Skip to content

Commit

Permalink
Do not panic if there are no vulnerabilities / Fix severity parsing
Browse files Browse the repository at this point in the history
  • Loading branch information
SaschaSchwarze0 committed Jun 15, 2024
1 parent 6b9b180 commit 7f043da
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 5 deletions.
8 changes: 6 additions & 2 deletions pkg/reconciler/buildrun/resources/results.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,8 +82,12 @@ func getTaskSpecResults() []pipelineapi.TaskResult {
}

func getImageVulnerabilitiesResult(result pipelineapi.TaskRunResult) []build.Vulnerability {
vulnerabilities := strings.Split(result.Value.StringVal, ",")
var vulns []build.Vulnerability
if len(result.Value.StringVal) == 0 {
return vulns
}

vulnerabilities := strings.Split(result.Value.StringVal, ",")
for _, vulnerability := range vulnerabilities {
vuln := strings.Split(vulnerability, ":")
severity := getSeverity(vuln[1])
Expand All @@ -96,7 +100,7 @@ func getImageVulnerabilitiesResult(result pipelineapi.TaskRunResult) []build.Vul
}

func getSeverity(sev string) build.VulnerabilitySeverity {
switch sev {
switch strings.ToUpper(sev) {
case "L":
return build.Low
case "M":
Expand Down
37 changes: 34 additions & 3 deletions pkg/reconciler/buildrun/resources/results_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,9 +106,8 @@ var _ = Describe("TaskRun results to BuildRun", func() {
Expect(br.Status.Source.OciArtifact.Digest).To(Equal(bundleImageDigest))
})

It("should surface the TaskRun results emitting from output step", func() {
It("should surface the TaskRun results emitting from output step with image vulnerabilities", func() {
imageDigest := "sha256:fe1b73cd25ac3f11dec752755e2"
vulns := `CVE-2019-12900:C,CVE-2019-8457:H`
tr.Status.Results = append(tr.Status.Results,
pipelineapi.TaskRunResult{
Name: "shp-image-digest",
Expand All @@ -128,7 +127,7 @@ var _ = Describe("TaskRun results to BuildRun", func() {
Name: "shp-image-vulnerabilities",
Value: pipelineapi.ParamValue{
Type: pipelineapi.ParamTypeString,
StringVal: vulns,
StringVal: "CVE-2019-12900:c,CVE-2019-8457:h",
},
})

Expand All @@ -141,6 +140,38 @@ var _ = Describe("TaskRun results to BuildRun", func() {
Expect(br.Status.Output.Vulnerabilities[0].Severity).To(Equal(build.Critical))
})

It("should surface the TaskRun results emitting from output step without image vulnerabilities", func() {
imageDigest := "sha256:fe1b73cd25ac3f11dec752755e2"
tr.Status.Results = append(tr.Status.Results,
pipelineapi.TaskRunResult{
Name: "shp-image-digest",
Value: pipelineapi.ParamValue{
Type: pipelineapi.ParamTypeString,
StringVal: imageDigest,
},
},
pipelineapi.TaskRunResult{
Name: "shp-image-size",
Value: pipelineapi.ParamValue{
Type: pipelineapi.ParamTypeString,
StringVal: "230",
},
},
pipelineapi.TaskRunResult{
Name: "shp-image-vulnerabilities",
Value: pipelineapi.ParamValue{
Type: pipelineapi.ParamTypeString,
StringVal: "",
},
})

resources.UpdateBuildRunUsingTaskResults(ctx, br, tr.Status.Results, taskRunRequest)

Expect(br.Status.Output.Digest).To(Equal(imageDigest))
Expect(br.Status.Output.Size).To(Equal(int64(230)))
Expect(br.Status.Output.Vulnerabilities).To(HaveLen(0))
})

It("should surface the TaskRun results emitting from source and output step", func() {
commitSha := "0e0583421a5e4bf562ffe33f3651e16ba0c78591"
imageDigest := "sha256:fe1b73cd25ac3f11dec752755e2"
Expand Down

0 comments on commit 7f043da

Please sign in to comment.