.info('CONFIG.SAVE_SUCCESS');
             }, error => {
@@ -212,8 +212,8 @@ export class SystemSettingsComponent implements OnChanges, OnInit {
             let changes = this.getChanges();
             this.reset(changes);
             this.initRobotToken();
-            if (!compareValue(this.systemWhitelistOrigin, this.systemWhitelist)) {
-                this.systemWhitelist = clone(this.systemWhitelistOrigin);
+            if (!compareValue(this.systemAllowlistOrigin, this.systemAllowlist)) {
+                this.systemAllowlist = clone(this.systemAllowlistOrigin);
             }
         }
     }
@@ -231,7 +231,7 @@ export class SystemSettingsComponent implements OnChanges, OnInit {
      */
     public cancel(): void {
         let changes = this.getChanges();
-        if (!isEmpty(changes) || !compareValue(this.systemWhitelistOrigin, this.systemWhitelist)) {
+        if (!isEmpty(changes) || !compareValue(this.systemAllowlistOrigin, this.systemAllowlist)) {
             let msg = new ConfirmationMessage(
                 'CONFIG.CONFIRM_TITLE',
                 'CONFIG.CONFIRM_SUMMARY',
@@ -257,7 +257,7 @@ export class SystemSettingsComponent implements OnChanges, OnInit {
 
     ngOnInit() {
         this.initRobotToken();
-        this.getSystemWhitelist();
+        this.getSystemAllowlist();
         this.getSystemInfo();
     }
 
@@ -266,22 +266,22 @@ export class SystemSettingsComponent implements OnChanges, OnInit {
             .subscribe(systemInfo => this.systemInfo = systemInfo
                 , error => this.errorHandler.error(error));
     }
-    getSystemWhitelist() {
+    getSystemAllowlist() {
         this.onGoing = true;
-        this.systemInfoService.getSystemWhitelist()
-            .subscribe((systemWhitelist) => {
+        this.systemInfoService.getSystemAllowlist()
+            .subscribe((systemAllowlist) => {
                     this.onGoing = false;
-                    if (!systemWhitelist.items) {
-                        systemWhitelist.items = [];
+                    if (!systemAllowlist.items) {
+                        systemAllowlist.items = [];
                     }
-                    if (!systemWhitelist.expires_at) {
-                        systemWhitelist.expires_at = null;
+                    if (!systemAllowlist.expires_at) {
+                        systemAllowlist.expires_at = null;
                     }
-                    this.systemWhitelist = systemWhitelist;
-                    this.systemWhitelistOrigin = clone(systemWhitelist);
+                    this.systemAllowlist = systemAllowlist;
+                    this.systemAllowlistOrigin = clone(systemAllowlist);
                 }, error => {
                     this.onGoing = false;
-                    console.error('An error occurred during getting systemWhitelist');
+                    console.error('An error occurred during getting systemAllowlist');
                     // this.errorHandler.error(error);
                 }
             );
@@ -307,13 +307,13 @@ export class SystemSettingsComponent implements OnChanges, OnInit {
     }
 
     deleteItem(index: number) {
-        this.systemWhitelist.items.splice(index, 1);
+        this.systemAllowlist.items.splice(index, 1);
     }
 
-    addToSystemWhitelist() {
-        // remove duplication and add to systemWhitelist
+    addToSystemAllowlist() {
+        // remove duplication and add to systemAllowlist
         let map = {};
-        this.systemWhitelist.items.forEach(item => {
+        this.systemAllowlist.items.forEach(item => {
             map[item.cve_id] = true;
         });
         this.cveIds.split(/[\n,]+/).forEach(id => {
@@ -321,7 +321,7 @@ export class SystemSettingsComponent implements OnChanges, OnInit {
             cveObj.cve_id = id.trim();
             if (!map[cveObj.cve_id]) {
                 map[cveObj.cve_id] = true;
-                this.systemWhitelist.items.push(cveObj);
+                this.systemAllowlist.items.push(cveObj);
             }
         });
         // clear modal and close modal
@@ -329,8 +329,8 @@ export class SystemSettingsComponent implements OnChanges, OnInit {
         this.showAddModal = false;
     }
 
-    get hasWhitelistChanged(): boolean {
-        return !compareValue(this.systemWhitelistOrigin, this.systemWhitelist);
+    get hasAllowlistChanged(): boolean {
+        return !compareValue(this.systemAllowlistOrigin, this.systemAllowlist);
     }
 
     isDisabled(): boolean {
@@ -339,34 +339,34 @@ export class SystemSettingsComponent implements OnChanges, OnInit {
     }
 
     get expiresDate() {
-        if (this.systemWhitelist && this.systemWhitelist.expires_at) {
-            return new Date(this.systemWhitelist.expires_at * ONE_THOUSAND);
+        if (this.systemAllowlist && this.systemAllowlist.expires_at) {
+            return new Date(this.systemAllowlist.expires_at * ONE_THOUSAND);
         }
         return null;
     }
 
     set expiresDate(date) {
-        if (this.systemWhitelist && date) {
-            this.systemWhitelist.expires_at = Math.floor(date.getTime() / ONE_THOUSAND);
+        if (this.systemAllowlist && date) {
+            this.systemAllowlist.expires_at = Math.floor(date.getTime() / ONE_THOUSAND);
         }
     }
 
     get neverExpires(): boolean {
-        return !(this.systemWhitelist && this.systemWhitelist.expires_at);
+        return !(this.systemAllowlist && this.systemAllowlist.expires_at);
     }
 
     set neverExpires(flag) {
         if (flag) {
-            this.systemWhitelist.expires_at = null;
+            this.systemAllowlist.expires_at = null;
             this.systemInfoService.resetDateInput(this.dateInput);
         } else {
-            this.systemWhitelist.expires_at = Math.floor(new Date().getTime() / ONE_THOUSAND);
+            this.systemAllowlist.expires_at = Math.floor(new Date().getTime() / ONE_THOUSAND);
         }
     }
 
     get hasExpired(): boolean {
-        if (this.systemWhitelistOrigin && this.systemWhitelistOrigin.expires_at) {
-            return new Date().getTime() > this.systemWhitelistOrigin.expires_at * ONE_THOUSAND;
+        if (this.systemAllowlistOrigin && this.systemAllowlistOrigin.expires_at) {
+            return new Date().getTime() > this.systemAllowlistOrigin.expires_at * ONE_THOUSAND;
         }
         return false;
     }

src/portal/src/lib/components/project-policy-config/project-policy-config.component.html

