Skip to content

Commit

Permalink
feat(sca): Added fix details to junitxml (#3456)
Browse files Browse the repository at this point in the history 
* added fix details to junitxml

* removed 2nd link detail reference

* Changed text output expectation

* Adjustment to test output

* Update checkov/common/output/report.py

Co-authored-by: Anton Grübel <[email protected]>

* minor changes to testing

Co-authored-by: Anton Grübel <[email protected]>
  • Loading branch information
@eurogig @gruebel
eurogig and gruebel authored Sep 2, 2022
1 parent be12d75 commit a57f401
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 0 deletions.
11 changes: 11 additions & 0 deletions checkov/common/output/report.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -462,6 +462,14 @@ def _create_test_case_failure_output(self, record: Record) -> str:

if self.check_type == CheckType.SCA_PACKAGE:
if record.vulnerability_details:
lowest_fixed_version = record.vulnerability_details.get('lowest_fixed_version')
if lowest_fixed_version is not None:
fix = lowest_fixed_version
else:
fixlist = record.vulnerability_details.get('fixed_versions')
if fixlist is not None:
fix = fixlist

failure_output.extend(
[
"",
Expand All @@ -471,6 +479,9 @@ def _create_test_case_failure_output(self, record: Record) -> str:
f"Base Score: {record.vulnerability_details.get('cvss')}",
f"Vector: {record.vulnerability_details.get('vector')}",
f"Risk Factors: {record.vulnerability_details.get('risk_factors')}",
"Fix Details:",
f" Status: {record.vulnerability_details.get('status')}",
f" Fixed Version: {fix}",
]
)
else:
Expand Down
21 changes: 21 additions & 0 deletions tests/sca_package/test_output_reports.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -418,6 +418,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result):
"Base Score: 9.8\n",
"Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n",
"Risk Factors: ['Attack complexity: low', 'Attack vector: network', 'Critical severity', 'Has fix']\n",
"Fix Details:\n",
" Status: fixed in 3.0.1, 2.2.9, 1.11.27\n",
" Fixed Version: 1.11.27\n",
"\n",
"Resource: path/to/requirements.txt.django\n",
"File: /path/to/requirements.txt: 0-0\n",
Expand All @@ -432,6 +435,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result):
"Base Score: 6.1\n",
"Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\n",
"Risk Factors: ['Attack complexity: low', 'Attack vector: network', 'Exploit exists', 'Has fix', 'Medium severity']\n",
"Fix Details:\n"
" Status: fixed in 1.9.8, 1.8.14\n",
" Fixed Version: 1.8.14\n",
"\n",
"Resource: path/to/requirements.txt.django\n",
"File: /path/to/requirements.txt: 0-0\n",
Expand All @@ -446,6 +452,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result):
"Base Score: 7.5\n",
"Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\n",
"Risk Factors: ['High severity', 'Attack complexity: low', 'Attack vector: network', 'Has fix']\n",
"Fix Details:\n",
" Status: fixed in 1.9.10, 1.8.15\n",
" Fixed Version: 1.8.15\n",
"\n",
"Resource: path/to/requirements.txt.django\n",
"File: /path/to/requirements.txt: 0-0\n",
Expand All @@ -460,6 +469,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result):
"Base Score: 4.9\n",
"Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\n",
"Risk Factors: ['Attack complexity: low', 'Attack vector: network', 'Has fix', 'Medium severity', 'Recent vulnerability']\n",
"Fix Details:\n"
" Status: fixed in 3.2.4, 3.1.12, 2.2.24\n",
" Fixed Version: 2.2.24\n",
"\n",
"Resource: path/to/requirements.txt.django\n",
"File: /path/to/requirements.txt: 0-0\n",
Expand All @@ -474,6 +486,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result):
"Base Score: 7.5\n",
"Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n",
"Risk Factors: ['Attack complexity: low', 'Attack vector: network', 'DoS', 'Has fix', 'High severity']\n",
"Fix Details:\n"
" Status: fixed in 1.0\n",
" Fixed Version: 1.0\n",
"\n",
"Resource: path/to/requirements.txt.flask\n",
"File: /path/to/requirements.txt: 0-0\n",
Expand All @@ -488,6 +503,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result):
"Base Score: 7.5\n",
"Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n",
"Risk Factors: ['Attack complexity: low', 'Attack vector: network', 'DoS', 'Has fix', 'High severity']\n",
"Fix Details:\n"
" Status: fixed in 0.12.3\n"
" Fixed Version: 0.12.3\n"
"\n",
"Resource: path/to/requirements.txt.flask\n",
"File: /path/to/requirements.txt: 0-0\n",
Expand All @@ -502,6 +520,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result):
"Base Score: 7.7\n",
"Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\n",
"Risk Factors: ['High severity', 'Attack complexity: low', 'Attack vector: network', 'Has fix']\n",
"Fix Details:\n"
" Status: fixed in v4.0.0-preview1\n",
" Fixed Version: 4.0.0rc1\n",
"\n",
"Resource: path/to/go.sum.github.com/dgrijalva/jwt-go\n",
"File: /path/to/go.sum: 0-0\n",
Expand Down

0 comments on commit a57f401

Please sign in to comment.