Infrastructure/zot
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2025-03-18 02:22:53 -05:00
Code Issues Activity

fix(ci): trivy test to expect 3 CVEs instead of 2 in the vulnerable test layer (#1623)

Browse source 
Trivy started detecting CVE-2023-2975, so one of the checks expecting only 2 CVEs was failing

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
This commit is contained in:
Andrei Aaron 2023-07-16 18:27:59 +03:00 committed by GitHub
parent 6cd4455da1
commit 0a5241b025
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
pkg/extensions/search/cve/trivy/scanner_test.go
View file

@ -73,6 +73,7 @@ func TestScanningByDigest(t *testing.T) {
So(err, ShouldBeNil)
So(cveMap, ShouldContainKey, test.Vulnerability1ID)
So(cveMap, ShouldContainKey, test.Vulnerability2ID)
So(cveMap, ShouldContainKey, test.Vulnerability3ID)
cveMap, err = scanner.ScanImage("multi-arch@" + simpleDigest.String())
So(err, ShouldBeNil)
@ -82,11 +83,13 @@ func TestScanningByDigest(t *testing.T) {
So(err, ShouldBeNil)
So(cveMap, ShouldContainKey, test.Vulnerability1ID)
So(cveMap, ShouldContainKey, test.Vulnerability2ID)
So(cveMap, ShouldContainKey, test.Vulnerability3ID)
cveMap, err = scanner.ScanImage("multi-arch:multi-arch-tag")
So(err, ShouldBeNil)
So(cveMap, ShouldContainKey, test.Vulnerability1ID)
So(cveMap, ShouldContainKey, test.Vulnerability2ID)
So(cveMap, ShouldContainKey, test.Vulnerability3ID)
})
}
@ -181,6 +184,9 @@ func TestVulnerableLayer(t *testing.T) {
cveMap, err := scanner.ScanImage("repo@" + imgDigest.String())
So(err, ShouldBeNil)
So(len(cveMap), ShouldEqual, 2)
t.Logf("cveMap: %v", cveMap)
// As of July 15 2023 there are 3 CVEs: CVE-2023-1255, CVE-2023-2650, CVE-2023-2975
// There may be more discovered in the future
So(len(cveMap), ShouldBeGreaterThanOrEqualTo, 3)
})
}

3
pkg/test/common.go
View file

@ -639,10 +639,11 @@ func GetRandomImageComponents(layerSize int) (ispec.Image, [][]byte, ispec.Manif
return config, layers, manifest, nil
}
// These are the 2 vulnerabilities found for the returned image by the GetVulnImage function.
// These are the 3 vulnerabilities found for the returned image by the GetVulnImage function.
const (
Vulnerability1ID = "CVE-2023-2650"
Vulnerability2ID = "CVE-2023-1255"
Vulnerability3ID = "CVE-2023-2975"
)
func GetVulnImage(ref string) (Image, error) {