From 6786679665c4c76ac0d59c1577d573d38ef20989 Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Sun, 17 Nov 2024 15:05:02 +0100 Subject: [PATCH 1/5] :bug: fix trivyoperator tags --- dojo/tools/trivy_operator/checks_handler.py | 3 ++- dojo/tools/trivy_operator/secrets_handler.py | 3 ++- dojo/tools/trivy_operator/vulnerability_handler.py | 3 ++- unittests/tools/test_trivy_operator_parser.py | 2 +- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/dojo/tools/trivy_operator/checks_handler.py b/dojo/tools/trivy_operator/checks_handler.py index 2a260ff5680..559dc1c1a70 100644 --- a/dojo/tools/trivy_operator/checks_handler.py +++ b/dojo/tools/trivy_operator/checks_handler.py @@ -45,8 +45,9 @@ def handle_checks(self, labels, checks, test): static_finding=True, dynamic_finding=False, service=service, - tags=[resource_namespace], ) + if resource_namespace != "": + finding.tags=resource_namespace, if check_id: finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(check_id)] findings.append(finding) diff --git a/dojo/tools/trivy_operator/secrets_handler.py b/dojo/tools/trivy_operator/secrets_handler.py index 6509835b4f1..82e10eaa52a 100644 --- a/dojo/tools/trivy_operator/secrets_handler.py +++ b/dojo/tools/trivy_operator/secrets_handler.py @@ -53,7 +53,8 @@ def handle_secrets(self, labels, secrets, test): static_finding=True, dynamic_finding=False, service=service, - tags=[resource_namespace], ) + if resource_namespace != "": + finding.tags=resource_namespace, findings.append(finding) return findings diff --git a/dojo/tools/trivy_operator/vulnerability_handler.py b/dojo/tools/trivy_operator/vulnerability_handler.py index 99faa009d1b..79c4c0b3adf 100644 --- a/dojo/tools/trivy_operator/vulnerability_handler.py +++ b/dojo/tools/trivy_operator/vulnerability_handler.py @@ -83,8 +83,9 @@ def handle_vulns(self, labels, vulnerabilities, test): dynamic_finding=False, service=service, file_path=file_path, - tags=finding_tags, ) + if finding_tags != "": + finding.tags=finding_tags, if vuln_id: finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(vuln_id)] findings.append(finding) diff --git a/unittests/tools/test_trivy_operator_parser.py b/unittests/tools/test_trivy_operator_parser.py index 0acf11cb70b..6ec2fcbaab6 100644 --- a/unittests/tools/test_trivy_operator_parser.py +++ b/unittests/tools/test_trivy_operator_parser.py @@ -129,7 +129,7 @@ def test_vulnerabilityreport_extended(self): self.assertEqual("3.6.13-2ubuntu1.10", finding.mitigation) self.assertEqual(5.9, finding.cvssv3_score) self.assertEqual("ubuntu:20.04 (ubuntu 20.04)", finding.file_path) - self.assertEqual("lbc, os-pkgs, ubuntu", str(finding.tags)) + self.assertEqual('"[\'lbc\', \'ubuntu\', \'os-pkgs\']"', str(finding.tags)) def test_cis_benchmark(self): with open(sample_path("cis_benchmark.json"), encoding="utf-8") as test_file: From 910d7937781e66e77cd0f96b2bd4de8ffada6234 Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Sun, 17 Nov 2024 15:13:23 +0100 Subject: [PATCH 2/5] ruff --- dojo/tools/trivy_operator/checks_handler.py | 2 +- dojo/tools/trivy_operator/secrets_handler.py | 2 +- dojo/tools/trivy_operator/vulnerability_handler.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dojo/tools/trivy_operator/checks_handler.py b/dojo/tools/trivy_operator/checks_handler.py index 559dc1c1a70..66e4199cfb7 100644 --- a/dojo/tools/trivy_operator/checks_handler.py +++ b/dojo/tools/trivy_operator/checks_handler.py @@ -47,7 +47,7 @@ def handle_checks(self, labels, checks, test): service=service, ) if resource_namespace != "": - finding.tags=resource_namespace, + finding.tags = resource_namespace if check_id: finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(check_id)] findings.append(finding) diff --git a/dojo/tools/trivy_operator/secrets_handler.py b/dojo/tools/trivy_operator/secrets_handler.py index 82e10eaa52a..018c3650c39 100644 --- a/dojo/tools/trivy_operator/secrets_handler.py +++ b/dojo/tools/trivy_operator/secrets_handler.py @@ -55,6 +55,6 @@ def handle_secrets(self, labels, secrets, test): service=service, ) if resource_namespace != "": - finding.tags=resource_namespace, + finding.tags = resource_namespace findings.append(finding) return findings diff --git a/dojo/tools/trivy_operator/vulnerability_handler.py b/dojo/tools/trivy_operator/vulnerability_handler.py index 79c4c0b3adf..c8aa73a7c13 100644 --- a/dojo/tools/trivy_operator/vulnerability_handler.py +++ b/dojo/tools/trivy_operator/vulnerability_handler.py @@ -85,7 +85,7 @@ def handle_vulns(self, labels, vulnerabilities, test): file_path=file_path, ) if finding_tags != "": - finding.tags=finding_tags, + finding.tags = finding_tags if vuln_id: finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(vuln_id)] findings.append(finding) From e649f9a52cb85afbbd794f5dbe4163753e25b112 Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Sun, 17 Nov 2024 16:09:33 +0100 Subject: [PATCH 3/5] fix unittest --- unittests/tools/test_trivy_operator_parser.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unittests/tools/test_trivy_operator_parser.py b/unittests/tools/test_trivy_operator_parser.py index 6ec2fcbaab6..0acf11cb70b 100644 --- a/unittests/tools/test_trivy_operator_parser.py +++ b/unittests/tools/test_trivy_operator_parser.py @@ -129,7 +129,7 @@ def test_vulnerabilityreport_extended(self): self.assertEqual("3.6.13-2ubuntu1.10", finding.mitigation) self.assertEqual(5.9, finding.cvssv3_score) self.assertEqual("ubuntu:20.04 (ubuntu 20.04)", finding.file_path) - self.assertEqual('"[\'lbc\', \'ubuntu\', \'os-pkgs\']"', str(finding.tags)) + self.assertEqual("lbc, os-pkgs, ubuntu", str(finding.tags)) def test_cis_benchmark(self): with open(sample_path("cis_benchmark.json"), encoding="utf-8") as test_file: From e4b9f52c271c4f9659bd2870106b2cd6a19d5bd2 Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Tue, 19 Nov 2024 01:34:48 +0100 Subject: [PATCH 4/5] review --- dojo/tools/trivy_operator/vulnerability_handler.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/dojo/tools/trivy_operator/vulnerability_handler.py b/dojo/tools/trivy_operator/vulnerability_handler.py index c8aa73a7c13..f6df4be9d6c 100644 --- a/dojo/tools/trivy_operator/vulnerability_handler.py +++ b/dojo/tools/trivy_operator/vulnerability_handler.py @@ -83,9 +83,8 @@ def handle_vulns(self, labels, vulnerabilities, test): dynamic_finding=False, service=service, file_path=file_path, + tags = [tag for tag in finding_tags if tag != ""] ) - if finding_tags != "": - finding.tags = finding_tags if vuln_id: finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(vuln_id)] findings.append(finding) From 925890f3cd3942913084fc986cae22c7bd10c0c0 Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Tue, 19 Nov 2024 01:38:13 +0100 Subject: [PATCH 5/5] ruff --- dojo/tools/trivy_operator/vulnerability_handler.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/tools/trivy_operator/vulnerability_handler.py b/dojo/tools/trivy_operator/vulnerability_handler.py index f6df4be9d6c..54a951cdc3f 100644 --- a/dojo/tools/trivy_operator/vulnerability_handler.py +++ b/dojo/tools/trivy_operator/vulnerability_handler.py @@ -83,7 +83,7 @@ def handle_vulns(self, labels, vulnerabilities, test): dynamic_finding=False, service=service, file_path=file_path, - tags = [tag for tag in finding_tags if tag != ""] + tags=[tag for tag in finding_tags if tag != ""], ) if vuln_id: finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(vuln_id)]