From 20115b92c7c3d1dd4dba668c1b091ca03ad08e86 Mon Sep 17 00:00:00 2001 From: He Weiwei Date: Wed, 8 Apr 2020 09:06:27 +0000 Subject: [PATCH] fix(vulnerable): fix the wrong count of vulnerabilities in message Signed-off-by: He Weiwei --- .../middleware/vulnerable/vulnerable.go | 9 +++- .../middleware/vulnerable/vulnerable_test.go | 47 ++++++++++++++----- 2 files changed, 43 insertions(+), 13 deletions(-) diff --git a/src/server/middleware/vulnerable/vulnerable.go b/src/server/middleware/vulnerable/vulnerable.go index 5efbb080e..d8dff7d03 100644 --- a/src/server/middleware/vulnerable/vulnerable.go +++ b/src/server/middleware/vulnerable/vulnerable.go @@ -143,8 +143,13 @@ func Middleware() func(http.Handler) http.Handler { // Do judgement if summary.Severity.Code() >= projectSeverity.Code() { - msg := fmt.Sprintf(`current image with %d vulnerabilities cannot be pulled due to configured policy in 'Prevent images with vulnerability severity of "%s" or higher from running.' `+ - `To continue with pull, please contact your project administrator to exempt matched vulnerabilities through configuring the CVE whitelist.`, summary.TotalCount, projectSeverity) + thing := "vulnerability" + if summary.Summary.Total > 1 { + thing = "vulnerabilities" + } + msg := fmt.Sprintf(`current image with %d %s cannot be pulled due to configured policy in 'Prevent images with vulnerability severity of "%s" or higher from running.' `+ + `To continue with pull, please contact your project administrator to exempt matched vulnerabilities through configuring the CVE whitelist.`, + summary.Summary.Total, thing, projectSeverity) return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage(msg) } diff --git a/src/server/middleware/vulnerable/vulnerable_test.go b/src/server/middleware/vulnerable/vulnerable_test.go index 914e6e44d..808c573f3 100644 --- a/src/server/middleware/vulnerable/vulnerable_test.go +++ b/src/server/middleware/vulnerable/vulnerable_test.go @@ -339,19 +339,44 @@ func (suite *MiddlewareTestSuite) TestPrevented() { mock.OnAnything(suite.artifactController, "GetByReference").Return(suite.artifact, nil) mock.OnAnything(suite.projectController, "Get").Return(suite.project, nil) mock.OnAnything(suite.checker, "IsScannable").Return(true, nil) - mock.OnAnything(suite.scanController, "GetSummary").Return(map[string]interface{}{ - v1.MimeTypeNativeReport: &vuln.NativeReportSummary{ - ScanStatus: "Success", - Severity: vuln.Critical, - Summary: &vuln.VulnerabilitySummary{Total: 1}, - }, - }, nil) - req := suite.makeRequest() - rr := httptest.NewRecorder() + { + // only one vulnerability + mock.OnAnything(suite.scanController, "GetSummary").Return(map[string]interface{}{ + v1.MimeTypeNativeReport: &vuln.NativeReportSummary{ + ScanStatus: "Success", + Severity: vuln.Critical, + Summary: &vuln.VulnerabilitySummary{Total: 1}, + }, + }, nil).Once() - Middleware()(suite.next).ServeHTTP(rr, req) - suite.Equal(rr.Code, http.StatusPreconditionFailed) + req := suite.makeRequest() + rr := httptest.NewRecorder() + + Middleware()(suite.next).ServeHTTP(rr, req) + suite.Equal(rr.Code, http.StatusPreconditionFailed) + + suite.Contains(rr.Body.String(), "current image with 1 vulnerability cannot be pulled") + } + + { + // multiple vulnerabilities + mock.OnAnything(suite.scanController, "GetSummary").Return(map[string]interface{}{ + v1.MimeTypeNativeReport: &vuln.NativeReportSummary{ + ScanStatus: "Success", + Severity: vuln.Critical, + Summary: &vuln.VulnerabilitySummary{Total: 2}, + }, + }, nil).Once() + + req := suite.makeRequest() + rr := httptest.NewRecorder() + + Middleware()(suite.next).ServeHTTP(rr, req) + suite.Equal(rr.Code, http.StatusPreconditionFailed) + + suite.Contains(rr.Body.String(), "current image with 2 vulnerabilities cannot be pulled") + } } func (suite *MiddlewareTestSuite) TestArtifactIsImageIndex() {