🐛 fix trivyoperator tags

DefectDojo · Nov 17, 2024 · 6786679 · 6786679
1 parent 5168154
commit 6786679
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 4 deletions.
diff --git a/dojo/tools/trivy_operator/checks_handler.py b/dojo/tools/trivy_operator/checks_handler.py
@@ -45,8 +45,9 @@ def handle_checks(self, labels, checks, test):
                 static_finding=True,
                 dynamic_finding=False,
                 service=service,
-                tags=[resource_namespace],
             )
+            if resource_namespace != "":
+                finding.tags=resource_namespace,
             if check_id:
                 finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(check_id)]
             findings.append(finding)

diff --git a/dojo/tools/trivy_operator/secrets_handler.py b/dojo/tools/trivy_operator/secrets_handler.py
@@ -53,7 +53,8 @@ def handle_secrets(self, labels, secrets, test):
                 static_finding=True,
                 dynamic_finding=False,
                 service=service,
-                tags=[resource_namespace],
             )
+            if resource_namespace != "":
+                finding.tags=resource_namespace,
             findings.append(finding)
         return findings
diff --git a/dojo/tools/trivy_operator/vulnerability_handler.py b/dojo/tools/trivy_operator/vulnerability_handler.py
@@ -83,8 +83,9 @@ def handle_vulns(self, labels, vulnerabilities, test):
                 dynamic_finding=False,
                 service=service,
                 file_path=file_path,
-                tags=finding_tags,
             )
+            if finding_tags != "":
+                finding.tags=finding_tags,
             if vuln_id:
                 finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(vuln_id)]
             findings.append(finding)

diff --git a/unittests/tools/test_trivy_operator_parser.py b/unittests/tools/test_trivy_operator_parser.py
@@ -129,7 +129,7 @@ def test_vulnerabilityreport_extended(self):
             self.assertEqual("3.6.13-2ubuntu1.10", finding.mitigation)
             self.assertEqual(5.9, finding.cvssv3_score)
             self.assertEqual("ubuntu:20.04 (ubuntu 20.04)", finding.file_path)
-            self.assertEqual("lbc, os-pkgs, ubuntu", str(finding.tags))
+            self.assertEqual('"[\'lbc\', \'ubuntu\', \'os-pkgs\']"', str(finding.tags))
 
     def test_cis_benchmark(self):
         with open(sample_path("cis_benchmark.json"), encoding="utf-8") as test_file: