From 251cdf1c73e3971a38a275052058069a716ee02f Mon Sep 17 00:00:00 2001 From: Robert Auer Date: Mon, 18 Nov 2024 14:56:41 +0100 Subject: [PATCH] Add invalid image name test; #136 --- src/com/cloudogu/ces/cesbuildlib/Trivy.groovy | 12 +++++++----- .../cloudogu/ces/cesbuildlib/TrivyTest.groovy | 18 ++++++++++++++++++ 2 files changed, 25 insertions(+), 5 deletions(-) create mode 100644 test/com/cloudogu/ces/cesbuildlib/TrivyTest.groovy diff --git a/src/com/cloudogu/ces/cesbuildlib/Trivy.groovy b/src/com/cloudogu/ces/cesbuildlib/Trivy.groovy index 752c4bfe..4c944008 100644 --- a/src/com/cloudogu/ces/cesbuildlib/Trivy.groovy +++ b/src/com/cloudogu/ces/cesbuildlib/Trivy.groovy @@ -1,10 +1,10 @@ package com.cloudogu.ces.cesbuildlib class Trivy implements Serializable { - def script - String trivyReportFilename + private script + private String trivyReportFilename - Trivy(script, String trivyReportFilename = "${env.WORKSPACE}/.trivy/trivyReport.json") { + Trivy(script, String trivyReportFilename = "${script.env.WORKSPACE}/.trivy/trivyReport.json") { this.script = script this.trivyReportFilename = trivyReportFilename } @@ -16,7 +16,7 @@ class Trivy implements Serializable { * - This function will generate a JSON formatted report file which can be converted to other formats via saveFormattedTrivyReport() * - Evaluate via exit codes: 0 = no vulnerability; 1 = vulnerabilities found; other = function call failed * - * @param imageName The image name; may include version tag + * @param imageName The name of the image to be scanned; may include a version tag * @param trivyVersion The version of Trivy used for scanning * @param additionalFlags Additional Trivy command flags * @param scanLevel The vulnerability level to scan. Can be a member of TrivyScanLevel or a custom String (e.g. 'CRITICAL,LOW') @@ -24,11 +24,13 @@ class Trivy implements Serializable { * // TODO: A strategy could be implemented by the user via the exit codes of this function. Should we remove the strategy parameter? * @return Returns 0 if the scan was ok (no vulnerability found); returns 1 if any vulnerability was found */ - int scanImage(String imageName, String trivyVersion = "0.57.0", String additionalFlags, String scanLevel = TrivyScanLevel.CRITICAL, String strategy = TrivyScanStrategy.FAIL) { + int scanImage(String imageName, String trivyVersion = "0.57.0", String additionalFlags = "", String scanLevel = TrivyScanLevel.CRITICAL, String strategy = TrivyScanStrategy.FAIL) { + int exitCode = 255 // TODO: Run trivy scan inside Docker container, e.g. via Jenkins' Docker.image() function // See runTrivyInDocker function: https://github.com/cloudogu/ces-build-lib/blob/c48273409f8f506e31872fe2857650bbfc76a222/vars/findVulnerabilitiesWithTrivy.groovy#L48 // TODO: Write result to trivyReportFile in json format (--format json), which can be converted in the saveFormattedTrivyReport function // TODO: Include .trivyignore file, if existent. Do not fail if .trivyignore file does not exist. + return exitCode } /** diff --git a/test/com/cloudogu/ces/cesbuildlib/TrivyTest.groovy b/test/com/cloudogu/ces/cesbuildlib/TrivyTest.groovy new file mode 100644 index 00000000..9ce57f65 --- /dev/null +++ b/test/com/cloudogu/ces/cesbuildlib/TrivyTest.groovy @@ -0,0 +1,18 @@ +package com.cloudogu.ces.cesbuildlib + +class TrivyTest extends GroovyTestCase { + + void testScanImage_invalidImageName() { + def scriptMock = new ScriptMock() + scriptMock.env.WORKSPACE = "." + Trivy trivy = new Trivy(scriptMock) + + int result = trivy.scanImage("invalid///:::1.1.!!.1.1") + + assertNotSame(0, result) + assertNotSame(1, result) + } + + void testSaveFormattedTrivyReport() { + } +}