github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-16 20:38:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(cve): Fix CVE scanning in images containing Jar files (#1475)

Browse Source
This commit is contained in:
Andrei Aaron
2023-06-01 00:37:46 +03:00
committed by GitHub
parent 40180f878f
commit 96d00cd0ef
16 changed files with 185 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/cli/extensions_test.go
+26 -6
View File
@@ -641,6 +641,13 @@ func TestServeSearchEnabled(t *testing.T) {
substring := `"Extensions":{"Search":{"Enable":true,"CVE":null}`
found, err := readLogFileAndSearchString(logPath, substring, readLogFileTimeout)
if !found {
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
t.Log(string(data))
}
So(found, ShouldBeTrue)
So(err, ShouldBeNil)
})
@@ -680,20 +687,26 @@ func TestServeSearchEnabledCVE(t *testing.T) {
// to avoid data race when multiple go routines write to trivy DB instance.
WaitTillTrivyDBDownloadStarted(tempDir)
substring := "\"Search\":{\"Enable\":true,\"CVE\":{\"UpdateInterval\":3600000000000,\"Trivy\":null}}"
// The default config handling logic will convert the 1h interval to a 2h interval
substring := "\"Search\":{\"Enable\":true,\"CVE\":{\"UpdateInterval\":7200000000000,\"Trivy\":" +
"{\"DBRepository\":\"ghcr.io/aquasecurity/trivy-db\",\"JavaDBRepository\":\"ghcr.io/aquasecurity/trivy-java-db\"}}}"
found, err := readLogFileAndSearchString(logPath, substring, readLogFileTimeout)
defer func() {
if !found {
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
t.Log(string(data))
}
}()
So(found, ShouldBeTrue)
So(err, ShouldBeNil)
found, err = readLogFileAndSearchString(logPath, "updating the CVE database", readLogFileTimeout)
So(found, ShouldBeTrue)
So(err, ShouldBeNil)
substring = "CVE update interval set to too-short interval < 2h, changing update duration to 2 hours and continuing." //nolint:lll // gofumpt conflicts with lll
found, err = readLogFileAndSearchString(logPath, substring, readLogFileTimeout)
So(found, ShouldBeTrue)
So(err, ShouldBeNil)
})
}
@@ -729,6 +742,13 @@ func TestServeSearchEnabledNoCVE(t *testing.T) {
substring := `"Extensions":{"Search":{"Enable":true,"CVE":null}` //nolint:lll // gofumpt conflicts with lll
found, err := readLogFileAndSearchString(logPath, substring, readLogFileTimeout)
if !found {
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
t.Log(string(data))
}
So(found, ShouldBeTrue)
So(err, ShouldBeNil)
})