From 24c8f21c84c733a5de7cc3c9265f23b6a1914d9b Mon Sep 17 00:00:00 2001 From: Amir Malka Date: Wed, 25 Dec 2024 13:18:28 +0200 Subject: [PATCH] fix: scan complete application profiles (#278) * * Fix missing JobIDs in ApplicationProfile scans * Change instance ID field in image scan command to use slug (reverts changes in bf8a74795b7e163eaf76c655a86f91d40ce62bc4) Signed-off-by: Amir Malka * relevancy scan only for complete application profiles Signed-off-by: Amir Malka --------- Signed-off-by: Amir Malka --- mainhandler/vulnscan.go | 10 +++++-- utils/applicationprofile.go | 4 +++ utils/applicationprofile_test.go | 47 ++++++++++++++++++++++++++++---- 3 files changed, 53 insertions(+), 8 deletions(-) diff --git a/mainhandler/vulnscan.go b/mainhandler/vulnscan.go index 31329f3..65059cc 100644 --- a/mainhandler/vulnscan.go +++ b/mainhandler/vulnscan.go @@ -498,6 +498,10 @@ func (actionHandler *ActionHandler) scanApplicationProfile(ctx context.Context, }, } + if actionHandler.reporter != nil { + prepareSessionChain(sessionObj, cmd, actionHandler) + } + if err := sendCommandToScanner(ctx, actionHandler.config, cmd, apis.TypeScanApplicationProfile); err != nil { return fmt.Errorf("failed to send command to scanner with err %v", err) } @@ -532,9 +536,9 @@ func (actionHandler *ActionHandler) getImageScanCommand(containerData *utils.Con cmd.Args[identifiers.AttributeUseHTTP] = true } - // Add instanceID only if not empty - if containerData.InstanceID != "" { - cmd.InstanceID = &containerData.InstanceID + // Add instanceID only if container is not empty + if containerData.Slug != "" { + cmd.InstanceID = &containerData.Slug } if actionHandler.reporter != nil { prepareSessionChain(sessionObj, cmd, actionHandler) diff --git a/utils/applicationprofile.go b/utils/applicationprofile.go index 5e6a3a4..f1e1b4c 100644 --- a/utils/applicationprofile.go +++ b/utils/applicationprofile.go @@ -25,6 +25,10 @@ func SkipApplicationProfile(annotations map[string]string) (bool, error) { return true, fmt.Errorf("no annotations") // skip } + if completionStatus, ok := annotations[helpersv1.CompletionMetadataKey]; !ok || completionStatus != helpersv1.Complete { + return true, fmt.Errorf("partial - workload restart required") // skip + } + if status, ok := annotations[helpersv1.StatusMetadataKey]; ok && !slices.Contains(ann, status) { return true, fmt.Errorf("invalid status") } diff --git a/utils/applicationprofile_test.go b/utils/applicationprofile_test.go index 75d64bf..0d1438a 100644 --- a/utils/applicationprofile_test.go +++ b/utils/applicationprofile_test.go @@ -18,6 +18,7 @@ func TestSkipApplicationProfile(t *testing.T) { { name: "status is empty", annotations: map[string]string{ + helpersv1.CompletionMetadataKey: "complete", helpersv1.StatusMetadataKey: "", helpersv1.WlidMetadataKey: "wlid", helpersv1.InstanceIDMetadataKey: "instanceID", @@ -27,15 +28,49 @@ func TestSkipApplicationProfile(t *testing.T) { { name: "status is Ready", annotations: map[string]string{ + helpersv1.CompletionMetadataKey: "complete", helpersv1.StatusMetadataKey: helpersv1.Ready, helpersv1.WlidMetadataKey: "wlid", helpersv1.InstanceIDMetadataKey: "instanceID", }, wantSkip: false, }, + { + name: "partial AP", + annotations: map[string]string{ + helpersv1.CompletionMetadataKey: "partial", + helpersv1.StatusMetadataKey: helpersv1.Ready, + helpersv1.WlidMetadataKey: "wlid", + helpersv1.InstanceIDMetadataKey: "instanceID", + }, + wantSkip: true, + expectedErr: fmt.Errorf("partial - workload restart required"), + }, + { + name: "invalid completion status", + annotations: map[string]string{ + helpersv1.CompletionMetadataKey: "invalid", + helpersv1.StatusMetadataKey: helpersv1.Ready, + helpersv1.WlidMetadataKey: "wlid", + helpersv1.InstanceIDMetadataKey: "instanceID", + }, + wantSkip: true, + expectedErr: fmt.Errorf("partial - workload restart required"), + }, + { + name: "missing completion status", + annotations: map[string]string{ + helpersv1.StatusMetadataKey: helpersv1.Ready, + helpersv1.WlidMetadataKey: "wlid", + helpersv1.InstanceIDMetadataKey: "instanceID", + }, + wantSkip: true, + expectedErr: fmt.Errorf("partial - workload restart required"), + }, { name: "status is Completed", annotations: map[string]string{ + helpersv1.CompletionMetadataKey: "complete", helpersv1.StatusMetadataKey: helpersv1.Completed, helpersv1.WlidMetadataKey: "wlid", helpersv1.InstanceIDMetadataKey: "instanceID", @@ -45,13 +80,14 @@ func TestSkipApplicationProfile(t *testing.T) { { name: "status is not recognized", annotations: map[string]string{ - helpersv1.StatusMetadataKey: "NotRecognized", + helpersv1.CompletionMetadataKey: "complete", + helpersv1.StatusMetadataKey: "NotRecognized", }, wantSkip: true, expectedErr: fmt.Errorf("invalid status"), }, { - name: "no status annotation", + name: "no annotations", annotations: map[string]string{}, wantSkip: true, expectedErr: fmt.Errorf("no annotations"), @@ -59,18 +95,19 @@ func TestSkipApplicationProfile(t *testing.T) { { name: "missing instance WLID annotation", annotations: map[string]string{ + helpersv1.CompletionMetadataKey: "complete", helpersv1.StatusMetadataKey: helpersv1.Ready, helpersv1.InstanceIDMetadataKey: "instanceID", }, wantSkip: true, expectedErr: fmt.Errorf("missing WLID annotation"), }, - { name: "missing instance ID annotation", annotations: map[string]string{ - helpersv1.StatusMetadataKey: helpersv1.Ready, - helpersv1.WlidMetadataKey: "wlid", + helpersv1.CompletionMetadataKey: "complete", + helpersv1.StatusMetadataKey: helpersv1.Ready, + helpersv1.WlidMetadataKey: "wlid", }, wantSkip: true, expectedErr: fmt.Errorf("missing InstanceID annotation"),