@@ -57,77 +57,77 @@
             </clr-control-helper>
         </clr-checkbox-container>
         <div *ngIf="systemInfo" class="clr-form-control" [class.clr-form-control-disabled]="!hasChangeConfigRole">
-            <label for="systemWhitelist" class="clr-control-label">{{'CVE_WHITELIST.CVE_WHITELIST'|translate}}</label>
+            <label for="systemAllowlist" class="clr-control-label">{{'CVE_ALLOWLIST.CVE_ALLOWLIST'|translate}}</label>
             <div class="w-100 clr-control-container">
                 <div class="config-subtext">
                     <div>
-                        <span>{{'CVE_WHITELIST.PRO_WHITELIST_EXPLAIN'|translate}}</span>
+                        <span>{{'CVE_ALLOWLIST.PRO_ALLOWLIST_EXPLAIN'|translate}}</span>
                     </div>
                     <div>
-                        <span>{{'CVE_WHITELIST.PRO_OR_SYS'|translate}}</span>
+                        <span>{{'CVE_ALLOWLIST.PRO_OR_SYS'|translate}}</span>
                     </div>
                     <div>
-                        <span>{{'CVE_WHITELIST.MERGE_INTO'|translate}}</span>
+                        <span>{{'CVE_ALLOWLIST.MERGE_INTO'|translate}}</span>
                     </div>
                     <div *ngIf="hasExpired">
-                        <span *ngIf="isUseSystemWhitelist()"
-                            class="label label-warning">{{'CVE_WHITELIST.WARNING_SYS'|translate}}</span>
-                        <span *ngIf="!isUseSystemWhitelist()"
-                            class="label label-warning">{{'CVE_WHITELIST.WARNING_PRO'|translate}}</span>
+                        <span *ngIf="isUseSystemAllowlist()"
+                            class="label label-warning">{{'CVE_ALLOWLIST.WARNING_SYS'|translate}}</span>
+                        <span *ngIf="!isUseSystemAllowlist()"
+                            class="label label-warning">{{'CVE_ALLOWLIST.WARNING_PRO'|translate}}</span>
                     </div>
                 </div>
                 <clr-radio-container clrInline>
                     <clr-radio-wrapper>
                         <input id="use-system" [attr.disabled]="!hasChangeConfigRole?'disabled':null" type="radio" clrRadio
-                            name="systemWhitelistOrProjectWhitelist" required value="true"
-                            [(ngModel)]="systemWhitelistOrProjectWhitelist" />
-                        <label>{{'CVE_WHITELIST.SYS_WHITELIST'|translate}}</label>
+                            name="systemAllowlistOrProjectAllowlist" required value="true"
+                            [(ngModel)]="systemAllowlistOrProjectAllowlist" />
+                        <label>{{'CVE_ALLOWLIST.SYS_ALLOWLIST'|translate}}</label>
                     </clr-radio-wrapper>
                     <clr-radio-wrapper>
                         <input id="use-project" [attr.disabled]="!hasChangeConfigRole?'disabled':null" type="radio" clrRadio
-                            name="systemWhitelistOrProjectWhitelist" required value="false"
-                            [(ngModel)]="systemWhitelistOrProjectWhitelist" />
-                        <label>{{'CVE_WHITELIST.PRO_WHITELIST'|translate}}</label>
+                            name="systemAllowlistOrProjectAllowlist" required value="false"
+                            [(ngModel)]="systemAllowlistOrProjectAllowlist" />
+                        <label>{{'CVE_ALLOWLIST.PRO_ALLOWLIST'|translate}}</label>
                     </clr-radio-wrapper>
                 </clr-radio-container>
                 <div class="clr-row width-90per">
                     <div class="clr-col position-relative col-flex-grow-0 ">
                         <div>
-                            <button id="show-add-modal" [disabled]="isUseSystemWhitelist() || !hasChangeConfigRole"
+                            <button id="show-add-modal" [disabled]="isUseSystemAllowlist() || !hasChangeConfigRole"
                                 (click)="showAddModal=!showAddModal"
-                                class="btn btn-link">{{'CVE_WHITELIST.ADD'|translate}}</button>
-                            <button id="add-system" [disabled]="isUseSystemWhitelist() || !hasChangeConfigRole"
+                                class="btn btn-link">{{'CVE_ALLOWLIST.ADD'|translate}}</button>
+                            <button id="add-system" [disabled]="isUseSystemAllowlist() || !hasChangeConfigRole"
                                 (click)="addSystem()"
-                                class="btn btn-link ml-1">{{'CVE_WHITELIST.ADD_SYSTEM'|translate}}</button>
+                                class="btn btn-link ml-1">{{'CVE_ALLOWLIST.ADD_SYSTEM'|translate}}</button>
                         </div>
-                        <div class="add-modal add-modal-dark" *ngIf="showAddModal && !isUseSystemWhitelist()">
+                        <div class="add-modal add-modal-dark" *ngIf="showAddModal && !isUseSystemAllowlist()">
                             <clr-icon (click)="showAddModal=false" class="float-lg-right margin-top-4"
                                 shape="window-close"></clr-icon>
                             <div>
                                 <clr-textarea-container class="flex-direction-column">
-                                    <label>{{'CVE_WHITELIST.ENTER'|translate}}</label>
-                                    <textarea id="whitelist-textarea" class="w-100" clrTextarea [(ngModel)]="cveIds"
+                                    <label>{{'CVE_ALLOWLIST.ENTER'|translate}}</label>
+                                    <textarea id="allowlist-textarea" class="w-100" clrTextarea [(ngModel)]="cveIds"
                                         name="cveIds"></textarea>
-                                    <clr-control-helper>{{'CVE_WHITELIST.HELP'|translate}}</clr-control-helper>
+                                    <clr-control-helper>{{'CVE_ALLOWLIST.HELP'|translate}}</clr-control-helper>
                                 </clr-textarea-container>
                             </div>
                             <div>
-                                <button id="add-to-whitelist" [disabled]="isDisabled()"
-                                    (click)="addToProjectWhitelist()"
-                                    class="btn btn-link">{{'CVE_WHITELIST.ADD'|translate}}</button>
+                                <button id="add-to-allowlist" [disabled]="isDisabled()"
+                                    (click)="addToProjectAllowlist()"
+                                    class="btn btn-link">{{'CVE_ALLOWLIST.ADD'|translate}}</button>
                             </div>
                         </div>
-                        <ul class="whitelist-window" *ngIf="isUseSystemWhitelist()">
-                            <li *ngIf="systemWhitelist?.items?.length<1" class="none">{{'CVE_WHITELIST.NONE'|translate}}
+                        <ul class="allowlist-window" *ngIf="isUseSystemAllowlist()">
+                            <li *ngIf="systemAllowlist?.items?.length<1" class="none">{{'CVE_ALLOWLIST.NONE'|translate}}
                             </li>
-                            <li *ngFor="let item of systemWhitelist?.items">
+                            <li *ngFor="let item of systemAllowlist?.items">
                                 <a href="javascript:void(0)" (click)="goToDetail(item.cve_id)">{{item.cve_id}}</a>
                             </li>
                         </ul>
-                        <ul class="whitelist-window" *ngIf="!isUseSystemWhitelist()">
-                            <li class="none" *ngIf="projectWhitelist?.items?.length<1">
-                                {{'CVE_WHITELIST.NONE'|translate}}</li>
-                            <li *ngFor="let item of projectWhitelist?.items;let i = index;">
+                        <ul class="allowlist-window" *ngIf="!isUseSystemAllowlist()">
+                            <li class="none" *ngIf="projectAllowlist?.items?.length<1">
+                                {{'CVE_ALLOWLIST.NONE'|translate}}</li>
+                            <li *ngFor="let item of projectAllowlist?.items;let i = index;">
                                 <a href="javascript:void(0)" (click)="goToDetail(item.cve_id)">{{item.cve_id}}</a>
                                 <a  class="float-lg-right" href="javascript:void(0)" (click)="deleteItem(i)">
                                     <clr-icon shape="times-circle"></clr-icon>
@@ -138,25 +138,25 @@
                     <div class="clr-col padding-top-16 pl-2">
                         <div class="clr-row expire-data">
                             <label for="expires"
-                                class="bottom-line bottom-line-project-config clr-col-3">{{'CVE_WHITELIST.EXPIRES_AT'|translate}}</label>
+                                class="bottom-line bottom-line-project-config clr-col-3">{{'CVE_ALLOWLIST.EXPIRES_AT'|translate}}</label>
                             <div class="underline">
                                 <input #dateSystemInput readonly type="date" [(clrDate)]="systemExpiresDate">
-                                <input [disabled]="!hasChangeConfigRole" *ngIf="!isUseSystemWhitelist()" #dateInput
-                                    placeholder="{{'CVE_WHITELIST.NEVER_EXPIRES'|translate}}" readonly type="date"
+                                <input [disabled]="!hasChangeConfigRole" *ngIf="!isUseSystemAllowlist()" #dateInput
+                                    placeholder="{{'CVE_ALLOWLIST.NEVER_EXPIRES'|translate}}" readonly type="date"
                                     [(clrDate)]="expiresDate" newFormLayout="true">
-                                <input clrInput [disabled]="!hasChangeConfigRole" *ngIf="isUseSystemWhitelist()"
-                                    placeholder="{{'CVE_WHITELIST.NEVER_EXPIRES'|translate}}" readonly type="text"
+                                <input clrInput [disabled]="!hasChangeConfigRole" *ngIf="isUseSystemAllowlist()"
+                                    placeholder="{{'CVE_ALLOWLIST.NEVER_EXPIRES'|translate}}" readonly type="text"
                                     value="{{systemExpiresDateString}}">
                             </div>
                         </div>
                         <div class="clr-row">
                             <label for="expires" class="clr-col-3"></label>
                             <clr-checkbox-wrapper>
-                                <input [disabled]="isUseSystemWhitelist() || !hasChangeConfigRole"
+                                <input [disabled]="isUseSystemAllowlist() || !hasChangeConfigRole"
                                     [checked]="neverExpires" [(ngModel)]="neverExpires" type="checkbox" clrCheckbox
                                     name="neverExpires" id="neverExpires" />
                                 <label>
-                                    {{'CVE_WHITELIST.NEVER_EXPIRES'|translate}}
+                                    {{'CVE_ALLOWLIST.NEVER_EXPIRES'|translate}}
                                 </label>
                             </clr-checkbox-wrapper>
                         </div>
@@ -165,10 +165,10 @@
             </div>
         </div>
         <button type="button" class="btn btn-primary" (click)="save()"
-            [disabled]="((!isValid() || !hasChanges()) && !hasWhitelistChanged) || !hasChangeConfigRole">{{'BUTTON.SAVE'
+            [disabled]="((!isValid() || !hasChanges()) && !hasAllowlistChanged) || !hasChangeConfigRole">{{'BUTTON.SAVE'
             | translate}}</button>
         <button type="button" class="btn btn-outline" (click)="cancel()"
-            [disabled]="((!isValid() || !hasChanges()) && !hasWhitelistChanged) || !hasChangeConfigRole">{{'BUTTON.CANCEL'
+            [disabled]="((!isValid() || !hasChanges()) && !hasAllowlistChanged) || !hasChangeConfigRole">{{'BUTTON.CANCEL'
             | translate}}</button>
         <confirmation-dialog #cfgConfirmationDialog (confirmAction)="confirmCancel($event)"></confirmation-dialog>
     </section>

src/portal/src/lib/components/project-policy-config/project-policy-config.component.scss

@@ -10,7 +10,7 @@
   margin-top: 4px;
 }
 
-.whitelist-window {
+.allowlist-window {
   border: 1px solid #ccc;
   border-radius: 3px;
   padding: 12px;

src/portal/src/lib/components/project-policy-config/project-policy-config.component.spec.ts

@@ -6,7 +6,7 @@ import { ProjectPolicyConfigComponent } from './project-policy-config.component'
 import { SharedModule } from '../../utils/shared/shared.module';
 import { ProjectService } from '../../services/project.service';
 import { SERVICE_CONFIG, IServiceConfig} from '../../entities/service.config';
-import {SystemCVEWhitelist, SystemInfo} from '../../services/interface';
+import {SystemCVEAllowlist, SystemInfo} from '../../services/interface';
 import { Project } from './project';
 import { UserPermissionService } from '../../services/permission.service';
 import { of } from 'rxjs';
@@ -74,7 +74,7 @@ const mockProjectPolicies: Project[] | any[] = [
     }
   }
 ];
-const mockSystemWhitelist: SystemCVEWhitelist = {
+const mockSystemAllowlist: SystemCVEAllowlist = {
   "expires_at": 1561996800,
   "id": 1,
   "items": [],
@@ -94,8 +94,8 @@ const systemInfoService = {
   getSystemInfo() {
     return of(mockSystemInfo[0]);
   },
-  getSystemWhitelist() {
-    return of(mockSystemWhitelist);
+  getSystemAllowlist() {
+    return of(mockSystemAllowlist);
   }
 };
 

src/portal/src/lib/components/project-policy-config/project-policy-config.component.ts

@@ -3,7 +3,7 @@ import {Component, ElementRef, Input, OnInit, ViewChild} from '@angular/core';
 import {compareValue, clone} from '../../utils/utils';
 import {ProjectService} from '../../services/project.service';
 import {ErrorHandler} from '../../utils/error-handler/error-handler';
-import {State, SystemCVEWhitelist} from '../../services/interface';
+import {State, SystemCVEAllowlist} from '../../services/interface';
 
 import {ConfirmationState, ConfirmationTargets} from '../../entities/shared.const';
 import {ConfirmationMessage} from '../confirmation-dialog/confirmation-message';
@@ -76,17 +76,17 @@ export class ProjectPolicyConfigComponent implements OnInit {
         {severity: 'low', severityLevel: 'VULNERABILITY.SEVERITY.LOW'},
         {severity: 'none', severityLevel: 'VULNERABILITY.SEVERITY.NONE'},
     ];
-    userSystemWhitelist: boolean = true;
+    userSystemAllowlist: boolean = true;
     showAddModal: boolean = false;
-    systemWhitelist: SystemCVEWhitelist;
+    systemAllowlist: SystemCVEAllowlist;
     cveIds: string;
     systemExpiresDate: Date;
     systemExpiresDateString: string;
-    userProjectWhitelist = false;
-    systemWhitelistOrProjectWhitelist: string;
-    systemWhitelistOrProjectWhitelistOrigin: string;
-    projectWhitelist;
-    projectWhitelistOrigin;
+    userProjectAllowlist = false;
+    systemAllowlistOrProjectAllowlist: string;
+    systemAllowlistOrProjectAllowlistOrigin: string;
+    projectAllowlist;
+    projectAllowlistOrigin;
 
     constructor(
         private errorHandler: ErrorHandler,
@@ -114,16 +114,16 @@ export class ProjectPolicyConfigComponent implements OnInit {
         // retrive project level policy data
         this.retrieve();
         this.getPermission();
-        this.getSystemWhitelist();
+        this.getSystemAllowlist();
     }
 
