From 72e3a71f144dac566d976c16f2d10652dfee0ad8 Mon Sep 17 00:00:00 2001 From: afdesk Date: Mon, 18 Nov 2024 17:27:53 +0600 Subject: [PATCH 1/2] fix(k8s): check all results for vulnerabilities --- pkg/k8s/report/report.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkg/k8s/report/report.go b/pkg/k8s/report/report.go index 947d39de14b8..1f1c1ec50d93 100644 --- a/pkg/k8s/report/report.go +++ b/pkg/k8s/report/report.go @@ -280,7 +280,12 @@ func shouldAddToReport(scanners types.Scanners) bool { } func vulnerabilitiesOrSecretResource(resource Resource) bool { - return len(resource.Results) > 0 && (len(resource.Results[0].Vulnerabilities) > 0 || len(resource.Results[0].Secrets) > 0) + for _, result := range resource.Results { + if len(result.Vulnerabilities) > 0 || len(resource.Results[0].Secrets) > 0 { + return true + } + } + return false } func misconfigsResource(resource Resource) bool { From 09b00c19b73d1f1fa382fd15e93835f2bd38c87a Mon Sep 17 00:00:00 2001 From: afdesk Date: Mon, 18 Nov 2024 18:36:18 +0600 Subject: [PATCH 2/2] test: add test case --- pkg/k8s/report/report_test.go | 68 +++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/pkg/k8s/report/report_test.go b/pkg/k8s/report/report_test.go index 9ba663dc4783..61d382246cd0 100644 --- a/pkg/k8s/report/report_test.go +++ b/pkg/k8s/report/report_test.go @@ -118,6 +118,58 @@ var ( }, }, } + deployOrionWithThirdVulns = Resource{ + Namespace: "default", + Kind: "Deploy", + Name: "orion", + Metadata: []types.Metadata{ + { + ImageID: "123", + RepoTags: []string{ + "alpine:3.14", + }, + RepoDigests: []string{ + "alpine:3.14@sha256:8fe1727132b2506c17ba0e1f6a6ed8a016bb1f5735e43b2738cd3fd1979b6260", + }, + }, + }, + Results: types.Results{ + {}, + {}, + { + Vulnerabilities: []types.DetectedVulnerability{ + { + VulnerabilityID: "CVE-2022-1111", + Vulnerability: dbTypes.Vulnerability{Severity: "LOW"}, + }, + { + VulnerabilityID: "CVE-2022-2222", + Vulnerability: dbTypes.Vulnerability{Severity: "MEDIUM"}, + }, + { + VulnerabilityID: "CVE-2022-3333", + Vulnerability: dbTypes.Vulnerability{Severity: "HIGH"}, + }, + { + VulnerabilityID: "CVE-2022-4444", + Vulnerability: dbTypes.Vulnerability{Severity: "CRITICAL"}, + }, + { + VulnerabilityID: "CVE-2022-5555", + Vulnerability: dbTypes.Vulnerability{Severity: "UNKNOWN"}, + }, + { + VulnerabilityID: "CVE-2022-6666", + Vulnerability: dbTypes.Vulnerability{Severity: "CRITICAL"}, + }, + { + VulnerabilityID: "CVE-2022-7777", + Vulnerability: dbTypes.Vulnerability{Severity: "MEDIUM"}, + }, + }, + }, + }, + } orionDeployWithAnotherMisconfig = Resource{ Namespace: "default", @@ -492,6 +544,17 @@ func TestReport_consolidate(t *testing.T) { "default/cronjob/hello": cronjobHelloWithVulns, }, }, + { + name: "report with vulnerabilities in the third result", + report: Report{ + Resources: []Resource{ + deployOrionWithThirdVulns, + }, + }, + expectedFindings: map[string]Resource{ + "default/deploy/orion": deployOrionWithThirdVulns, + }, + }, { name: "report with misconfigs in image and pod", report: Report{ @@ -521,6 +584,11 @@ func TestReport_consolidate(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { consolidateReport := tt.report.consolidate() + + if len(consolidateReport.Findings) != len(tt.expectedFindings) { + t.Errorf("expected %d findings, got %d", len(tt.expectedFindings), len(consolidateReport.Findings)) + } + for _, f := range consolidateReport.Findings { key := f.fullname()