Merge pull request #11518 from heww/fix-vulnerable-msg

fix(vulnerable): fix the wrong count of vulnerabilities in message
This commit is contained in:
He Weiwei 2020-04-09 10:50:31 +08:00 committed by GitHub
commit d0cd103e02
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 43 additions and 13 deletions

View File

@ -143,8 +143,13 @@ func Middleware() func(http.Handler) http.Handler {
// Do judgement
if summary.Severity.Code() >= projectSeverity.Code() {
msg := fmt.Sprintf(`current image with %d vulnerabilities cannot be pulled due to configured policy in 'Prevent images with vulnerability severity of "%s" or higher from running.' `+
`To continue with pull, please contact your project administrator to exempt matched vulnerabilities through configuring the CVE whitelist.`, summary.TotalCount, projectSeverity)
thing := "vulnerability"
if summary.Summary.Total > 1 {
thing = "vulnerabilities"
}
msg := fmt.Sprintf(`current image with %d %s cannot be pulled due to configured policy in 'Prevent images with vulnerability severity of "%s" or higher from running.' `+
`To continue with pull, please contact your project administrator to exempt matched vulnerabilities through configuring the CVE whitelist.`,
summary.Summary.Total, thing, projectSeverity)
return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage(msg)
}

View File

@ -339,19 +339,44 @@ func (suite *MiddlewareTestSuite) TestPrevented() {
mock.OnAnything(suite.artifactController, "GetByReference").Return(suite.artifact, nil)
mock.OnAnything(suite.projectController, "Get").Return(suite.project, nil)
mock.OnAnything(suite.checker, "IsScannable").Return(true, nil)
mock.OnAnything(suite.scanController, "GetSummary").Return(map[string]interface{}{
v1.MimeTypeNativeReport: &vuln.NativeReportSummary{
ScanStatus: "Success",
Severity: vuln.Critical,
Summary: &vuln.VulnerabilitySummary{Total: 1},
},
}, nil)
req := suite.makeRequest()
rr := httptest.NewRecorder()
{
// only one vulnerability
mock.OnAnything(suite.scanController, "GetSummary").Return(map[string]interface{}{
v1.MimeTypeNativeReport: &vuln.NativeReportSummary{
ScanStatus: "Success",
Severity: vuln.Critical,
Summary: &vuln.VulnerabilitySummary{Total: 1},
},
}, nil).Once()
Middleware()(suite.next).ServeHTTP(rr, req)
suite.Equal(rr.Code, http.StatusPreconditionFailed)
req := suite.makeRequest()
rr := httptest.NewRecorder()
Middleware()(suite.next).ServeHTTP(rr, req)
suite.Equal(rr.Code, http.StatusPreconditionFailed)
suite.Contains(rr.Body.String(), "current image with 1 vulnerability cannot be pulled")
}
{
// multiple vulnerabilities
mock.OnAnything(suite.scanController, "GetSummary").Return(map[string]interface{}{
v1.MimeTypeNativeReport: &vuln.NativeReportSummary{
ScanStatus: "Success",
Severity: vuln.Critical,
Summary: &vuln.VulnerabilitySummary{Total: 2},
},
}, nil).Once()
req := suite.makeRequest()
rr := httptest.NewRecorder()
Middleware()(suite.next).ServeHTTP(rr, req)
suite.Equal(rr.Code, http.StatusPreconditionFailed)
suite.Contains(rr.Body.String(), "current image with 2 vulnerabilities cannot be pulled")
}
}
func (suite *MiddlewareTestSuite) TestArtifactIsImageIndex() {