-    getSystemWhitelist() {
-        this.systemInfoService.getSystemWhitelist()
-            .subscribe((systemWhitelist) => {
-                    if (systemWhitelist) {
-                        this.systemWhitelist = systemWhitelist;
-                        if (this.systemWhitelist.expires_at) {
-                            this.systemExpiresDate = new Date(this.systemWhitelist.expires_at * ONE_THOUSAND);
+    getSystemAllowlist() {
+        this.systemInfoService.getSystemAllowlist()
+            .subscribe((systemAllowlist) => {
+                    if (systemAllowlist) {
+                        this.systemAllowlist = systemAllowlist;
+                        if (this.systemAllowlist.expires_at) {
+                            this.systemExpiresDate = new Date(this.systemAllowlist.expires_at * ONE_THOUSAND);
                             setTimeout( () => {
                                 this.systemExpiresDateString = this.dateSystemInput.nativeElement.value;
                             }, 100);
@@ -151,27 +151,27 @@ export class ProjectPolicyConfigComponent implements OnInit {
                 response => {
                     this.orgProjectPolicy.initByProject(response);
                     this.projectPolicy.initByProject(response);
-                    // get projectWhitelist
-                    if (!response.cve_whitelist) {
-                       response.cve_whitelist = {
+                    // get projectAllowlist
+                    if (!response.cve_allowlist) {
+                       response.cve_allowlist = {
                             items: [],
                             expires_at: null
                         };
                     }
-                    if (!response.cve_whitelist['items']) {
-                        response.cve_whitelist['items'] = [];
+                    if (!response.cve_allowlist['items']) {
+                        response.cve_allowlist['items'] = [];
                     }
-                    if (!response.cve_whitelist['expires_at']) {
-                        response.cve_whitelist['expires_at'] = null;
+                    if (!response.cve_allowlist['expires_at']) {
+                        response.cve_allowlist['expires_at'] = null;
                     }
-                    if (!response.metadata.reuse_sys_cve_whitelist) {
-                        response.metadata.reuse_sys_cve_whitelist = "true";
+                    if (!response.metadata.reuse_sys_cve_allowlist) {
+                        response.metadata.reuse_sys_cve_allowlist = "true";
                     }
-                    if (response && response.cve_whitelist) {
-                        this.projectWhitelist = clone(response.cve_whitelist);
-                        this.projectWhitelistOrigin = clone(response.cve_whitelist);
-                        this.systemWhitelistOrProjectWhitelist = response.metadata.reuse_sys_cve_whitelist;
-                        this.systemWhitelistOrProjectWhitelistOrigin = response.metadata.reuse_sys_cve_whitelist;
+                    if (response && response.cve_allowlist) {
+                        this.projectAllowlist = clone(response.cve_allowlist);
+                        this.projectAllowlistOrigin = clone(response.cve_allowlist);
+                        this.systemAllowlistOrProjectAllowlist = response.metadata.reuse_sys_cve_allowlist;
+                        this.systemAllowlistOrProjectAllowlistOrigin = response.metadata.reuse_sys_cve_allowlist;
                     }
                 }, error => this.errorHandler.error(error));
     }
@@ -193,15 +193,15 @@ export class ProjectPolicyConfigComponent implements OnInit {
     }
 
     save() {
-        if (!this.hasChanges() && !this.hasWhitelistChanged) {
+        if (!this.hasChanges() && !this.hasAllowlistChanged) {
             return;
         }
         this.onGoing = true;
         this.projectService.updateProjectPolicy(
             this.projectId,
             this.projectPolicy,
-            this.systemWhitelistOrProjectWhitelist,
-            this.projectWhitelist)
+            this.systemAllowlistOrProjectAllowlist,
+            this.projectAllowlist)
             .subscribe(() => {
                 this.onGoing = false;
                 this.translate.get('CONFIG.SAVE_SUCCESS').subscribe((res: string) => {
@@ -233,49 +233,49 @@ export class ProjectPolicyConfigComponent implements OnInit {
         if (ack && ack.source === ConfirmationTargets.CONFIG &&
             ack.state === ConfirmationState.CONFIRMED) {
             this.reset();
-            if (this.hasWhitelistChanged) {
-                this.projectWhitelist = clone(this.projectWhitelistOrigin);
-                this.systemWhitelistOrProjectWhitelist = this.systemWhitelistOrProjectWhitelistOrigin;
+            if (this.hasAllowlistChanged) {
+                this.projectAllowlist = clone(this.projectAllowlistOrigin);
+                this.systemAllowlistOrProjectAllowlist = this.systemAllowlistOrProjectAllowlistOrigin;
             }
         }
     }
 
-    isUseSystemWhitelist(): boolean {
-        return this.systemWhitelistOrProjectWhitelist === 'true';
+    isUseSystemAllowlist(): boolean {
+        return this.systemAllowlistOrProjectAllowlist === 'true';
     }
 
     deleteItem(index: number) {
-        this.projectWhitelist.items.splice(index, 1);
+        this.projectAllowlist.items.splice(index, 1);
     }
 
     addSystem() {
         this.showAddModal = false;
-        if (!(this.systemWhitelist && this.systemWhitelist.items && this.systemWhitelist.items.length > 0)) {
+        if (!(this.systemAllowlist && this.systemAllowlist.items && this.systemAllowlist.items.length > 0)) {
             return;
         }
-        if (this.projectWhitelist && !this.projectWhitelist.items) {
-            this.projectWhitelist.items = [];
+        if (this.projectAllowlist && !this.projectAllowlist.items) {
+            this.projectAllowlist.items = [];
         }
-        // remove duplication and add to projectWhitelist
+        // remove duplication and add to projectAllowlist
         let map = {};
-        this.projectWhitelist.items.forEach(item => {
+        this.projectAllowlist.items.forEach(item => {
             map[item.cve_id] = true;
         });
-        this.systemWhitelist.items.forEach(item => {
+        this.systemAllowlist.items.forEach(item => {
             if (!map[item.cve_id]) {
                 map[item.cve_id] = true;
-                this.projectWhitelist.items.push(item);
+                this.projectAllowlist.items.push(item);
             }
         });
     }
 
-    addToProjectWhitelist() {
-        if (this.projectWhitelist && !this.projectWhitelist.items) {
-            this.projectWhitelist.items = [];
+    addToProjectAllowlist() {
+        if (this.projectAllowlist && !this.projectAllowlist.items) {
+            this.projectAllowlist.items = [];
         }
-        // remove duplication and add to projectWhitelist
+        // remove duplication and add to projectAllowlist
         let map = {};
-        this.projectWhitelist.items.forEach(item => {
+        this.projectAllowlist.items.forEach(item => {
             map[item.cve_id] = true;
         });
         this.cveIds.split(/[\n,]+/).forEach(id => {
@@ -283,7 +283,7 @@ export class ProjectPolicyConfigComponent implements OnInit {
             cveObj.cve_id = id.trim();
             if (!map[cveObj.cve_id]) {
                 map[cveObj.cve_id] = true;
-                this.projectWhitelist.items.push(cveObj);
+                this.projectAllowlist.items.push(cveObj);
             }
         });
         // clear modal and close modal
@@ -291,9 +291,9 @@ export class ProjectPolicyConfigComponent implements OnInit {
         this.showAddModal = false;
     }
 
-    get hasWhitelistChanged(): boolean {
-        return !(compareValue(this.projectWhitelist, this.projectWhitelistOrigin)
-            && this.systemWhitelistOrProjectWhitelistOrigin === this.systemWhitelistOrProjectWhitelist);
+    get hasAllowlistChanged(): boolean {
+        return !(compareValue(this.projectAllowlist, this.projectAllowlistOrigin)
+            && this.systemAllowlistOrProjectAllowlistOrigin === this.systemAllowlistOrProjectAllowlist);
     }
 
     isDisabled(): boolean {
@@ -302,34 +302,34 @@ export class ProjectPolicyConfigComponent implements OnInit {
     }
 
     get expiresDate() {
-        if (this.systemWhitelistOrProjectWhitelist === 'true') {
-            if (this.systemWhitelist && this.systemWhitelist.expires_at) {
-                return new Date(this.systemWhitelist.expires_at * ONE_THOUSAND);
+        if (this.systemAllowlistOrProjectAllowlist === 'true') {
+            if (this.systemAllowlist && this.systemAllowlist.expires_at) {
+                return new Date(this.systemAllowlist.expires_at * ONE_THOUSAND);
             }
         } else {
-            if (this.projectWhitelist && this.projectWhitelist.expires_at) {
-                return new Date(this.projectWhitelist.expires_at * ONE_THOUSAND);
+            if (this.projectAllowlist && this.projectAllowlist.expires_at) {
+                return new Date(this.projectAllowlist.expires_at * ONE_THOUSAND);
             }
         }
         return null;
     }
 
     set expiresDate(date) {
-        if (this.systemWhitelistOrProjectWhitelist === 'false') {
-            if (this.projectWhitelist && date) {
-                this.projectWhitelist.expires_at = Math.floor(date.getTime() / ONE_THOUSAND);
+        if (this.systemAllowlistOrProjectAllowlist === 'false') {
+            if (this.projectAllowlist && date) {
+                this.projectAllowlist.expires_at = Math.floor(date.getTime() / ONE_THOUSAND);
             }
         }
     }
 
     get neverExpires(): boolean {
-        if (this.systemWhitelistOrProjectWhitelist === 'true') {
-            if (this.systemWhitelist && this.systemWhitelist.expires_at) {
-                return !(this.systemWhitelist && this.systemWhitelist.expires_at);
+        if (this.systemAllowlistOrProjectAllowlist === 'true') {
+            if (this.systemAllowlist && this.systemAllowlist.expires_at) {
+                return !(this.systemAllowlist && this.systemAllowlist.expires_at);
             }
         } else {
-            if (this.projectWhitelist && this.projectWhitelist.expires_at) {
-                return !(this.projectWhitelist && this.projectWhitelist.expires_at);
+            if (this.projectAllowlist && this.projectAllowlist.expires_at) {
+                return !(this.projectAllowlist && this.projectAllowlist.expires_at);
             }
         }
         return true;
@@ -337,21 +337,21 @@ export class ProjectPolicyConfigComponent implements OnInit {
 
     set neverExpires(flag) {
         if (flag) {
-            this.projectWhitelist.expires_at = null;
+            this.projectAllowlist.expires_at = null;
             this.systemInfoService.resetDateInput(this.dateInput);
         } else {
-            this.projectWhitelist.expires_at = Math.floor(new Date().getTime() / ONE_THOUSAND);
+            this.projectAllowlist.expires_at = Math.floor(new Date().getTime() / ONE_THOUSAND);
         }
     }
 
     get hasExpired(): boolean {
-        if (this.systemWhitelistOrProjectWhitelist === 'true') {
-            if (this.systemWhitelist && this.systemWhitelist.expires_at) {
-                return new Date().getTime() > this.systemWhitelist.expires_at * ONE_THOUSAND;
+        if (this.systemAllowlistOrProjectAllowlist === 'true') {
+            if (this.systemAllowlist && this.systemAllowlist.expires_at) {
+                return new Date().getTime() > this.systemAllowlist.expires_at * ONE_THOUSAND;
             }
         } else {
-            if (this.projectWhitelistOrigin && this.projectWhitelistOrigin.expires_at) {
-                return new Date().getTime() > this.projectWhitelistOrigin.expires_at * ONE_THOUSAND;
+            if (this.projectAllowlistOrigin && this.projectAllowlistOrigin.expires_at) {
+                return new Date().getTime() > this.projectAllowlistOrigin.expires_at * ONE_THOUSAND;
             }
         }
         return false;

src/portal/src/lib/components/project-policy-config/project.ts

@@ -18,9 +18,9 @@ export class Project {
       prevent_vul: string | boolean;
       severity: string;
       auto_scan: string | boolean;
-      reuse_sys_cve_whitelist?: string;
+      reuse_sys_cve_allowlist?: string;
     };
-    cve_whitelist?: object;
+    cve_allowlist?: object;
     constructor () {
         this.metadata.public = false;
         this.metadata.enable_content_trust = false;

src/portal/src/lib/services/interface.ts

@@ -439,7 +439,7 @@ export interface ProjectRootInterface {
   VALUE: number;
   LABEL: string;
 }
-export interface SystemCVEWhitelist {
+export interface SystemCVEAllowlist {
   id: number;
   project_id: number;
   expires_at: number;

src/portal/src/lib/services/project.service.ts

@@ -47,8 +47,8 @@ export abstract class ProjectService {
   abstract updateProjectPolicy(
     projectId: number | string,
     projectPolicy: ProjectPolicy,
-    reuseSysCVEVWhitelist: string,
-    projectWhitelist: object
+    reuseSysCVEVAllowlist: string,
+    projectAllowlist: object
   ): Observable<any>;
 
