Skip to content

Commit 7882776

Browse files
afdeskafdesk
authored
fix(k8s): skip resources without misconfigs (#7797)
1 parent f2bb9c6 commit 7882776

File tree

2 files changed

+43
-1
lines changed

2 files changed

+43
-1
lines changed

pkg/k8s/report/report.go

+10-1
Original file line numberDiff line numberDiff line change
@@ -90,8 +90,13 @@ func (r Report) consolidate() ConsolidatedReport {
9090
for _, m := range r.Resources {
9191
if vulnerabilitiesOrSecretResource(m) {
9292
vulnerabilities = append(vulnerabilities, m)
93-
} else {
93+
}
94+
if misconfigsResource(m) {
95+
res, ok := index[m.fullname()]
9496
index[m.fullname()] = m
97+
if ok {
98+
index[m.fullname()].Results[0].Misconfigurations = append(index[m.fullname()].Results[0].Misconfigurations, res.Results[0].Misconfigurations...)
99+
}
95100
}
96101
}
97102

@@ -278,6 +283,10 @@ func vulnerabilitiesOrSecretResource(resource Resource) bool {
278283
return len(resource.Results) > 0 && (len(resource.Results[0].Vulnerabilities) > 0 || len(resource.Results[0].Secrets) > 0)
279284
}
280285

286+
func misconfigsResource(resource Resource) bool {
287+
return len(resource.Results) > 0 && len(resource.Results[0].Misconfigurations) > 0
288+
}
289+
281290
func nodeKind(resource Resource) Resource {
282291
if nodeInfoResource(resource) {
283292
resource.Kind = "Node"

pkg/k8s/report/report_test.go

+33
Original file line numberDiff line numberDiff line change
@@ -119,6 +119,23 @@ var (
119119
},
120120
}
121121

122+
orionDeployWithAnotherMisconfig = Resource{
123+
Namespace: "default",
124+
Kind: "Deploy",
125+
Name: "orion",
126+
Results: types.Results{
127+
{
128+
Misconfigurations: []types.DetectedMisconfiguration{
129+
{
130+
ID: "ID201",
131+
Status: types.MisconfStatusFailure,
132+
Severity: "HIGH",
133+
},
134+
},
135+
},
136+
},
137+
}
138+
122139
image1WithVulns = Resource{
123140
Namespace: "default",
124141
Kind: "Pod",
@@ -424,6 +441,10 @@ var (
424441
)
425442

426443
func TestReport_consolidate(t *testing.T) {
444+
concatenatedResource := orionDeployWithAnotherMisconfig
445+
concatenatedResource.Results[0].Misconfigurations = append(concatenatedResource.Results[0].Misconfigurations,
446+
deployOrionWithMisconfigs.Results[0].Misconfigurations...)
447+
427448
tests := []struct {
428449
name string
429450
report Report
@@ -471,6 +492,18 @@ func TestReport_consolidate(t *testing.T) {
471492
"default/cronjob/hello": cronjobHelloWithVulns,
472493
},
473494
},
495+
{
496+
name: "report with misconfigs in image and pod",
497+
report: Report{
498+
Resources: []Resource{
499+
deployOrionWithMisconfigs,
500+
orionDeployWithAnotherMisconfig,
501+
},
502+
},
503+
expectedFindings: map[string]Resource{
504+
"default/deploy/orion": concatenatedResource,
505+
},
506+
},
474507
{
475508
name: "report with multi image pod containing vulnerabilities",
476509
report: Report{

0 commit comments

Comments
 (0)