mirror of
https://github.com/genuinetools/reg.git
synced 2024-09-28 11:46:20 -04:00
main/vulns: add fixable group (#67)
- add a new group of "Fixable" vulns - exit with error on any fixable vulns - add fixable-threshold parameter
This commit is contained in:
parent
0ba6cefd07
commit
5208643fa8
2 changed files with 26 additions and 3 deletions
|
@ -19,7 +19,7 @@ func IsEmptyLayer(blobSum digest.Digest) bool {
|
|||
|
||||
var (
|
||||
// Priorities are the vulnerability priority labels.
|
||||
Priorities = []string{"Unknown", "Negligible", "Low", "Medium", "High", "Critical", "Defcon1"}
|
||||
Priorities = []string{"Unknown", "Negligible", "Low", "Medium", "High", "Critical", "Defcon1", "Fixable"}
|
||||
)
|
||||
|
||||
// Error describes the structure of a clair error.
|
||||
|
|
27
main.go
27
main.go
|
@ -276,11 +276,19 @@ func main() {
|
|||
Name: "clair",
|
||||
Usage: "url to clair instance",
|
||||
},
|
||||
cli.IntFlag{
|
||||
Name: "fixable-threshold",
|
||||
Usage: "number of fixable issues permitted",
|
||||
Value: 0,
|
||||
},
|
||||
},
|
||||
Action: func(c *cli.Context) error {
|
||||
if c.String("clair") == "" {
|
||||
return errors.New("clair url cannot be empty, pass --clair")
|
||||
}
|
||||
if c.Int("fixable-threshold") < 0 {
|
||||
return errors.New("fixable threshold must be a positive integer")
|
||||
}
|
||||
if len(c.Args()) < 1 {
|
||||
return fmt.Errorf("pass the name of the repository")
|
||||
}
|
||||
|
@ -362,6 +370,10 @@ func main() {
|
|||
for _, v := range vulns {
|
||||
sevRow := vulnsBy(v.Severity, store)
|
||||
store[v.Severity] = append(sevRow, v)
|
||||
if len(v.FixedBy) > 0 {
|
||||
fixRow := vulnsBy("Fixable", store)
|
||||
store["Fixable"] = append(fixRow, v)
|
||||
}
|
||||
}
|
||||
|
||||
// iterate over the priorities list
|
||||
|
@ -374,7 +386,12 @@ func main() {
|
|||
}
|
||||
iteratePriorities(func(sev string) {
|
||||
for _, v := range store[sev] {
|
||||
fmt.Printf("%s: [%s] \n%s\n%s\n", v.Name, v.Severity, v.Description, v.Link)
|
||||
if sev == "Fixable" {
|
||||
fmt.Printf("%s: [%s] \n%s\n%s\n", v.Name, v.Severity+" - Fixable", v.Description, v.Link)
|
||||
fmt.Printf("Fixed by: %s\n", v.FixedBy)
|
||||
} else {
|
||||
fmt.Printf("%s: [%s] \n%s\n%s\n", v.Name, v.Severity, v.Description, v.Link)
|
||||
}
|
||||
fmt.Println("-----------------------------------------")
|
||||
}
|
||||
})
|
||||
|
@ -382,10 +399,16 @@ func main() {
|
|||
fmt.Printf("%s: %d\n", sev, len(store[sev]))
|
||||
})
|
||||
|
||||
// return an error if there are more than 1 fixable vulns
|
||||
lenFixableVulns := len(store["Fixable"])
|
||||
if lenFixableVulns > c.Int("fixable-threshold") {
|
||||
logrus.Fatalf("%d fixable vulnerabilities found", lenFixableVulns)
|
||||
}
|
||||
|
||||
// return an error if there are more than 10 bad vulns
|
||||
lenBadVulns := len(store["High"]) + len(store["Critical"]) + len(store["Defcon1"])
|
||||
if lenBadVulns > 10 {
|
||||
logrus.Fatalf("%d bad vunerabilities found", lenBadVulns)
|
||||
logrus.Fatalf("%d bad vulnerabilities found", lenBadVulns)
|
||||
}
|
||||
|
||||
return nil
|
||||
|
|
Loading…
Reference in a new issue