   /**
@@ -109,8 +109,8 @@ export class ProjectDefaultService extends ProjectService {
   public updateProjectPolicy(
     projectId: number | string,
     projectPolicy: ProjectPolicy,
-    reuseSysCVEVWhitelist: string,
-    projectWhitelist: object
+    reuseSysCVEVAllowlist: string,
+    projectAllowlist: object
   ): any {
     let baseUrl: string = this.config.projectBaseEndpoint
       ? this.config.projectBaseEndpoint
@@ -125,9 +125,9 @@ export class ProjectDefaultService extends ProjectService {
               prevent_vul: projectPolicy.PreventVulImg ? "true" : "false",
               severity: projectPolicy.PreventVulImgSeverity,
               auto_scan: projectPolicy.ScanImgOnPush ? "true" : "false",
-              reuse_sys_cve_whitelist: reuseSysCVEVWhitelist
+              reuse_sys_cve_allowlist: reuseSysCVEVAllowlist
           },
-            cve_whitelist: projectWhitelist
+            cve_allowlist: projectAllowlist
         },
         HTTP_JSON_OPTIONS
       )

src/portal/src/lib/services/system-info.service.ts

@@ -2,7 +2,7 @@ import {ElementRef, Inject, Injectable} from '@angular/core';
 import { HttpClient } from '@angular/common/http';
 import { map, catchError } from "rxjs/operators";
 import { Observable, throwError as observableThrowError } from "rxjs";
-import {SystemCVEWhitelist, SystemInfo} from './interface';
+import {SystemCVEAllowlist, SystemInfo} from './interface';
 import { SERVICE_CONFIG, IServiceConfig } from '../entities/service.config';
 import { CURRENT_BASE_HREF, HTTP_GET_OPTIONS, HTTP_JSON_OPTIONS } from "../utils/utils";
 
@@ -19,14 +19,14 @@ export abstract class SystemInfoService {
    */
   abstract getSystemInfo(): Observable<SystemInfo>;
   /**
-   *  get system CEVWhitelist
+   *  get system CEVAllowlist
    */
-  abstract getSystemWhitelist(): Observable<SystemCVEWhitelist>;
+  abstract getSystemAllowlist(): Observable<SystemCVEAllowlist>;
   /**
-   *  update systemCVEWhitelist
-   * @param systemCVEWhitelist
+   *  update systemCVEAllowlist
+   * @param systemCVEAllowlist
    */
-  abstract updateSystemWhitelist(systemCVEWhitelist: SystemCVEWhitelist): Observable<any>;
+  abstract updateSystemAllowlist(systemCVEAllowlist: SystemCVEAllowlist): Observable<any>;
   /**
    *  set null to the date type input
    * @param ref
@@ -47,13 +47,13 @@ export class SystemInfoDefaultService extends SystemInfoService {
       .pipe(map(systemInfo => systemInfo as SystemInfo)
       , catchError(error => observableThrowError(error)));
   }
-  public getSystemWhitelist(): Observable<SystemCVEWhitelist> {
-    return this.http.get(CURRENT_BASE_HREF + "/system/CVEWhitelist", HTTP_GET_OPTIONS)
-        .pipe(map(systemCVEWhitelist => systemCVEWhitelist as SystemCVEWhitelist)
+  public getSystemAllowlist(): Observable<SystemCVEAllowlist> {
+    return this.http.get(CURRENT_BASE_HREF + "/system/CVEAllowlist", HTTP_GET_OPTIONS)
+        .pipe(map(systemCVEAllowlist => systemCVEAllowlist as SystemCVEAllowlist)
             , catchError(error => observableThrowError(error)));
   }
-  public updateSystemWhitelist(systemCVEWhitelist: SystemCVEWhitelist): Observable<any> {
-    return this.http.put(CURRENT_BASE_HREF + "/system/CVEWhitelist", JSON.stringify(systemCVEWhitelist), HTTP_JSON_OPTIONS)
+  public updateSystemAllowlist(systemCVEAllowlist: SystemCVEAllowlist): Observable<any> {
+    return this.http.put(CURRENT_BASE_HREF + "/system/CVEAllowlist", JSON.stringify(systemCVEAllowlist), HTTP_JSON_OPTIONS)
         .pipe(map(response => response)
             , catchError(error => observableThrowError(error)));
   }

src/server/middleware/vulnerable/vulnerable.go

@@ -59,7 +59,7 @@ func Middleware() func(http.Handler) http.Handler {
 			return err
 		}
 
-		proj, err := projectController.Get(ctx, art.ProjectID, project.CVEWhitelist(true))
+		proj, err := projectController.Get(ctx, art.ProjectID, project.CVEAllowlist(true))
 		if err != nil {
 			logger.Errorf("get the project %d failed, error: %v", art.ProjectID, err)
 			return err
@@ -91,8 +91,8 @@ func Middleware() func(http.Handler) http.Handler {
 			return nil
 		}
 
-		whitelist := report.CVESet(proj.CVEWhitelist.CVESet())
-		summaries, err := scanController.GetSummary(ctx, art, []string{v1.MimeTypeNativeReport}, report.WithCVEWhitelist(&whitelist))
+		allowlist := report.CVESet(proj.CVEAllowlist.CVESet())
+		summaries, err := scanController.GetSummary(ctx, art, []string{v1.MimeTypeNativeReport}, report.WithCVEAllowlist(&allowlist))
 		if err != nil {
 			logger.Errorf("get vulnerability summary of the artifact %s@%s failed, error: %v", art.RepositoryName, art.Digest, err)
 			return err
@@ -114,11 +114,11 @@ func Middleware() func(http.Handler) http.Handler {
 		}
 
 		if art.IsImageIndex() {
-			// artifact is image index, skip the checking when it is in the whitelist
-			skippingWhitelist := []string{image.ArtifactTypeImage, cnab.ArtifactTypeCNAB}
-			for _, t := range skippingWhitelist {
+			// artifact is image index, skip the checking when it is in the allowlist
+			skippingAllowlist := []string{image.ArtifactTypeImage, cnab.ArtifactTypeCNAB}
+			for _, t := range skippingAllowlist {
 				if art.Type == t {
-					logger.Debugf("artifact %s@%s is image index and its type is %s in skipping whitelist, "+
+					logger.Debugf("artifact %s@%s is image index and its type is %s in skipping allowlist, "+
 						"skip the vulnerability prevention checking", art.RepositoryName, art.Digest, art.Type)
 					return nil
 				}
@@ -145,7 +145,7 @@ func Middleware() func(http.Handler) http.Handler {
 				thing = "vulnerabilities"
 			}
 			msg := fmt.Sprintf(`current image with %d %s cannot be pulled due to configured policy in 'Prevent images with vulnerability severity of "%s" or higher from running.' `+
-				`To continue with pull, please contact your project administrator to exempt matched vulnerabilities through configuring the CVE whitelist.`,
+				`To continue with pull, please contact your project administrator to exempt matched vulnerabilities through configuring the CVE allowlist.`,
 				summary.Summary.Total, thing, projectSeverity)
 			return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage(msg)
 		}

src/server/v2.0/route/legacy.go

@@ -58,7 +58,7 @@ func registerLegacyRoutes() {
 	beego.Router("/api/"+version+"/system/gc/:id([0-9]+)/log", &api.GCAPI{}, "get:GetLog")
 	beego.Router("/api/"+version+"/system/gc/schedule", &api.GCAPI{}, "get:Get;put:Put;post:Post")
 	beego.Router("/api/"+version+"/system/scanAll/schedule", &api.ScanAllAPI{}, "get:Get;put:Put;post:Post")
-	beego.Router("/api/"+version+"/system/CVEWhitelist", &api.SysCVEWhitelistAPI{}, "get:Get;put:Put")
+	beego.Router("/api/"+version+"/system/CVEAllowlist", &api.SysCVEAllowlistAPI{}, "get:Get;put:Put")
 	beego.Router("/api/"+version+"/system/oidc/ping", &api.OIDCAPI{}, "post:Ping")
 
 	beego.Router("/api/"+version+"/replication/adapters", &api.ReplicationAdapterAPI{}, "get:List")

tests/apitests/python/library/project.py

@@ -77,9 +77,9 @@ class Project(base.Base):
         base._assert_status_code(200, status_code)
         return data
 
-    def update_project(self, project_id, expect_status_code=200, metadata=None, cve_whitelist=None, **kwargs):
+    def update_project(self, project_id, expect_status_code=200, metadata=None, cve_allowlist=None, **kwargs):
         client = self._get_client(**kwargs)
-        project = swagger_client.ProjectReq(metadata=metadata, cve_whitelist=cve_whitelist)
+        project = swagger_client.ProjectReq(metadata=metadata, cve_allowlist=cve_allowlist)
         try:
             _, sc, _ = client.projects_project_id_put_with_http_info(project_id, project)
         except ApiException as e:
@@ -225,4 +225,4 @@ class Project(base.Base):
         client = self._get_client(**kwargs)
         _, status_code, _ = client.projects_project_id_robots_robot_id_delete_with_http_info(project_id, robot_id)
         base._assert_status_code(expect_status_code, status_code)
-        base._assert_status_code(200, status_code)
+        base._assert_status_code(200, status_code)

tests/apitests/python/library/system.py

@@ -174,20 +174,20 @@ class System(base.Base):
         if deleted_files_count == 0:
             raise Exception(r"Get blobs eligible for deletion count is {}, while we expect more than 1.".format(deleted_files_count))
 
-    def set_cve_whitelist(self, expires_at=None, expected_status_code=200, *cve_ids, **kwargs):
+    def set_cve_allowlist(self, expires_at=None, expected_status_code=200, *cve_ids, **kwargs):
         client = self._get_client(**kwargs)
-        cve_list = [swagger_client.CVEWhitelistItem(cve_id=c) for c in cve_ids]
-        whitelist = swagger_client.CVEWhitelist(expires_at=expires_at, items=cve_list)
+        cve_list = [swagger_client.CVEAllowlistItem(cve_id=c) for c in cve_ids]
+        allowlist = swagger_client.CVEAllowlist(expires_at=expires_at, items=cve_list)
         try:
-            r = client.system_cve_whitelist_put_with_http_info(whitelist=whitelist, _preload_content=False)
+            r = client.system_cve_allowlist_put_with_http_info(allowlist=allowlist, _preload_content=False)
         except Exception as e:
             base._assert_status_code(expected_status_code, e.status)
         else:
             base._assert_status_code(expected_status_code, r[1])
 
