Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-09-29 05:47:31 +02:00
Code Issues Projects Releases Wiki Activity
11,559 Commits 44 Branches 311 Tags 339 MiB
d0a5032b84
Commit Graph

115 Commits

Author SHA1 Message Date
Chlins Zhang
f615e41c46
[cherry-pick] fix: fix the invalid jobid for scan data export (#18421) 
fix: fix the invalid jobid for scan data export

Change the JobId param type from int to string, use int will bring some
problems for encode/decode type mismatch which generate the invalid
repository name.

Fixes: #18380

Signed-off-by: chlins <chenyuzh@vmware.com>
 2023-03-28 17:54:53 +08:00
Chlins Zhang
67ff82ff99
[cherry-pick] fix: resolve the oidc or ldap group user cannot export cve (#18227) 
fix: resolve the oidc or ldap group user cannot export cve

Remove the project filter in the scan data export job as they have been
validated by API handler, fix the oidc or ldap group users cannot export
cve.

Fixes: #18112

Signed-off-by: chlins <chenyuzh@vmware.com>
 2023-02-16 10:37:57 +08:00
Chlins Zhang
771373cedf
fix: remove the scan exports volume (#18109) 
1. Change the Export CVE temporary file directory to /tmp.
2. Remove the scan data export volume in Dockerfile and docker-compose
   yaml.

Fixes: #18067

Signed-off-by: chlins <chenyuzh@vmware.com>
 2023-01-31 11:32:29 +08:00
Wang Yan
18a3373725
bump beego (#17801) 
* bump beego

upgrade beego version from v1.10.12 to v2.0.5

1, beego v2 vserver/web refactor
2, beego v2 context refactor
3, beego v2 session refactor
4, beego v2 cache refactor
5, beego v2 orm refactor

Signed-off-by: MinerYang <yminer@vmware.com>
 2022-11-24 18:07:42 +08:00
Chlins Zhang
321a9abfb3
fix: skip to push system artifact for empty CSV file (#17816) 
1. Skip to push system artifact to the distribution when the exported CSV file is empty.
2. Add status message for cve export execution.

Signed-off-by: chlins <chenyuzh@vmware.com>
 2022-11-18 14:16:36 +08:00
MinerYang
62223bd36d
update golangci-lint for golang1.19 (#17817) 
update golaci-lint for golang1.19

Signed-off-by: yminer <yminer@vmware.com>

update ci version to v1.50.1
 2022-11-18 11:40:01 +08:00
yanggang
0f4e2daf4c
Replaced io/ioutil with "os / io" package. (#17792) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

update typo

Signed-off-by: yminer <yminer@vmware.com>

Signed-off-by: yminer <yminer@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
 2022-11-17 10:02:29 +08:00
Chenyu Zhang
49d73fa57d
fix: export cve for image manifest list (#17333) 
1. Fix export cve for image manifest list
2. Remove row_id column in csv file
3. Update cve execution swagger API description

Closes: #17331,#17330,#17335,#17334

Signed-off-by: chlins <chenyuzh@vmware.com>
 2022-08-05 20:07:02 +08:00
prahaladdarkin
c776ea8bfe
Export CVE data Score column empty values (#17321) 
Closes: https://github.com/goharbor/harbor/issues/17189

Signed-off-by: prahaladdarkin <prahaladd@vmware.com>
 2022-08-05 10:03:42 +08:00
Chenyu Zhang
bff4e13087
fix: export cve adds resource check and project validation (#17265) 
1. Add resource permission check for API handler
2. Validate export cve params project
3. Optimize friendly human message when execution status is error

Signed-off-by: chlins <chenyuzh@vmware.com>
 2022-07-29 19:01:46 +08:00
Chenyu Zhang
19e73174e2
refactor: refact codebase of cve export process and filter (#17254) 
1. Refact the scan export FilterProcessor interface
2. Optmize the sql template for export cve report
3. Update the process of cve export job

Signed-off-by: chlins <chenyuzh@vmware.com>
 2022-07-28 16:05:12 +08:00
prahaladdarkin
d53af792ad
Fixes for various bugs/issues logged as a part of the test day. (#17232) 
Closes:
* CVE Data Export API IDOR issue
* https://github.com/goharbor/harbor/issues/17199
* https://github.com/goharbor/harbor/issues/17193
* https://github.com/goharbor/harbor/issues/17188
* https://github.com/goharbor/harbor/issues/17184

Signed-off-by: prahaladdarkin <prahaladd@vmware.com>
 2022-07-26 16:50:54 +08:00
Loong Dai
09371b48e8
lint: sort imports (#17131) 
* lint: add goimports

