mirror of
https://github.com/genuinetools/reg.git
synced 2024-06-30 11:04:16 -04:00
main/vulns: add fixable group (#67)
- add a new group of "Fixable" vulns - exit with error on any fixable vulns - add fixable-threshold parameter
This commit is contained in:
parent
0ba6cefd07
commit
5208643fa8
|
@ -19,7 +19,7 @@ func IsEmptyLayer(blobSum digest.Digest) bool {
|
||||||
|
|
||||||
var (
|
var (
|
||||||
// Priorities are the vulnerability priority labels.
|
// Priorities are the vulnerability priority labels.
|
||||||
Priorities = []string{"Unknown", "Negligible", "Low", "Medium", "High", "Critical", "Defcon1"}
|
Priorities = []string{"Unknown", "Negligible", "Low", "Medium", "High", "Critical", "Defcon1", "Fixable"}
|
||||||
)
|
)
|
||||||
|
|
||||||
// Error describes the structure of a clair error.
|
// Error describes the structure of a clair error.
|
||||||
|
|
27
main.go
27
main.go
|
@ -276,11 +276,19 @@ func main() {
|
||||||
Name: "clair",
|
Name: "clair",
|
||||||
Usage: "url to clair instance",
|
Usage: "url to clair instance",
|
||||||
},
|
},
|
||||||
|
cli.IntFlag{
|
||||||
|
Name: "fixable-threshold",
|
||||||
|
Usage: "number of fixable issues permitted",
|
||||||
|
Value: 0,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
Action: func(c *cli.Context) error {
|
Action: func(c *cli.Context) error {
|
||||||
if c.String("clair") == "" {
|
if c.String("clair") == "" {
|
||||||
return errors.New("clair url cannot be empty, pass --clair")
|
return errors.New("clair url cannot be empty, pass --clair")
|
||||||
}
|
}
|
||||||
|
if c.Int("fixable-threshold") < 0 {
|
||||||
|
return errors.New("fixable threshold must be a positive integer")
|
||||||
|
}
|
||||||
if len(c.Args()) < 1 {
|
if len(c.Args()) < 1 {
|
||||||
return fmt.Errorf("pass the name of the repository")
|
return fmt.Errorf("pass the name of the repository")
|
||||||
}
|
}
|
||||||
|
@ -362,6 +370,10 @@ func main() {
|
||||||
for _, v := range vulns {
|
for _, v := range vulns {
|
||||||
sevRow := vulnsBy(v.Severity, store)
|
sevRow := vulnsBy(v.Severity, store)
|
||||||
store[v.Severity] = append(sevRow, v)
|
store[v.Severity] = append(sevRow, v)
|
||||||
|
if len(v.FixedBy) > 0 {
|
||||||
|
fixRow := vulnsBy("Fixable", store)
|
||||||
|
store["Fixable"] = append(fixRow, v)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// iterate over the priorities list
|
// iterate over the priorities list
|
||||||
|
@ -374,7 +386,12 @@ func main() {
|
||||||
}
|
}
|
||||||
iteratePriorities(func(sev string) {
|
iteratePriorities(func(sev string) {
|
||||||
for _, v := range store[sev] {
|
for _, v := range store[sev] {
|
||||||
fmt.Printf("%s: [%s] \n%s\n%s\n", v.Name, v.Severity, v.Description, v.Link)
|
if sev == "Fixable" {
|
||||||
|
fmt.Printf("%s: [%s] \n%s\n%s\n", v.Name, v.Severity+" - Fixable", v.Description, v.Link)
|
||||||
|
fmt.Printf("Fixed by: %s\n", v.FixedBy)
|
||||||
|
} else {
|
||||||
|
fmt.Printf("%s: [%s] \n%s\n%s\n", v.Name, v.Severity, v.Description, v.Link)
|
||||||
|
}
|
||||||
fmt.Println("-----------------------------------------")
|
fmt.Println("-----------------------------------------")
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
@ -382,10 +399,16 @@ func main() {
|
||||||
fmt.Printf("%s: %d\n", sev, len(store[sev]))
|
fmt.Printf("%s: %d\n", sev, len(store[sev]))
|
||||||
})
|
})
|
||||||
|
|
||||||
|
// return an error if there are more than 1 fixable vulns
|
||||||
|
lenFixableVulns := len(store["Fixable"])
|
||||||
|
if lenFixableVulns > c.Int("fixable-threshold") {
|
||||||
|
logrus.Fatalf("%d fixable vulnerabilities found", lenFixableVulns)
|
||||||
|
}
|
||||||
|
|
||||||
// return an error if there are more than 10 bad vulns
|
// return an error if there are more than 10 bad vulns
|
||||||
lenBadVulns := len(store["High"]) + len(store["Critical"]) + len(store["Defcon1"])
|
lenBadVulns := len(store["High"]) + len(store["Critical"]) + len(store["Defcon1"])
|
||||||
if lenBadVulns > 10 {
|
if lenBadVulns > 10 {
|
||||||
logrus.Fatalf("%d bad vunerabilities found", lenBadVulns)
|
logrus.Fatalf("%d bad vulnerabilities found", lenBadVulns)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
|
Loading…
Reference in a new issue