-    def get_cve_whitelist(self, **kwargs):
+    def get_cve_allowlist(self, **kwargs):
         client = self._get_client(**kwargs)
-        return client.system_cve_whitelist_get()
+        return client.system_cve_allowlist_get()
 
     def get_project_quota(self, reference, reference_id, **kwargs):
         params={}
@@ -197,4 +197,4 @@ class System(base.Base):
         client = self._get_client(**kwargs)
         data, status_code, _ = client.quotas_get_with_http_info(**params)
         base._assert_status_code(200, status_code)
-        return data
+        return data

tests/apitests/python/test_project_level_cve_allowlist.py

@@ -9,23 +9,23 @@ from library.project import Project
 from library.user import User
 
 
-class TestProjectCVEWhitelist(unittest.TestCase):
+class TestProjectCVEAllowlist(unittest.TestCase):
     """
     Test case:
-        Project Level CVE Whitelist
+        Project Level CVE Allowlist
     Setup:
         1.Admin creates project(PA)
         2.Create user(RA)
         3.Add user(RA) as a guest of project(PA)
     Test Steps:
-        1. User(RA) reads the project(PA), verify the "reuse_sys_cve_whitelist" is empty in the metadata, and the CVE whitelist is empty
-        2. User(RA) updates the project CVE whitelist, verify it fails with Forbidden error.
+        1. User(RA) reads the project(PA), verify the "reuse_sys_cve_allowlist" is empty in the metadata, and the CVE allowlist is empty
+        2. User(RA) updates the project CVE allowlist, verify it fails with Forbidden error.
         3. Admin user updates User(RA) as project admin.
-        4. User(RA) updates the project CVE whitelist with expiration date and one item in the items list.
-        5. User(RA) reads the project(PA), verify the CVE whitelist is updated as step 4
-        6. User(RA) updates the project CVE whitelist removes expiration date and clean the items.
-        7. User(RA) reads the project(PA), verify the CVE whitelist is updated as step 6
-        8. User(RA) updates the project metadata to set "reuse_sys_cve_whitelist" to true.
+        4. User(RA) updates the project CVE allowlist with expiration date and one item in the items list.
+        5. User(RA) reads the project(PA), verify the CVE allowlist is updated as step 4
+        6. User(RA) updates the project CVE allowlist removes expiration date and clean the items.
+        7. User(RA) reads the project(PA), verify the CVE allowlist is updated as step 6
+        8. User(RA) updates the project metadata to set "reuse_sys_cve_allowlist" to true.
         9. User(RA) reads the project(PA) verify the project metadata is updated.
     Tear Down:
         1. Remove User(RA) from project(PA) as member
@@ -55,40 +55,40 @@ class TestProjectCVEWhitelist(unittest.TestCase):
         self.project.delete_project(self.project_pa_id,**ADMIN_CLIENT)
         self.user.delete_user(self.user_ra_id, **ADMIN_CLIENT)
 
-    def testProjectLevelCVEWhitelist(self):
-        # User(RA) reads the project(PA), verify the "reuse_sys_cve_whitelist" is empty in the metadata,
-        # and the CVE whitelist is empty
+    def testProjectLevelCVEAllowlist(self):
+        # User(RA) reads the project(PA), verify the "reuse_sys_cve_allowlist" is empty in the metadata,
+        # and the CVE allowlist is empty
         p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT)
-        self.assertIsNone(p.metadata.reuse_sys_cve_whitelist)
-        self.assertEqual(0, len(p.cve_whitelist.items))
+        self.assertIsNone(p.metadata.reuse_sys_cve_allowlist)
+        self.assertEqual(0, len(p.cve_allowlist.items))
 
-        # User(RA) updates the project CVE whitelist, verify it fails with Forbidden error.
-        item_list = [swagger_client.CVEWhitelistItem(cve_id="CVE-2019-12310")]
+        # User(RA) updates the project CVE allowlist, verify it fails with Forbidden error.
+        item_list = [swagger_client.CVEAllowlistItem(cve_id="CVE-2019-12310")]
         exp = int(time.time()) + 1000
-        wl = swagger_client.CVEWhitelist(expires_at=exp, items=item_list)
-        self.project.update_project(self.project_pa_id, cve_whitelist=wl, expect_status_code=403, **self.USER_RA_CLIENT)
+        wl = swagger_client.CVEAllowlist(expires_at=exp, items=item_list)
+        self.project.update_project(self.project_pa_id, cve_allowlist=wl, expect_status_code=403, **self.USER_RA_CLIENT)
 
         # Admin user updates User(RA) as project admin.
         self.project.update_project_member_role(self.project_pa_id,self.member_id, 1, **ADMIN_CLIENT)
 
-        # User(RA) updates the project CVE whitelist with expiration date and one item in the items list.
-        self.project.update_project(self.project_pa_id, cve_whitelist=wl, **self.USER_RA_CLIENT)
+        # User(RA) updates the project CVE allowlist with expiration date and one item in the items list.
+        self.project.update_project(self.project_pa_id, cve_allowlist=wl, **self.USER_RA_CLIENT)
         p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT)
-        self.assertEqual("CVE-2019-12310", p.cve_whitelist.items[0].cve_id)
-        self.assertEqual(exp, p.cve_whitelist.expires_at)
+        self.assertEqual("CVE-2019-12310", p.cve_allowlist.items[0].cve_id)
+        self.assertEqual(exp, p.cve_allowlist.expires_at)
 
-        # User(RA) updates the project CVE whitelist with empty items list
-        wl2 = swagger_client.CVEWhitelist(items=[])
-        self.project.update_project(self.project_pa_id, cve_whitelist=wl2, **self.USER_RA_CLIENT)
+        # User(RA) updates the project CVE allowlist with empty items list
+        wl2 = swagger_client.CVEAllowlist(items=[])
+        self.project.update_project(self.project_pa_id, cve_allowlist=wl2, **self.USER_RA_CLIENT)
         p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT)
-        self.assertEqual(0, len(p.cve_whitelist.items))
-        self.assertIsNone(p.cve_whitelist.expires_at)
+        self.assertEqual(0, len(p.cve_allowlist.items))
+        self.assertIsNone(p.cve_allowlist.expires_at)
 
-        # User(RA) updates the project metadata to set "reuse_sys_cve_whitelist" to true.
-        meta = swagger_client.ProjectMetadata(reuse_sys_cve_whitelist="true")
+        # User(RA) updates the project metadata to set "reuse_sys_cve_allowlist" to true.
+        meta = swagger_client.ProjectMetadata(reuse_sys_cve_allowlist="true")
         self.project.update_project(self.project_pa_id, metadata=meta, **self.USER_RA_CLIENT)
         p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT)
-        self.assertEqual("true", p.metadata.reuse_sys_cve_whitelist)
+        self.assertEqual("true", p.metadata.reuse_sys_cve_allowlist)
 
 
 if __name__ == '__main__':

tests/apitests/python/test_sys_cve_allowlists.py

@@ -9,22 +9,22 @@ from library.user import User
 from library.system import System
 
 
-class TestSysCVEWhitelist(unittest.TestCase):
+class TestSysCVEAllowlist(unittest.TestCase):
     """
     Test case:
-        System Level CVE Whitelist
+        System Level CVE Allowlist
     Setup:
         Create user(RA)
     Test Steps:
-        1. User(RA) reads the system level CVE whitelist and it's empty.
-        2. User(RA) updates the system level CVE whitelist, verify it's failed.
+        1. User(RA) reads the system level CVE allowlist and it's empty.
+        2. User(RA) updates the system level CVE allowlist, verify it's failed.
         3. Update user(RA) to system admin
-        4. User(RA) updates the system level CVE whitelist, verify it's successful.
-        5. User(RA) reads the system level CVE whitelist, verify the CVE list is updated.
-        6. User(RA) updates the expiration date of system level CVE whitelist.
-        7. User(RA) reads the system level CVE whitelist, verify the expiration date is updated.
+        4. User(RA) updates the system level CVE allowlist, verify it's successful.
+        5. User(RA) reads the system level CVE allowlist, verify the CVE list is updated.
+        6. User(RA) updates the expiration date of system level CVE allowlist.
+        7. User(RA) reads the system level CVE allowlist, verify the expiration date is updated.
     Tear Down:
-        1. Clear the system level CVE whitelist.
+        1. Clear the system level CVE allowlist.
         2. Delete User(RA)
     """
     def setUp(self):
@@ -39,35 +39,35 @@ class TestSysCVEWhitelist(unittest.TestCase):
                                    password=user_ra_password)
         self.user_ra_id = int(user_ra_id)
 
-    def testSysCVEWhitelist(self):
-        # 1. User(RA) reads the system level CVE whitelist and it's empty.
-        wl = self.system.get_cve_whitelist(**self.USER_RA_CLIENT)
-        self.assertEqual(0, len(wl.items), "The initial system level CVE whitelist is not empty: %s" % wl.items)
-        # 2. User(RA) updates the system level CVE whitelist, verify it's failed.
+    def testSysCVEAllowlist(self):
+        # 1. User(RA) reads the system level CVE allowlist and it's empty.
+        wl = self.system.get_cve_allowlist(**self.USER_RA_CLIENT)
+        self.assertEqual(0, len(wl.items), "The initial system level CVE allowlist is not empty: %s" % wl.items)
+        # 2. User(RA) updates the system level CVE allowlist, verify it's failed.
         cves = ['CVE-2019-12310']
-        self.system.set_cve_whitelist(None, 403, *cves, **self.USER_RA_CLIENT)
+        self.system.set_cve_allowlist(None, 403, *cves, **self.USER_RA_CLIENT)
         # 3. Update user(RA) to system admin
         self.user.update_user_role_as_sysadmin(self.user_ra_id, True, **ADMIN_CLIENT)
-        # 4. User(RA) updates the system level CVE whitelist, verify it's successful.
-        self.system.set_cve_whitelist(None, 200, *cves, **self.USER_RA_CLIENT)
-        # 5. User(RA) reads the system level CVE whitelist, verify the CVE list is updated.
-        expect_wl = [swagger_client.CVEWhitelistItem(cve_id='CVE-2019-12310')]
-        wl = self.system.get_cve_whitelist(**self.USER_RA_CLIENT)
+        # 4. User(RA) updates the system level CVE allowlist, verify it's successful.
+        self.system.set_cve_allowlist(None, 200, *cves, **self.USER_RA_CLIENT)
+        # 5. User(RA) reads the system level CVE allowlist, verify the CVE list is updated.
+        expect_wl = [swagger_client.CVEAllowlistItem(cve_id='CVE-2019-12310')]
+        wl = self.system.get_cve_allowlist(**self.USER_RA_CLIENT)
         self.assertIsNone(wl.expires_at)
         self.assertEqual(expect_wl, wl.items)
-        # 6. User(RA) updates the expiration date of system level CVE whitelist.
+        # 6. User(RA) updates the expiration date of system level CVE allowlist.
         exp = int(time.time()) + 3600
-        self.system.set_cve_whitelist(exp, 200, *cves, **self.USER_RA_CLIENT)
-        # 7. User(RA) reads the system level CVE whitelist, verify the expiration date is updated.
-        wl = self.system.get_cve_whitelist(**self.USER_RA_CLIENT)
+        self.system.set_cve_allowlist(exp, 200, *cves, **self.USER_RA_CLIENT)
+        # 7. User(RA) reads the system level CVE allowlist, verify the expiration date is updated.
+        wl = self.system.get_cve_allowlist(**self.USER_RA_CLIENT)
         self.assertEqual(exp, wl.expires_at)
 
     def tearDown(self):
-        print("TearDown: Clearing the Whitelist")
-        self.system.set_cve_whitelist(**ADMIN_CLIENT)
+        print("TearDown: Clearing the Allowlist")
+        self.system.set_cve_allowlist(**ADMIN_CLIENT)
         print("TearDown: Deleting user: %d" % self.user_ra_id)
         self.user.delete_user(self.user_ra_id, **ADMIN_CLIENT)
 
 
 if __name__ == '__main__':
-    unittest.main()
+    unittest.main()

tests/resources/Harbor-Pages/Configuration.robot

@@ -316,14 +316,14 @@ Switch To GC History
     Retry Element Click  xpath=${gc_log_xpath}
     Retry Wait Until Page Contains  Job
 
