Merge pull request #1623 from SaschaSchwarze0/sascha-fix-panic-empty-…

…vulnerabilities

Do not panic if there are no vulnerabilities / Fix severity parsing

pkg/reconciler/buildrun/resources/results.go

@@ -82,8 +82,12 @@ func getTaskSpecResults() []pipelineapi.TaskResult {
 }
 
 func getImageVulnerabilitiesResult(result pipelineapi.TaskRunResult) []build.Vulnerability {
-	vulnerabilities := strings.Split(result.Value.StringVal, ",")
 	var vulns []build.Vulnerability
+	if len(result.Value.StringVal) == 0 {
+		return vulns
+	}
+
+	vulnerabilities := strings.Split(result.Value.StringVal, ",")
 	for _, vulnerability := range vulnerabilities {
 		vuln := strings.Split(vulnerability, ":")
 		severity := getSeverity(vuln[1])
@@ -96,7 +100,7 @@ func getImageVulnerabilitiesResult(result pipelineapi.TaskRunResult) []build.Vul
 }
 
 func getSeverity(sev string) build.VulnerabilitySeverity {
-	switch sev {
+	switch strings.ToUpper(sev) {
 	case "L":
 		return build.Low
 	case "M":

pkg/reconciler/buildrun/resources/results_test.go

@@ -106,9 +106,8 @@ var _ = Describe("TaskRun results to BuildRun", func() {
 			Expect(br.Status.Source.OciArtifact.Digest).To(Equal(bundleImageDigest))
 		})
 
-		It("should surface the TaskRun results emitting from output step", func() {
+		It("should surface the TaskRun results emitting from output step with image vulnerabilities", func() {
 			imageDigest := "sha256:fe1b73cd25ac3f11dec752755e2"
-			vulns := `CVE-2019-12900:C,CVE-2019-8457:H`
 			tr.Status.Results = append(tr.Status.Results,
 				pipelineapi.TaskRunResult{
 					Name: "shp-image-digest",
@@ -128,7 +127,7 @@ var _ = Describe("TaskRun results to BuildRun", func() {
 					Name: "shp-image-vulnerabilities",
 					Value: pipelineapi.ParamValue{
 						Type:      pipelineapi.ParamTypeString,
-						StringVal: vulns,
+						StringVal: "CVE-2019-12900:c,CVE-2019-8457:h",
 					},
 				})
 
@@ -141,6 +140,38 @@ var _ = Describe("TaskRun results to BuildRun", func() {
 			Expect(br.Status.Output.Vulnerabilities[0].Severity).To(Equal(build.Critical))
 		})
 
+		It("should surface the TaskRun results emitting from output step without image vulnerabilities", func() {
+			imageDigest := "sha256:fe1b73cd25ac3f11dec752755e2"
+			tr.Status.Results = append(tr.Status.Results,
+				pipelineapi.TaskRunResult{
+					Name: "shp-image-digest",
+					Value: pipelineapi.ParamValue{
+						Type:      pipelineapi.ParamTypeString,
+						StringVal: imageDigest,
+					},
+				},
+				pipelineapi.TaskRunResult{
+					Name: "shp-image-size",
+					Value: pipelineapi.ParamValue{
+						Type:      pipelineapi.ParamTypeString,
+						StringVal: "230",
+					},
+				},
+				pipelineapi.TaskRunResult{
+					Name: "shp-image-vulnerabilities",
+					Value: pipelineapi.ParamValue{
+						Type:      pipelineapi.ParamTypeString,
+						StringVal: "",
+					},
+				})
+
+			resources.UpdateBuildRunUsingTaskResults(ctx, br, tr.Status.Results, taskRunRequest)
+
+			Expect(br.Status.Output.Digest).To(Equal(imageDigest))
+			Expect(br.Status.Output.Size).To(Equal(int64(230)))
+			Expect(br.Status.Output.Vulnerabilities).To(HaveLen(0))
+		})
+
 		It("should surface the TaskRun results emitting from source and output step", func() {
 			commitSha := "0e0583421a5e4bf562ffe33f3651e16ba0c78591"
 			imageDigest := "sha256:fe1b73cd25ac3f11dec752755e2"