t

netceteragroup · Aug 2, 2024 · 9080326 · 9080326
1 parent c903850
commit 9080326
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 20 deletions.
diff --git a/dojo/tools/trivy_operator/checks_handler.py b/dojo/tools/trivy_operator/checks_handler.py
@@ -17,7 +17,7 @@
 
 
 class TrivyChecksHandler:
-    def handle_checks(self, endpoint, service, checks, test):
+    def handle_checks(self, endpoints, service, checks, test):
         findings = []
         for check in checks:
             check_title = check.get("title")
@@ -62,6 +62,6 @@ def handle_checks(self, endpoint, service, checks, test):
             )
             if check_id:
                 finding.unsaved_vulnerability_ids = [check_id]
-            finding.unsaved_endpoints.append(endpoint)
+            finding.unsaved_endpoints.append(endpoints)
             findings.append(finding)
         return findings
diff --git a/dojo/tools/trivy_operator/parser.py b/dojo/tools/trivy_operator/parser.py
@@ -61,34 +61,39 @@ def handle_resource(self, data, test):
             resource_name = labels.get("trivy-operator.resource.name", "")
             container_name = labels.get("trivy-operator.container.name", "")
 
-            affected_artifact = "unknown_artifact"
+            endpoints = []
+            endpoints += Endpoint(
+                host=resource_namespace,
+                path=f"{resource_kind}/{resource_name}/{container_name}"
+            )
+
             if report.get("registry"):
-                registry = report.get("registry").get("server", "unknown_registry")
                 if report.get("artifact"):
+                    registry = report.get("registry").get("server", "unknown_registry")
                     artifact = report.get("artifact")
                     repository = artifact.get("repository", "unknown_repo")
                     tag = artifact.get("tag", "unknown_tag")
-                    # having tag after colon as 'host' property of Endpoint
-                    # makes an endpoint broken. however, there is no better
-                    # option at the moment to keep the information.
-                    affected_artifact = f"{registry}/{repository}:{tag}"
-
-            endpoint = Endpoint(
-                host=affected_artifact,
-                path=f"{resource_namespace}/{resource_kind}/{resource_name}/{container_name}"
-            )
+                    # having full path to an image (forward slashes) and a tag
+                    # after colon as 'host' property of Endpoint makes an
+                    # endpoint broken, although, this is a desired value. Thus,
+                    # we abuse 'path' field for that.
+                    artifact_name = repository.split("/")[-1]
+                    endpoints += Endpoint(
+                        host=f"{artifact_name}",
+                        path=f"{registry}/{repository}:{tag}"
+                    )
 
             service = ""
 
             vulnerabilities = report.get("vulnerabilities", None)
             if vulnerabilities is not None:
-                findings += TrivyVulnerabilityHandler().handle_vulns(endpoint, service, vulnerabilities, test)
+                findings += TrivyVulnerabilityHandler().handle_vulns(endpoints, service, vulnerabilities, test)
             checks = report.get("checks", None)
             if checks is not None:
-                findings += TrivyChecksHandler().handle_checks(endpoint, service, checks, test)
+                findings += TrivyChecksHandler().handle_checks(endpoints, service, checks, test)
             secrets = report.get("secrets", None)
             if secrets is not None:
-                findings += TrivySecretsHandler().handle_secrets(endpoint, service, secrets, test)
+                findings += TrivySecretsHandler().handle_secrets(endpoints, service, secrets, test)
         elif benchmarkreport is not None:
             findings += TrivyComplianceHandler().handle_compliance(benchmarkreport, test)
         return findings
diff --git a/dojo/tools/trivy_operator/secrets_handler.py b/dojo/tools/trivy_operator/secrets_handler.py
@@ -15,7 +15,7 @@
 
 
 class TrivySecretsHandler:
-    def handle_secrets(self, endpoint, service, secrets, test):
+    def handle_secrets(self, endpoints, service, secrets, test):
         findings = []
         for secret in secrets:
             secret_title = secret.get("title")
@@ -45,6 +45,6 @@ def handle_secrets(self, endpoint, service, secrets, test):
             )
             if secret_rule_id:
                 finding.unsaved_vulnerability_ids = [secret_rule_id]
-            finding.unsaved_endpoints.append(endpoint)
+            finding.unsaved_endpoints.append(endpoints)
             findings.append(finding)
         return findings
diff --git a/dojo/tools/trivy_operator/vulnerability_handler.py b/dojo/tools/trivy_operator/vulnerability_handler.py
@@ -17,7 +17,7 @@
 
 
 class TrivyVulnerabilityHandler:
-    def handle_vulns(self, endpoint, service, vulnerabilities, test):
+    def handle_vulns(self, endpoints, service, vulnerabilities, test):
         findings = []
         for vulnerability in vulnerabilities:
             vuln_id = vulnerability.get("vulnerabilityID", "0")
@@ -87,6 +87,6 @@ def handle_vulns(self, endpoint, service, vulnerabilities, test):
             )
             if vuln_id:
                 finding.unsaved_vulnerability_ids = [vuln_id]
-            finding.unsaved_endpoints.append(endpoint)
+            finding.unsaved_endpoints.append(endpoints)
             findings.append(finding)
         return findings