-Add Items To System CVE Whitelist
+Add Items To System CVE Allowlist
     [Arguments]    ${cve_id}
     Retry Element Click    ${configuration_system_wl_add_btn}
     Retry Text Input    ${configuration_system_wl_textarea}    ${cve_id}
     Retry Element Click    ${configuration_system_wl_add_confirm_btn}
     Retry Element Click    ${config_system_save_button_xpath}
 
-Delete Top Item In System CVE Whitelist
+Delete Top Item In System CVE Allowlist
     [Arguments]  ${count}=1
     :FOR  ${idx}  IN RANGE  1  ${count}
     \   Retry Element Click    ${configuration_system_wl_delete_a_cve_id_icon}

tests/resources/Harbor-Pages/Configuration_Elements.robot

@@ -33,8 +33,8 @@ ${gc_log_details_xpath}  //*[@id='clr-dg-row26']/clr-dg-cell[6]/a
 ${configuration_system_tabsheet_id}  //*[@id='config-system']
 ${configuration_project_quotas_tabsheet_id}  //*[@id='config-quotas']
 ${configuration_system_wl_add_btn}    //*[@id='show-add-modal-button']
-${configuration_system_wl_textarea}    //*[@id='whitelist-textarea']
+${configuration_system_wl_textarea}    //*[@id='allowlist-textarea']
 ${configuration_system_wl_add_confirm_btn}    //*[@id='add-to-system']
 ${configuration_system_wl_delete_a_cve_id_icon}    //system-settings/form/section//ul/li[1]/a[2]/clr-icon
 ${configuration_sys_repo_readonly_chb_id}  //*[@id='repo_read_only_lbl']
-${checkbox_delete_untagged_artifacts}  //gc-config//clr-toggle-wrapper/label[contains(@for,'delete_untagged')]
+${checkbox_delete_untagged_artifacts}  //gc-config//clr-toggle-wrapper/label[contains(@for,'delete_untagged')]

tests/resources/Harbor-Pages/Project-Config.robot

@@ -53,33 +53,33 @@ Prevent Running Should Be Selected
 Auto Scan Should Be Selected
     Checkbox Should Be Selected  //hbr-project-policy-config//input[@name='scan-image-on-push']
 
-Select System CVE Whitelist
+Select System CVE Allowlist
     Retry Element Click    ${project_config_system_wl_radio_input}
 
-Select Prject CVE Whitelist
+Select Prject CVE Allowlist
     Retry Element Click    ${project_config_project_wl_radio_input}
 
-Add System CVE Whitelist to Project CVE Whitelist By Add System Button Click
+Add System CVE Allowlist to Project CVE Allowlist By Add System Button Click
     Goto Project Config
-    Select Prject CVE Whitelist
+    Select Prject CVE Allowlist
     Retry Element Click    ${project_configuration_wl_project_add_system_btn}
     Retry Element Click    ${project_config_save_btn}
 
-Set Project To Project Level CVE Whitelist
+Set Project To Project Level CVE Allowlist
     Goto Project Config
-    Select Prject CVE Whitelist
+    Select Prject CVE Allowlist
     Retry Element Click    ${project_config_save_btn}
 
-Add Items to Project CVE Whitelist
+Add Items to Project CVE Allowlist
     [Arguments]    ${cve_id}
     Goto Project Config
-    Select Prject CVE Whitelist
+    Select Prject CVE Allowlist
     Retry Element Click    ${project_config_project_wl_add_btn}
     Retry Text Input    ${configuration_system_wl_textarea}    ${cve_id}
     Retry Element Click    ${project_config_project_wl_add_confirm_btn}
     Retry Element Click    ${project_config_save_btn}
 
-Delete Top Item In Project CVE Whitelist
+Delete Top Item In Project CVE Allowlist
     [Arguments]
     Goto Project Config
     Retry Element Click    ${project_configuration_wl_delete_a_cve_id_icon}

tests/resources/Harbor-Pages/Project_Elements.robot

@@ -65,12 +65,12 @@ ${project_config_prevent_vulnerable_images_from_running_checkbox}  xpath=//input
 ${project_config_severity_select}  xpath=//select[@id='severity']
 ${project_config_public_checkbox_label}  xpath=//*[@id="clr-wrapper-public"]/div/clr-checkbox-wrapper/label
 ${project_config_prevent_vulenrability_checkbox_label}    xpath=//*[@id='prevent-vulenrability-image']//clr-checkbox-wrapper//label
-${project_config_system_wl_radio_input}    xpath=//clr-radio-wrapper//label[contains(.,'System whitelist')]
-${project_config_project_wl_radio_input}    xpath=//clr-radio-wrapper//label[contains(.,'Project whitelist')]
-${project_config_system_wl_radio_input_id}    systemWhitelistOrProjectWhitelist
-${project_config_project_wl_radio_input_id}    systemWhitelistOrProjectWhitelist
+${project_config_system_wl_radio_input}    xpath=//clr-radio-wrapper//label[contains(.,'System allowlist')]
+${project_config_project_wl_radio_input}    xpath=//clr-radio-wrapper//label[contains(.,'Project allowlist')]
+${project_config_system_wl_radio_input_id}    systemAllowlistOrProjectAllowlist
+${project_config_project_wl_radio_input_id}    systemAllowlistOrProjectAllowlist
 ${project_config_project_wl_add_btn}    xpath=//*[@id='show-add-modal']
-${project_config_project_wl_add_confirm_btn}    xpath=//*[@id='add-to-whitelist']
+${project_config_project_wl_add_confirm_btn}    xpath=//*[@id='add-to-allowlist']
 ${project_config_save_btn}    xpath=//hbr-project-policy-config//button[contains(.,'SAVE')]
 ${project_add_count_quota_input_text_id}    xpath=//*[@id='create_project_count_limit']
 ${project_add_storage_quota_input_text_id}    xpath=//*[@id='create_project_storage_limit']

tests/resources/Harbor-Pages/Verify.robot

@@ -352,9 +352,9 @@ Verify System Setting
     Robot Account Token Must Be Match  @{robot_token}[0]
     Close Browser
 
-Verify Project-level Whitelist
+Verify Project-level Allowlist
     [Arguments]    ${json}
-    Log To Console  "Verify Project-level Whitelist..."
+    Log To Console  "Verify Project-level Allowlist..."
     @{project}=  Get Value From Json  ${json}  $.projects.[*].name
     Init Chrome Driver
     Sign In Harbor  ${HARBOR_URL}  ${HARBOR_ADMIN}  ${HARBOR_PASSWORD}
@@ -363,8 +363,8 @@ Verify Project-level Whitelist
     \    ${has_image}  Set Variable If  @{out_has_image}[0] == ${true}  ${true}  ${false}
     \    Go Into Project  ${project}  has_image=${has_image}
     \    Switch To Project Configuration
-    \    @{is_reuse_sys_cve_whitelist}=    Get Value From Json    ${json}    $.projects[?(@.name=${project})].configuration.reuse_sys_cve_whitelist
-    \    Run Keyword If  "@{is_reuse_sys_cve_whitelist}[0]" == "true"  Retry Wait Element Should Be Disabled   ${project_config_project_wl_add_btn}
+    \    @{is_reuse_sys_cve_allowlist}=    Get Value From Json    ${json}    $.projects[?(@.name=${project})].configuration.reuse_sys_cve_allowlist
+    \    Run Keyword If  "@{is_reuse_sys_cve_allowlist}[0]" == "true"  Retry Wait Element Should Be Disabled   ${project_config_project_wl_add_btn}
     \    ...  ELSE  Retry Wait Element  ${project_config_project_wl_add_btn}
     \    @{cve_ids}=    Get Value From Json    ${json}    $.projects[?(@.name=${project})].configuration.cve
     \    Loop Verifiy CVE_IDs  @{cve_ids}
@@ -376,9 +376,9 @@ Loop Verifiy CVE_IDs
     :For    ${cve_id}    In    @{cve_ids}
     \    Page Should Contain    ${cve_id}
 
-Verify System Setting Whitelist
+Verify System Setting Allowlist
     [Arguments]    ${json}
-    Log To Console  "Verify Verify System Setting Whitelist..."
+    Log To Console  "Verify Verify System Setting Allowlist..."
     @{cve_ids}=  Get Value From Json  ${json}  $.configuration..cve..id
     Init Chrome Driver
     Sign In Harbor  ${HARBOR_URL}  ${HARBOR_ADMIN}  ${HARBOR_PASSWORD}

tests/resources/TestCaseBody.robot

@@ -223,8 +223,8 @@ Helm3 CLI Push Without Sign In Harbor
     Retry Double Keywords When Error  Go Into Chart Version  ${harbor_chart_name}  Retry Wait Until Page Contains  ${harbor_chart_version}
     Capture Page Screenshot
 
