From 1571d0df47eacc87b926301a83122c3bdbf4cf5f Mon Sep 17 00:00:00 2001 From: smtan Date: Thu, 5 Sep 2024 10:35:36 +0800 Subject: [PATCH] fix: support k8s multi container --- pkg/k8s/report/report.go | 58 +++++++++++++++++++++++++++++++++------ pkg/k8s/report/summary.go | 2 +- 2 files changed, 51 insertions(+), 9 deletions(-) diff --git a/pkg/k8s/report/report.go b/pkg/k8s/report/report.go index e71c218bf864..94faa548cb1c 100644 --- a/pkg/k8s/report/report.go +++ b/pkg/k8s/report/report.go @@ -49,7 +49,7 @@ type Report struct { type ConsolidatedReport struct { SchemaVersion int `json:",omitempty"` ClusterName string - Findings []Resource `json:",omitempty"` + Findings []ConsolidatedResource `json:",omitempty"` } // Resource represents a kubernetes resource report @@ -65,10 +65,26 @@ type Resource struct { Report types.Report `json:"-"` } +type ConsolidatedResource struct { + Namespace string `json:",omitempty"` + Kind string + Name string + Metadata []types.Metadata `json:",omitempty"` + Results types.Results `json:",omitempty"` + Error string `json:",omitempty"` + + // original report + Report types.Report `json:"-"` +} + func (r Resource) fullname() string { return strings.ToLower(fmt.Sprintf("%s/%s/%s", r.Namespace, r.Kind, r.Name)) } +func (r ConsolidatedResource) fullname() string { + return strings.ToLower(fmt.Sprintf("%s/%s/%s", r.Namespace, r.Kind, r.Name)) +} + // Failed returns whether the k8s report includes any vulnerabilities or misconfigurations func (r Report) Failed() bool { for _, v := range r.Resources { @@ -85,25 +101,28 @@ func (r Report) consolidate() ConsolidatedReport { ClusterName: r.ClusterName, } - index := make(map[string]Resource) + crIndex := make(map[string]ConsolidatedResource) var vulnerabilities []Resource for _, m := range r.Resources { if vulnerabilitiesOrSecretResource(m) { vulnerabilities = append(vulnerabilities, m) } else { - index[m.fullname()] = m + crIndex[m.fullname()] = toConsolidatedResource(m, []types.Metadata{m.Metadata}) } } + mdIndex := make(map[string]types.Metadata) + consolidatedMetadata := []types.Metadata{} for _, v := range vulnerabilities { key := v.fullname() + consolidatedMetadata = consolidateMetadata(mdIndex, v.Metadata, consolidatedMetadata) - if res, ok := index[key]; ok { - index[key] = Resource{ + if res, ok := crIndex[key]; ok { + crIndex[key] = ConsolidatedResource{ Namespace: res.Namespace, Kind: res.Kind, Name: res.Name, - Metadata: res.Metadata, + Metadata: consolidatedMetadata, Results: append(res.Results, v.Results...), Error: res.Error, } @@ -111,10 +130,10 @@ func (r Report) consolidate() ConsolidatedReport { continue } - index[key] = v + crIndex[key] = toConsolidatedResource(v, consolidatedMetadata) } - consolidated.Findings = lo.Values(index) + consolidated.Findings = lo.Values(crIndex) return consolidated } @@ -280,3 +299,26 @@ func nodeKind(resource Resource) Resource { } return resource } + +func toConsolidatedResource(res Resource, consolidatedMetadata []types.Metadata) ConsolidatedResource { + return ConsolidatedResource{ + Namespace: res.Namespace, + Kind: res.Kind, + Name: res.Name, + Metadata: consolidatedMetadata, + Results: res.Results, + Error: res.Error, + Report: res.Report, + } +} + +func consolidateMetadata(index map[string]types.Metadata, metadata types.Metadata, consolidatedMetadata []types.Metadata) []types.Metadata { + key := metadata.ImageID + + if _, exists := index[key]; !exists { + index[key] = metadata + consolidatedMetadata = append(consolidatedMetadata, metadata) + } + + return consolidatedMetadata +} diff --git a/pkg/k8s/report/summary.go b/pkg/k8s/report/summary.go index 9a3d6ee39371..38474c0fc91c 100644 --- a/pkg/k8s/report/summary.go +++ b/pkg/k8s/report/summary.go @@ -161,7 +161,7 @@ func getRequiredSeverities(requiredSevs []dbTypes.Severity) ([]string, []string) return severities, severityHeadings } -func accumulateSeverityCounts(finding Resource) (map[string]int, map[string]int, map[string]int) { +func accumulateSeverityCounts(finding ConsolidatedResource) (map[string]int, map[string]int, map[string]int) { vCount := make(map[string]int) mCount := make(map[string]int) sCount := make(map[string]int)