Add invalid image name test; #136

cloudogu · Nov 18, 2024 · 251cdf1 · 251cdf1
1 parent c2897fb
commit 251cdf1
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 5 deletions.
diff --git a/src/com/cloudogu/ces/cesbuildlib/Trivy.groovy b/src/com/cloudogu/ces/cesbuildlib/Trivy.groovy
@@ -1,10 +1,10 @@
 package com.cloudogu.ces.cesbuildlib
 
 class Trivy implements Serializable {
-    def script
-    String trivyReportFilename
+    private script
+    private String trivyReportFilename
 
-    Trivy(script, String trivyReportFilename = "${env.WORKSPACE}/.trivy/trivyReport.json") {
+    Trivy(script, String trivyReportFilename = "${script.env.WORKSPACE}/.trivy/trivyReport.json") {
         this.script = script
         this.trivyReportFilename = trivyReportFilename
     }
@@ -16,19 +16,21 @@ class Trivy implements Serializable {
      * - This function will generate a JSON formatted report file which can be converted to other formats via saveFormattedTrivyReport()
      * - Evaluate via exit codes: 0 = no vulnerability; 1 = vulnerabilities found; other = function call failed
      *
-     * @param imageName The image name; may include version tag
+     * @param imageName The name of the image to be scanned; may include a version tag
      * @param trivyVersion The version of Trivy used for scanning
      * @param additionalFlags Additional Trivy command flags
      * @param scanLevel The vulnerability level to scan. Can be a member of TrivyScanLevel or a custom String (e.g. 'CRITICAL,LOW')
      * @param strategy The strategy to follow after the scan. Should the build become unstable or failed? Or Should any vulnerability be ignored? (@see TrivyScanStrategy)
      * // TODO: A strategy could be implemented by the user via the exit codes of this function. Should we remove the strategy parameter?
      * @return Returns 0 if the scan was ok (no vulnerability found); returns 1 if any vulnerability was found
      */
-    int scanImage(String imageName, String trivyVersion = "0.57.0", String additionalFlags, String scanLevel = TrivyScanLevel.CRITICAL, String strategy = TrivyScanStrategy.FAIL) {
+    int scanImage(String imageName, String trivyVersion = "0.57.0", String additionalFlags = "", String scanLevel = TrivyScanLevel.CRITICAL, String strategy = TrivyScanStrategy.FAIL) {
+        int exitCode = 255
         // TODO: Run trivy scan inside Docker container, e.g. via Jenkins' Docker.image() function
         // See runTrivyInDocker function: https://github.com/cloudogu/ces-build-lib/blob/c48273409f8f506e31872fe2857650bbfc76a222/vars/findVulnerabilitiesWithTrivy.groovy#L48
         // TODO: Write result to trivyReportFile in json format (--format json), which can be converted in the saveFormattedTrivyReport function
         // TODO: Include .trivyignore file, if existent. Do not fail if .trivyignore file does not exist.
+        return exitCode
     }
 
    /**

diff --git a/test/com/cloudogu/ces/cesbuildlib/TrivyTest.groovy b/test/com/cloudogu/ces/cesbuildlib/TrivyTest.groovy
@@ -0,0 +1,18 @@
+package com.cloudogu.ces.cesbuildlib
+
+class TrivyTest extends GroovyTestCase {
+
+    void testScanImage_invalidImageName() {
+        def scriptMock = new ScriptMock()
+        scriptMock.env.WORKSPACE = "."
+        Trivy trivy = new Trivy(scriptMock)
+
+        int result = trivy.scanImage("invalid///:::1.1.!!.1.1")
+
+        assertNotSame(0, result)
+        assertNotSame(1, result)
+    }
+
+    void testSaveFormattedTrivyReport() {
+    }
+}