-#Important Note: All CVE IDs in CVE Whitelist cases must unique!
-Body Of Verfiy System Level CVE Whitelist
+#Important Note: All CVE IDs in CVE Allowlist cases must unique!
+Body Of Verfiy System Level CVE Allowlist
     [Arguments]  ${image_argument}  ${sha256_argument}  ${most_cve_list}  ${single_cve}
     [Tags]  run-once
     Init Chrome Driver
@@ -248,17 +248,17 @@ Body Of Verfiy System Level CVE Whitelist
     Sign In Harbor    ${HARBOR_URL}    ${HARBOR_ADMIN}  ${HARBOR_PASSWORD}
     Switch To Configure
     Switch To Configuration System Setting
-    # Add Items To System CVE Whitelist    CVE-2019-19317\nCVE-2019-19646 \nCVE-2019-5188 \nCVE-2019-20387 \nCVE-2019-17498 \nCVE-2019-20372 \nCVE-2019-19244 \nCVE-2019-19603 \nCVE-2019-19880 \nCVE-2019-19923 \nCVE-2019-19925 \nCVE-2019-19926 \nCVE-2019-19959 \nCVE-2019-20218 \nCVE-2019-19232 \nCVE-2019-19234 \nCVE-2019-19645
-    Add Items To System CVE Whitelist    ${most_cve_list}
+    # Add Items To System CVE Allowlist    CVE-2019-19317\nCVE-2019-19646 \nCVE-2019-5188 \nCVE-2019-20387 \nCVE-2019-17498 \nCVE-2019-20372 \nCVE-2019-19244 \nCVE-2019-19603 \nCVE-2019-19880 \nCVE-2019-19923 \nCVE-2019-19925 \nCVE-2019-19926 \nCVE-2019-19959 \nCVE-2019-20218 \nCVE-2019-19232 \nCVE-2019-19234 \nCVE-2019-19645
+    Add Items To System CVE Allowlist    ${most_cve_list}
     Cannot Pull Image  ${ip}    ${signin_user}    ${signin_pwd}    project${d}    ${image}    tag=${sha256}  err_msg=cannot be pulled due to configured policy
-    # Add Items To System CVE Whitelist    CVE-2019-18276
-    Add Items To System CVE Whitelist    ${single_cve}
+    # Add Items To System CVE Allowlist    CVE-2019-18276
+    Add Items To System CVE Allowlist    ${single_cve}
     Pull Image    ${ip}    ${signin_user}    ${signin_pwd}    project${d}    ${image}    tag=${sha256}
-    Delete Top Item In System CVE Whitelist  count=6
+    Delete Top Item In System CVE Allowlist  count=6
     Cannot Pull Image  ${ip}    ${signin_user}    ${signin_pwd}    project${d}    ${image}    tag=${sha256}  err_msg=cannot be pulled due to configured policy
     Close Browser
 
-Body Of Verfiy Project Level CVE Whitelist
+Body Of Verfiy Project Level CVE Allowlist
     [Arguments]  ${image_argument}  ${sha256_argument}  ${most_cve_list}  ${single_cve}
     [Tags]  run-once
     Init Chrome Driver
@@ -278,15 +278,15 @@ Body Of Verfiy Project Level CVE Whitelist
     Go Into Repo  project${d}/${image}
     Scan Repo  ${sha256}  Succeed
     Go Into Project  project${d}
-    Add Items to Project CVE Whitelist    ${most_cve_list}
+    Add Items to Project CVE Allowlist    ${most_cve_list}
     Cannot Pull Image  ${ip}    ${signin_user}    ${signin_pwd}    project${d}    ${image}    tag=${sha256}
-    Add Items to Project CVE Whitelist    ${single_cve}
+    Add Items to Project CVE Allowlist    ${single_cve}
     Pull Image    ${ip}    ${signin_user}    ${signin_pwd}    project${d}    ${image}    tag=${sha256}
-    Delete Top Item In Project CVE Whitelist
+    Delete Top Item In Project CVE Allowlist
     Cannot Pull Image  ${ip}    ${signin_user}    ${signin_pwd}    project${d}    ${image}    tag=${sha256}
     Close Browser
 
-Body Of Verfiy Project Level CVE Whitelist By Quick Way of Add System
+Body Of Verfiy Project Level CVE Allowlist By Quick Way of Add System
     [Arguments]  ${image_argument}  ${sha256_argument}  ${cve_list}
     [Tags]  run-once
     Init Chrome Driver
@@ -298,7 +298,7 @@ Body Of Verfiy Project Level CVE Whitelist By Quick Way of Add System
     Sign In Harbor    ${HARBOR_URL}    ${HARBOR_ADMIN}  ${HARBOR_PASSWORD}
     Switch To Configure
     Switch To Configuration System Setting
-    Add Items To System CVE Whitelist    ${cve_list}
+    Add Items To System CVE Allowlist    ${cve_list}
     Logout Harbor
     Sign In Harbor    ${HARBOR_URL}    ${signin_user}    ${signin_pwd}
     Create An New Project And Go Into Project    project${d}
@@ -310,8 +310,8 @@ Body Of Verfiy Project Level CVE Whitelist By Quick Way of Add System
     Scan Repo  ${sha256}  Succeed
     Pull Image    ${ip}    ${signin_user}    ${signin_pwd}    project${d}    ${image}    tag=${sha256}
     Go Into Project  project${d}
-    Set Project To Project Level CVE Whitelist
+    Set Project To Project Level CVE Allowlist
     Cannot Pull Image  ${ip}    ${signin_user}    ${signin_pwd}    project${d}    ${image}    tag=${sha256}
-    Add System CVE Whitelist to Project CVE Whitelist By Add System Button Click
+    Add System CVE Allowlist to Project CVE Allowlist By Add System Button Click
     Pull Image    ${ip}    ${signin_user}    ${signin_pwd}    project${d}    ${image}    tag=${sha256}
-    Close Browser
+    Close Browser

tests/robot-cases/Group0-BAT/API_DB.robot

@@ -78,13 +78,13 @@ Test Case - Project Quota
     [Tags]  quota
     Harbor API Test  ./tests/apitests/python/test_project_quota.py
 
-Test Case - System Level CVE Whitelist
+Test Case - System Level CVE Allowlist
     [Tags]  sys_cve
-    Harbor API Test  ./tests/apitests/python/test_sys_cve_whitelists.py
+    Harbor API Test  ./tests/apitests/python/test_sys_cve_allowlists.py
 
-Test Case - Project Level CVE Whitelist
+Test Case - Project Level CVE Allowlist
     [Tags]  pro_cve
-    Harbor API Test  ./tests/apitests/python/test_project_level_cve_whitelist.py
+    Harbor API Test  ./tests/apitests/python/test_project_level_cve_allowlist.py
 
 Test Case - Tag Retention
     [Tags]  tag_retention

tests/robot-cases/Group1-Nightly/Clair.robot

@@ -102,15 +102,15 @@ Test Case - Project Level Image Serverity Policy
     Navigate To Projects
     Go Into Project  project${d}
     Set Vulnerabilty Serverity  3
-    Cannot Pull Image  ${ip}  ${HARBOR_ADMIN}  ${HARBOR_PASSWORD}  project${d}  ${image}  tag=${sha256}  err_msg=To continue with pull, please contact your project administrator to exempt matched vulnerabilities through configuring the CVE whitelist
+    Cannot Pull Image  ${ip}  ${HARBOR_ADMIN}  ${HARBOR_PASSWORD}  project${d}  ${image}  tag=${sha256}  err_msg=To continue with pull, please contact your project administrator to exempt matched vulnerabilities through configuring the CVE allowlist
     Close Browser
 
-#Important Note: All CVE IDs in CVE Whitelist cases must unique!
-Test Case - Verfiy System Level CVE Whitelist
-    Body Of Verfiy System Level CVE Whitelist  mariadb  b5e273ed46d2b5a1c96bf8f3ae37aa5e90c6c481e7f7ae66744610d7df79cbd1  CVE-2019-13050\nCVE-2018-19591\nCVE-2018-11236\nCVE-2018-11237\nCVE-2019-13627\nCVE-2018-20839\nCVE-2019-2923\nCVE-2019-2922\nCVE-2019-2911\nCVE-2019-2914\nCVE-2019-2924\nCVE-2019-2910\nCVE-2019-2938\nCVE-2019-2993\nCVE-2019-2974\nCVE-2019-2960\nCVE-2019-2948\nCVE-2019-2946  CVE-2019-2969
+#Important Note: All CVE IDs in CVE Allowlist cases must unique!
+Test Case - Verfiy System Level CVE Allowlist
+    Body Of Verfiy System Level CVE Allowlist  mariadb  b5e273ed46d2b5a1c96bf8f3ae37aa5e90c6c481e7f7ae66744610d7df79cbd1  CVE-2019-13050\nCVE-2018-19591\nCVE-2018-11236\nCVE-2018-11237\nCVE-2019-13627\nCVE-2018-20839\nCVE-2019-2923\nCVE-2019-2922\nCVE-2019-2911\nCVE-2019-2914\nCVE-2019-2924\nCVE-2019-2910\nCVE-2019-2938\nCVE-2019-2993\nCVE-2019-2974\nCVE-2019-2960\nCVE-2019-2948\nCVE-2019-2946  CVE-2019-2969
 
-Test Case - Verfiy Project Level CVE Whitelist
-    Body Of Verfiy Project Level CVE Whitelist  mariadb  b5e273ed46d2b5a1c96bf8f3ae37aa5e90c6c481e7f7ae66744610d7df79cbd1  CVE-2019-13050\nCVE-2018-19591\nCVE-2018-11236\nCVE-2018-11237\nCVE-2019-13627\nCVE-2018-20839\nCVE-2019-2923\nCVE-2019-2922\nCVE-2019-2911\nCVE-2019-2914\nCVE-2019-2924\nCVE-2019-2910\nCVE-2019-2938\nCVE-2019-2993\nCVE-2019-2974\nCVE-2019-2960\nCVE-2019-2948\nCVE-2019-2946  CVE-2019-2969
+Test Case - Verfiy Project Level CVE Allowlist
+    Body Of Verfiy Project Level CVE Allowlist  mariadb  b5e273ed46d2b5a1c96bf8f3ae37aa5e90c6c481e7f7ae66744610d7df79cbd1  CVE-2019-13050\nCVE-2018-19591\nCVE-2018-11236\nCVE-2018-11237\nCVE-2019-13627\nCVE-2018-20839\nCVE-2019-2923\nCVE-2019-2922\nCVE-2019-2911\nCVE-2019-2914\nCVE-2019-2924\nCVE-2019-2910\nCVE-2019-2938\nCVE-2019-2993\nCVE-2019-2974\nCVE-2019-2960\nCVE-2019-2948\nCVE-2019-2946  CVE-2019-2969
 
-Test Case - Verfiy Project Level CVE Whitelist By Quick Way of Add System
-    Body Of Verfiy Project Level CVE Whitelist By Quick Way of Add System  mariadb  b5e273ed46d2b5a1c96bf8f3ae37aa5e90c6c481e7f7ae66744610d7df79cbd1  CVE-2019-13050\nCVE-2018-19591\nCVE-2018-11236\nCVE-2018-11237\nCVE-2019-13627\nCVE-2018-20839\nCVE-2019-2923\nCVE-2019-2922\nCVE-2019-2911\nCVE-2019-2914\nCVE-2019-2924\nCVE-2019-2910\nCVE-2019-2938\nCVE-2019-2993\nCVE-2019-2974\nCVE-2019-2960\nCVE-2019-2948\nCVE-2019-2946\nCVE-2019-2969
+Test Case - Verfiy Project Level CVE Allowlist By Quick Way of Add System
+    Body Of Verfiy Project Level CVE Allowlist By Quick Way of Add System  mariadb  b5e273ed46d2b5a1c96bf8f3ae37aa5e90c6c481e7f7ae66744610d7df79cbd1  CVE-2019-13050\nCVE-2018-19591\nCVE-2018-11236\nCVE-2018-11237\nCVE-2019-13627\nCVE-2018-20839\nCVE-2019-2923\nCVE-2019-2922\nCVE-2019-2911\nCVE-2019-2914\nCVE-2019-2924\nCVE-2019-2910\nCVE-2019-2938\nCVE-2019-2993\nCVE-2019-2974\nCVE-2019-2960\nCVE-2019-2948\nCVE-2019-2946\nCVE-2019-2969

tests/robot-cases/Group1-Nightly/Trivy.robot

@@ -106,15 +106,15 @@ Test Case - Project Level Image Serverity Policy
     Navigate To Projects
     Go Into Project  project${d}
     Set Vulnerabilty Serverity  3
-    Cannot Pull Image  ${ip}  ${HARBOR_ADMIN}  ${HARBOR_PASSWORD}  project${d}  ${image}  tag=${sha256}  err_msg=To continue with pull, please contact your project administrator to exempt matched vulnerabilities through configuring the CVE whitelist
+    Cannot Pull Image  ${ip}  ${HARBOR_ADMIN}  ${HARBOR_PASSWORD}  project${d}  ${image}  tag=${sha256}  err_msg=To continue with pull, please contact your project administrator to exempt matched vulnerabilities through configuring the CVE allowlist
     Close Browser
 