Signed-off-by: Loong Dai <loong.dai@intel.com>
 2022-07-20 11:33:08 +08:00
prahaladdarkin
f3edb03b49
Fix to CVE Data Export functionality for images pushed by docker push (#17182) 
Closes:
* https://github.com/goharbor/harbor/issues/17167

Signed-off-by: prahaladdarkin <prahaladd@vmware.com>
 2022-07-18 09:22:15 +08:00
prahaladdarkin
3f383e3ffd
Improvements to Vulnerability Data Export functionality. (#17161) 
Closes:
* https://github.com/goharbor/harbor/issues/17152
* https://github.com/goharbor/harbor/issues/17153
Better error handling in case of task executions not found in the system

Signed-off-by: prahaladdarkin <prahaladd@vmware.com>
 2022-07-14 15:08:25 +08:00
prahaladdarkin
130452111b
Vulnerability scan data export functionality (#15998) 
Vulnerability Scan Data (CVE) Export Functionality
Proposal - goharbor/community#174
Closes - https://github.com/goharbor/harbor/issues/17150
Changes:
* CVE Data export to CSV with filtering support.
* Implement CSV data export job for creating CSVs
* APIs to trigger CSV export job executions

Signed-off-by: prahaladdarkin <prahaladd@vmware.com>
 2022-07-11 16:35:04 +08:00
Shengwen YU
e9fca3de45
fix: refactor code for golangci-lint whitespace (#17005) 
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
 2022-06-16 17:42:46 +08:00
Shengwen YU
c2a9f5de64
fix: update code for golangci-lint gosimple (#16974) 
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
 2022-06-14 13:44:09 +08:00
Shengwen YU
b43ba15f40
fix: golangci-lint errcheck (#16920) 
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
 2022-06-07 17:00:36 +08:00
MinerYang
9d8e9158de
fix deadcode lint & update golangci-lint.yaml (#16896) 
* fix deadcode lint & update golangci-lint.yaml

Signed-off-by: yminer <yminer@vmmware.com>

mock.go

Signed-off-by: yminer <yminer@vmmware.com>

commentfmt

Signed-off-by: yminer <yminer@vmmware.com>

mock.go update

Signed-off-by: yminer <yminer@vmmware.com>

update makefile

Signed-off-by: yminer <yminer@vmmware.com>

* update /pkg/allowlist/validator.go

Signed-off-by: yminer <yminer@vmmware.com>

Co-authored-by: yminer <yminer@vmmware.com>
 2022-05-26 10:32:07 +08:00
Wang Yan
d3d4ad6a34
fix staticcheck issues (#16828) 
Fix the staticcheck problems that reported by golangci-line staticcheck

Signed-off-by: Wang Yan <wangyan@vmware.com>
 2022-05-10 16:07:10 +08:00
Lars Lehtonen
ef835e107a
pkg/scan: fix dropped error 
Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
 2022-04-18 10:34:27 -07:00
Wang Yan
ed1f4ab6fb
enhance health validataion (#16549) 
Signed-off-by: Wang Yan <wangyan@vmware.com>
 2022-03-18 18:36:50 +08:00
Alexis L
5fd6168c57
fix(scan): Add function to avoid writing creds in jobservice logs, switch to debug instead of info (#15747) 
Signed-off-by: Alexis <60alexis@gmail.com>
 2021-10-22 11:34:15 +08:00
He Weiwei
b390112f5a
fix: convert severity from negligible to none before saving to db (#15791) 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2021-10-14 16:02:38 +08:00
Qian Deng
354a2bd80d Enhance the trace related code 
* Move request id to requestid middleware
* fix span pass to child ctx on orm
* fix typos
* remove unused code
* add operation name to Transaction

Signed-off-by: Qian Deng <dengq@vmware.com>
 2021-09-22 04:14:43 +00:00
Qian Deng
879eecc926 Refactor and Add trace to http Transport 
* Refactor common http GetTransport function signature
* Remove redendent GetHTTPTransport and similar functions
* Update Authorized function signature to meet new HTTPTransport
* Add trace for default Transport

