From f4502135edf450fa8926f47648ce3db7c26a4d1e Mon Sep 17 00:00:00 2001 From: i050994 Date: Mon, 7 Oct 2024 13:35:04 +0200 Subject: [PATCH 1/2] Fix influx counter for whitesource --- cmd/whitesourceExecuteScan.go | 6 +++--- cmd/whitesourceExecuteScan_test.go | 9 +++++++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/cmd/whitesourceExecuteScan.go b/cmd/whitesourceExecuteScan.go index c4cb0137fd..51fef102f6 100644 --- a/cmd/whitesourceExecuteScan.go +++ b/cmd/whitesourceExecuteScan.go @@ -897,9 +897,9 @@ func checkProjectSecurityViolations(config *ScanOptions, cvssSeverityLimit float } severeVulnerabilities, nonSevereVulnerabilities := ws.CountSecurityVulnerabilities(&alerts, cvssSeverityLimit) - influx.whitesource_data.fields.minor_vulnerabilities = nonSevereVulnerabilities - influx.whitesource_data.fields.major_vulnerabilities = severeVulnerabilities - influx.whitesource_data.fields.vulnerabilities = nonSevereVulnerabilities + severeVulnerabilities + influx.whitesource_data.fields.minor_vulnerabilities += nonSevereVulnerabilities + influx.whitesource_data.fields.major_vulnerabilities += severeVulnerabilities + influx.whitesource_data.fields.vulnerabilities += (nonSevereVulnerabilities + severeVulnerabilities) if nonSevereVulnerabilities > 0 { log.Entry().Warnf("WARNING: %v Open Source Software Security vulnerabilities with "+ "CVSS score below threshold %.1f detected in project %s.", nonSevereVulnerabilities, diff --git a/cmd/whitesourceExecuteScan_test.go b/cmd/whitesourceExecuteScan_test.go index 5482a03357..b485a1bafe 100644 --- a/cmd/whitesourceExecuteScan_test.go +++ b/cmd/whitesourceExecuteScan_test.go @@ -729,6 +729,9 @@ func TestCheckProjectSecurityViolations(t *testing.T) { assert.Equal(t, 0, severeVulnerabilities) assert.Equal(t, 0, len(alerts)) assert.Equal(t, 0, len(assessedAlerts)) + assert.Equal(t, 0, influx.whitesource_data.fields.minor_vulnerabilities) + assert.Equal(t, 0, influx.whitesource_data.fields.major_vulnerabilities) + assert.Equal(t, 0, influx.whitesource_data.fields.vulnerabilities) }) t.Run("error - some vulnerabilities", func(t *testing.T) { @@ -744,6 +747,9 @@ func TestCheckProjectSecurityViolations(t *testing.T) { assert.Equal(t, 1, severeVulnerabilities) assert.Equal(t, 2, len(alerts)) assert.Equal(t, 0, len(assessedAlerts)) + assert.Equal(t, 1, influx.whitesource_data.fields.minor_vulnerabilities) + assert.Equal(t, 1, influx.whitesource_data.fields.major_vulnerabilities) + assert.Equal(t, 2, influx.whitesource_data.fields.vulnerabilities) }) t.Run("success - assessed vulnerabilities", func(t *testing.T) { @@ -759,6 +765,9 @@ func TestCheckProjectSecurityViolations(t *testing.T) { assert.Equal(t, 0, severeVulnerabilities) assert.Equal(t, 0, len(alerts)) assert.Equal(t, 2, len(assessedAlerts)) + assert.Equal(t, 0, influx.whitesource_data.fields.minor_vulnerabilities) + assert.Equal(t, 0, influx.whitesource_data.fields.major_vulnerabilities) + assert.Equal(t, 0, influx.whitesource_data.fields.vulnerabilities) }) t.Run("error - WhiteSource failure", func(t *testing.T) { From 3f907c6a39fb3823a7bdb943714657427d1394f9 Mon Sep 17 00:00:00 2001 From: i050994 Date: Thu, 28 Nov 2024 11:11:38 +0100 Subject: [PATCH 2/2] Add log --- cmd/whitesourceExecuteScan.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cmd/whitesourceExecuteScan.go b/cmd/whitesourceExecuteScan.go index 51fef102f6..b371f56e96 100644 --- a/cmd/whitesourceExecuteScan.go +++ b/cmd/whitesourceExecuteScan.go @@ -767,6 +767,7 @@ func collectVulnsAndLibsForProject( if err != nil { errorsOccurred = append(errorsOccurred, fmt.Sprint(err)) } + log.Entry().Infof("Current influx data : minor_vulnerabilities = %v / major_vulnerabilities = %v / vulnerabilities = %v", influx.whitesource_data.fields.minor_vulnerabilities, influx.whitesource_data.fields.major_vulnerabilities, influx.whitesource_data.fields.vulnerabilities) // collect all libraries detected in all related projects and errors libraries, err := sys.GetProjectHierarchy(project.Token, true) @@ -900,6 +901,8 @@ func checkProjectSecurityViolations(config *ScanOptions, cvssSeverityLimit float influx.whitesource_data.fields.minor_vulnerabilities += nonSevereVulnerabilities influx.whitesource_data.fields.major_vulnerabilities += severeVulnerabilities influx.whitesource_data.fields.vulnerabilities += (nonSevereVulnerabilities + severeVulnerabilities) + log.Entry().Infof("Current influx data : minor_vulnerabilities = %v / major_vulnerabilities = %v / vulnerabilities = %v", influx.whitesource_data.fields.minor_vulnerabilities, influx.whitesource_data.fields.major_vulnerabilities, influx.whitesource_data.fields.vulnerabilities) + if nonSevereVulnerabilities > 0 { log.Entry().Warnf("WARNING: %v Open Source Software Security vulnerabilities with "+ "CVSS score below threshold %.1f detected in project %s.", nonSevereVulnerabilities, @@ -910,11 +913,11 @@ func checkProjectSecurityViolations(config *ScanOptions, cvssSeverityLimit float } // https://github.com/SAP/jenkins-library/blob/master/vars/whitesourceExecuteScan.groovy#L558 if severeVulnerabilities > 0 { + log.Entry().Infof("%v Open Source Software Security vulnerabilities with CVSS score greater or equal to %.1f detected in project %s", severeVulnerabilities, cvssSeverityLimit, project.Name) if config.FailOnSevereVulnerabilities { log.SetErrorCategory(log.ErrorCompliance) return severeVulnerabilities, alerts, assessedAlerts, fmt.Errorf("%v Open Source Software Security vulnerabilities with CVSS score greater or equal to %.1f detected in project %s", severeVulnerabilities, cvssSeverityLimit, project.Name) } - log.Entry().Infof("%v Open Source Software Security vulnerabilities with CVSS score greater or equal to %.1f detected in project %s", severeVulnerabilities, cvssSeverityLimit, project.Name) log.Entry().Info("Step will only create data but not fail due to setting failOnSevereVulnerabilities: false") return severeVulnerabilities, alerts, assessedAlerts, nil }