-#Important Note: All CVE IDs in CVE Whitelist cases must unique!
-Test Case - Verfiy System Level CVE Whitelist
-    Body Of Verfiy System Level CVE Whitelist  goharbor/harbor-portal  2cb6a1c24dd6b88f11fd44ccc6560cb7be969f8ac5f752802c99cae6bcd592bb  CVE-2019-19317\nCVE-2019-19646 \nCVE-2019-5188 \nCVE-2019-20387 \nCVE-2019-17498 \nCVE-2019-20372 \nCVE-2019-19244 \nCVE-2019-19603 \nCVE-2019-19880 \nCVE-2019-19923 \nCVE-2019-19925 \nCVE-2019-19926 \nCVE-2019-19959 \nCVE-2019-20218 \nCVE-2019-19232 \nCVE-2019-19234 \nCVE-2019-19645  CVE-2019-18276
+#Important Note: All CVE IDs in CVE Allowlist cases must unique!
+Test Case - Verfiy System Level CVE Allowlist
+    Body Of Verfiy System Level CVE Allowlist  goharbor/harbor-portal  2cb6a1c24dd6b88f11fd44ccc6560cb7be969f8ac5f752802c99cae6bcd592bb  CVE-2019-19317\nCVE-2019-19646 \nCVE-2019-5188 \nCVE-2019-20387 \nCVE-2019-17498 \nCVE-2019-20372 \nCVE-2019-19244 \nCVE-2019-19603 \nCVE-2019-19880 \nCVE-2019-19923 \nCVE-2019-19925 \nCVE-2019-19926 \nCVE-2019-19959 \nCVE-2019-20218 \nCVE-2019-19232 \nCVE-2019-19234 \nCVE-2019-19645  CVE-2019-18276
 
-Test Case - Verfiy Project Level CVE Whitelist
-    Body Of Verfiy Project Level CVE Whitelist  goharbor/harbor-portal  2cb6a1c24dd6b88f11fd44ccc6560cb7be969f8ac5f752802c99cae6bcd592bb  CVE-2019-19317\nCVE-2019-19646 \nCVE-2019-5188 \nCVE-2019-20387 \nCVE-2019-17498 \nCVE-2019-20372 \nCVE-2019-19244 \nCVE-2019-19603 \nCVE-2019-19880 \nCVE-2019-19923 \nCVE-2019-19925 \nCVE-2019-19926 \nCVE-2019-19959 \nCVE-2019-20218 \nCVE-2019-19232 \nCVE-2019-19234 \nCVE-2019-19645  CVE-2019-18276
+Test Case - Verfiy Project Level CVE Allowlist
+    Body Of Verfiy Project Level CVE Allowlist  goharbor/harbor-portal  2cb6a1c24dd6b88f11fd44ccc6560cb7be969f8ac5f752802c99cae6bcd592bb  CVE-2019-19317\nCVE-2019-19646 \nCVE-2019-5188 \nCVE-2019-20387 \nCVE-2019-17498 \nCVE-2019-20372 \nCVE-2019-19244 \nCVE-2019-19603 \nCVE-2019-19880 \nCVE-2019-19923 \nCVE-2019-19925 \nCVE-2019-19926 \nCVE-2019-19959 \nCVE-2019-20218 \nCVE-2019-19232 \nCVE-2019-19234 \nCVE-2019-19645  CVE-2019-18276
 
-Test Case - Verfiy Project Level CVE Whitelist By Quick Way of Add System
-    Body Of Verfiy Project Level CVE Whitelist By Quick Way of Add System  goharbor/harbor-portal  2cb6a1c24dd6b88f11fd44ccc6560cb7be969f8ac5f752802c99cae6bcd592bb  CVE-2019-19317\nCVE-2019-19646 \nCVE-2019-5188 \nCVE-2019-20387 \nCVE-2019-17498 \nCVE-2019-20372 \nCVE-2019-19244 \nCVE-2019-19603 \nCVE-2019-19880 \nCVE-2019-19923 \nCVE-2019-19925 \nCVE-2019-19926 \nCVE-2019-19959 \nCVE-2019-20218 \nCVE-2019-19232 \nCVE-2019-19234 \nCVE-2019-19645 \nCVE-2019-18276
+Test Case - Verfiy Project Level CVE Allowlist By Quick Way of Add System
+    Body Of Verfiy Project Level CVE Allowlist By Quick Way of Add System  goharbor/harbor-portal  2cb6a1c24dd6b88f11fd44ccc6560cb7be969f8ac5f752802c99cae6bcd592bb  CVE-2019-19317\nCVE-2019-19646 \nCVE-2019-5188 \nCVE-2019-20387 \nCVE-2019-17498 \nCVE-2019-20372 \nCVE-2019-19244 \nCVE-2019-19603 \nCVE-2019-19880 \nCVE-2019-19923 \nCVE-2019-19925 \nCVE-2019-19926 \nCVE-2019-19959 \nCVE-2019-20218 \nCVE-2019-19232 \nCVE-2019-19234 \nCVE-2019-19645 \nCVE-2019-18276

tests/robot-cases/Group3-Upgrade/data.json

@@ -236,7 +236,7 @@
                  "auto_scan":"true",
                  "prevent_vul":"true",
                  "severity":"high",
-                 "reuse_sys_cve_whitelist":"false",
+                 "reuse_sys_cve_allowlist":"false",
                  "deployment_security":{
                   "cve":[
                      {
@@ -367,7 +367,7 @@
                  "auto_scan":"false",
                  "prevent_vul":"true",
                  "severity":"medium",
-                 "reuse_sys_cve_whitelist":"true",
+                 "reuse_sys_cve_allowlist":"true",
                  "deployment_security":{
                   "cve":[
                   ]
@@ -375,4 +375,4 @@
               }
            }
         ]
-     }
+     }

tests/robot-cases/Group3-Upgrade/feature_map.json

@@ -129,7 +129,7 @@
             "version":"1.10"
         }
     ],
-    "add_sys_whitelist":[
+    "add_sys_allowlist":[
         {
             "branch":1,
             "version":"1.9"
@@ -139,7 +139,7 @@
             "version":"1.10"
         }
     ],
-    "update_project_setting_whitelist":[
+    "update_project_setting_allowlist":[
         {
             "branch":1,
             "version":"1.9"
@@ -199,4 +199,4 @@
             "version":"1.10"
         }
     ]
- }
+ }

tests/robot-cases/Group3-Upgrade/prepare.py

@@ -155,7 +155,7 @@ class HarborAPI:
         request(url+"projects/"+projectid+"", 'put', **body)
 
     @get_feature_branch
-    def add_sys_whitelist(self, cve_id_list, **kwargs):
+    def add_sys_allowlist(self, cve_id_list, **kwargs):
         cve_id_str = ""
         if kwargs["branch"] == 1:
             for index, cve_id in enumerate(cve_id_list["cve"]):
@@ -168,7 +168,7 @@ class HarborAPI:
             raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch))
 
     @get_feature_branch
-    def update_project_setting_whitelist(self, project, reuse_sys_cve_whitelist, cve_id_list, **kwargs):
+    def update_project_setting_allowlist(self, project, reuse_sys_cve_whitelist, cve_id_list, **kwargs):
         r = request(url+"projects?name="+project+"", 'get')
         projectid = str(r.json()[0]['project_id'])
         cve_id_str = ""
@@ -475,8 +475,8 @@ def do_data_creation():
                                         project["configuration"]["auto_scan"])
 
     for project in data["projects"]:
-        harborAPI.update_project_setting_whitelist(project["name"],
-                                    project["configuration"]["reuse_sys_cve_whitelist"],
+        harborAPI.update_project_setting_allowlist(project["name"],
+                                    project["configuration"]["reuse_sys_cve_allowlist"],
                                     project["configuration"]["deployment_security"], version=args.version)
 
     harborAPI.update_interrogation_services(data["interrogation_services"]["cron"], version=args.version)
@@ -490,6 +490,6 @@ def do_data_creation():
                                    float(data["configuration"]["token"]),
                                    float(data["configuration"]["robot_token"])*60*24)
 
-    harborAPI.add_sys_whitelist(data["configuration"]["deployment_security"], version=args.version)
+    harborAPI.add_sys_allowlist(data["configuration"]["deployment_security"], version=args.version)
 
-do_data_creation()
+do_data_creation()

tests/robot-cases/Group3-Upgrade/verify.robot

@@ -29,7 +29,7 @@ Test Case - Upgrade Verify
     Run Keyword  Verify Project  ${data}
     Run Keyword  Verify Member Exist  ${data}
     Run Keyword  Verify Robot Account Exist  ${data}
-    Run Keyword  Verify Project-level Whitelist  ${data}
+    Run Keyword  Verify Project-level Allowlist  ${data}
     Run Keyword  Verify Webhook  ${data}
     Run Keyword  Verify Tag Retention Rule  ${data}
     Run Keyword  Verify User System Admin Role  ${data}
@@ -38,7 +38,7 @@ Test Case - Upgrade Verify
     Run Keyword  Verify Project Setting  ${data}
     Run Keyword  Verify Interrogation Services  ${data}
     Run Keyword  Verify System Setting  ${data}
-    Run Keyword  Verify System Setting Whitelist  ${data}
+    Run Keyword  Verify System Setting Allowlist  ${data}
     Run Keyword  Verify Image Tag  ${data}
     Run Keyword  Verify Trivy Is Default Scanner
 
@@ -49,7 +49,7 @@ Test Case - Upgrade Verify
     Run Keyword  Verify Project  ${data}
     Run Keyword  Verify Member Exist  ${data}
     Run Keyword  Verify Robot Account Exist  ${data}
-    Run Keyword  Verify Project-level Whitelist  ${data}
+    Run Keyword  Verify Project-level Allowlist  ${data}
     Run Keyword  Verify Webhook  ${data}
     Run Keyword  Verify Tag Retention Rule  ${data}
     Run Keyword  Verify Tag Immutability Rule  ${data}
@@ -59,6 +59,6 @@ Test Case - Upgrade Verify
     Run Keyword  Verify Project Setting  ${data}
     Run Keyword  Verify Interrogation Services  ${data}
     Run Keyword  Verify System Setting  ${data}
-    Run Keyword  Verify System Setting Whitelist  ${data}
+    Run Keyword  Verify System Setting Allowlist  ${data}
     Run Keyword  Verify Image Tag  ${data}
-    Run Keyword  Verify Clair Is Default Scanner
+    Run Keyword  Verify Clair Is Default Scanner