Signed-off-by: Qian Deng <dengq@vmware.com>
 2021-09-18 10:58:52 +00:00
Shengwen Yu
e2e3bcca1c feat: add stop scan & stop scan-all feature 
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
 2021-09-13 11:19:21 +08:00
He Weiwei
f6a1c31f9f refactor: convert scan report in scan job 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2021-05-29 12:19:36 +00:00
He Weiwei
0c315d8aee
refactor: remove allowlist in GetSummary of scan controller (#14836) 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2021-05-18 14:01:59 +08:00
He Weiwei
6f3607cebd
perf: cache the metadata of the scanner (#14879) 
1. Cache the metadata of scanner 30s.
2. Change the scanner client request timeout to 5s.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2021-05-14 14:27:37 +08:00
stonezdj
107e468b60 Refactor configure api to new programming model 
Changes include:
1. Move core/config to controller/config
2. Change the job_service and gcreadonly to depends on lib/config instead of core/config
3. Move the config related dao, manager and driver to pkg/config
4. Adjust the invocation of the config API, most of then should provide a context parameter, when accessing system config, you can call it with background context, when accessing user config, the context should provide orm.Context

Signed-off-by: stonezdj <stonezdj@gmail.com>
 2021-04-09 08:10:11 +08:00
Daniel Jiang
0d4992a41e
API for system CVE allowlist to new model (#14412) 
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2021-03-12 10:23:48 +08:00
Wenkai Yin
506d1ad465 Introduce "sort" in query to provide a general solution for sorting 
Introduce "sort" in query to provide a general solution for sorting

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2021-03-11 08:25:49 +08:00
He Weiwei
ef0bdf6954 refactor: generate scanner APIs by go-swagger 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2021-03-03 04:23:36 +00:00
He Weiwei
9161a3fbdf
refactor: use ormer from the ctx for scanner ctl mgr and dao (#14313) 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2021-03-01 12:02:40 +08:00
He Weiwei
44ba7de738
fix: wrap report vuls record creating in transaction (#14176) 
Make the creating of the ReportVulnerabilityRecord in transaction to
avoid parallel problem

Closes #14171

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2021-02-05 12:15:52 +08:00
He Weiwei
6a16d9a914
fix: correct Authorize of basic and berer authorizer (#14036) 
Closes #13734

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2021-01-20 14:33:28 +08:00
Steven Zou
1f79ce1181
Merge pull request #13554 from shaobo322/reform_compare_method 
reform job status compare method
 2021-01-08 12:49:39 +08:00
He Weiwei
755c6490f9
feat: remove duplicate CVE in scan report and summary (#13918) 
1. Remove the duplicate CVE records in the report/summary for the image
index.
2. Add scanner field in the scan overview for the API.

Closes #13913

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2021-01-08 11:00:43 +08:00
shaobo
434758b71e reform job status compare method 
Signed-off-by: shaobo <shaobo@caicloud.io>
 2021-01-04 21:34:53 +08:00
Wang Yan
0271efd3f7
enable visible when to list/create robot (#13840) 
1, enable the visible attribute when to create/list robots
2, rename package name from robot2 to robot

Signed-off-by: Wang Yan <wangyan@vmware.com>
 2021-01-04 10:24:31 +08:00
prahaladdarkin
a890b28e1e
Store vulnerability data from scanner into a relational format (#13616) 
feat: Store vulnerability report from scanner into a relational format

Convert vulnerability report JSON obtained  from scanner into a relational format describe in:https://github.com/goharbor/community/pull/145

Signed-off-by: prahaladdarkin <prahaladd@vmware.com>
 2020-12-25 08:47:46 +08:00
He Weiwei
8fa03e3739
refactor: remove code of scan all job (#13821) 
Remove code of scan all job as it's implemented by execution now.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2020-12-22 11:39:18 +08:00
Daniel Jiang
3b04d2f8f5
Escape the values to contains operator in dao packages (#13774) 
fixes #13018

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2020-12-16 14:19:20 +08:00
He Weiwei
08580f9fec
refactor(scan): refactor scan/scan all job to task manager (#13684) 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2020-12-14 13:34:35 +08:00
DQ
590212b485 Remove clair related code 
- clair code in harbor core
- clair code in frontend
- clair code in robotcase

Signed-off-by: DQ <dengq@vmware.com>
 2020-11-27 14:01:04 +08:00
Wang Yan
02846194e0 parent 8e61a3ea31 
author Wang Yan <wangyan@vmware.com> 1605849192 +0800
committer Wang Yan <wangyan@vmware.com> 1606361046 +0800

update code per review comments

Signed-off-by: wang yan <wangyan@vmware.com>
 2020-11-26 14:10:12 +08:00
chlins
21b56d241a fix: fix scanner apikey type match error 
Signed-off-by: chlins <chlins.zhang@gmail.com>
 2020-10-21 18:29:19 +08:00
He Weiwei
ef37bd1afb refactor(scan): remove duplicate CVESet types 
Closes #9471

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2020-08-18 06:33:17 +00:00