tblyler/reg
1
0
Fork 0
mirror of https://github.com/genuinetools/reg.git synced 2024-06-28 02:14:16 -04:00
Code Issues Projects Releases Wiki Activity

main/vulns: add fixable group (#67)

Browse source 
- add a new group of "Fixable" vulns
- exit with error on any fixable vulns
- add fixable-threshold parameter
This commit is contained in:
Paweł Prażak 2018-02-22 01:53:27 +01:00 committed by Jess Frazelle
parent 0ba6cefd07
commit 5208643fa8
2 changed files with 26 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
clair/types.go
View file

@ -19,7 +19,7 @@ func IsEmptyLayer(blobSum digest.Digest) bool {
var ( var (
// Priorities are the vulnerability priority labels. // Priorities are the vulnerability priority labels.
Priorities = []string{"Unknown", "Negligible", "Low", "Medium", "High", "Critical", "Defcon1"} Priorities = []string{"Unknown", "Negligible", "Low", "Medium", "High", "Critical", "Defcon1", "Fixable"}
) )
// Error describes the structure of a clair error. // Error describes the structure of a clair error.

27
main.go
View file

@ -276,11 +276,19 @@ func main() {
Name: "clair", Name: "clair",
Usage: "url to clair instance", Usage: "url to clair instance",
}, },
cli.IntFlag{
Name: "fixable-threshold",
Usage: "number of fixable issues permitted",
Value: 0,
},
}, },
Action: func(c *cli.Context) error { Action: func(c *cli.Context) error {
if c.String("clair") == "" { if c.String("clair") == "" {
return errors.New("clair url cannot be empty, pass --clair") return errors.New("clair url cannot be empty, pass --clair")
} }
if c.Int("fixable-threshold") < 0 {
return errors.New("fixable threshold must be a positive integer")
}
if len(c.Args()) < 1 { if len(c.Args()) < 1 {
return fmt.Errorf("pass the name of the repository") return fmt.Errorf("pass the name of the repository")
} }
@ -362,6 +370,10 @@ func main() {
for _, v := range vulns { for _, v := range vulns {
sevRow := vulnsBy(v.Severity, store) sevRow := vulnsBy(v.Severity, store)
store[v.Severity] = append(sevRow, v) store[v.Severity] = append(sevRow, v)
if len(v.FixedBy) > 0 {
fixRow := vulnsBy("Fixable", store)
store["Fixable"] = append(fixRow, v)
}
} }
// iterate over the priorities list // iterate over the priorities list
@ -374,7 +386,12 @@ func main() {
} }
iteratePriorities(func(sev string) { iteratePriorities(func(sev string) {
for _, v := range store[sev] { for _, v := range store[sev] {
fmt.Printf("%s: [%s] \n%s\n%s\n", v.Name, v.Severity, v.Description, v.Link) if sev == "Fixable" {
fmt.Printf("%s: [%s] \n%s\n%s\n", v.Name, v.Severity+" - Fixable", v.Description, v.Link)
fmt.Printf("Fixed by: %s\n", v.FixedBy)
} else {
fmt.Printf("%s: [%s] \n%s\n%s\n", v.Name, v.Severity, v.Description, v.Link)
}
fmt.Println("-----------------------------------------") fmt.Println("-----------------------------------------")
} }
}) })
@ -382,10 +399,16 @@ func main() {
fmt.Printf("%s: %d\n", sev, len(store[sev])) fmt.Printf("%s: %d\n", sev, len(store[sev]))
}) })
// return an error if there are more than 1 fixable vulns
lenFixableVulns := len(store["Fixable"])
if lenFixableVulns > c.Int("fixable-threshold") {
logrus.Fatalf("%d fixable vulnerabilities found", lenFixableVulns)
}
// return an error if there are more than 10 bad vulns // return an error if there are more than 10 bad vulns
lenBadVulns := len(store["High"]) + len(store["Critical"]) + len(store["Defcon1"]) lenBadVulns := len(store["High"]) + len(store["Critical"]) + len(store["Defcon1"])
if lenBadVulns > 10 { if lenBadVulns > 10 {
logrus.Fatalf("%d bad vunerabilities found", lenBadVulns) logrus.Fatalf("%d bad vulnerabilities found", lenBadVulns)
} }
return nil return nil