Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(sca): Added fix details to junitxml #3456

Merged
merged 7 commits into from
Sep 2, 2022
Merged

feat(sca): Added fix details to junitxml #3456

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
e59e875
added fix details to junitxml
eurogig Sep 2, 2022
ee77685
removed 2nd link detail reference
eurogig Sep 2, 2022
e1df080
Changed text output expectation
eurogig Sep 2, 2022
db5c88c
Adjustment to test output
eurogig Sep 2, 2022
b7ac9b3
Update checkov/common/output/report.py
eurogig Sep 2, 2022
4b93f48
minor changes to testing
eurogig Sep 2, 2022
b250b3f
Merge branch 'fixedversionjunitxml' of https://github.com/eurogig/che…
eurogig Sep 2, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions checkov/common/output/report.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -462,6 +462,14 @@ def _create_test_case_failure_output(self, record: Record) -> str:

if self.check_type == CheckType.SCA_PACKAGE:
if record.vulnerability_details:
lowest_fixed_version = record.vulnerability_details.get('lowest_fixed_version')
if lowest_fixed_version is not None:
fix = lowest_fixed_version
else:
fixlist = record.vulnerability_details.get('fixed_versions')
if fixlist is not None:
fix = fixlist

failure_output.extend(
[
"",
Expand All @@ -471,6 +479,9 @@ def _create_test_case_failure_output(self, record: Record) -> str:
f"Base Score: {record.vulnerability_details.get('cvss')}",
f"Vector: {record.vulnerability_details.get('vector')}",
f"Risk Factors: {record.vulnerability_details.get('risk_factors')}",
"Fix Details:",
f" Status: {record.vulnerability_details.get('status')}",
f" Fixed Version: {fix}",
]
)
else:
Expand Down
21 changes: 21 additions & 0 deletions tests/sca_package/test_output_reports.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -418,6 +418,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result):
"Base Score: 9.8\n",
"Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n",
"Risk Factors: ['Attack complexity: low', 'Attack vector: network', 'Critical severity', 'Has fix']\n",
"Fix Details:\n",
" Status: fixed in 3.0.1, 2.2.9, 1.11.27\n",
" Fixed Version: 1.11.27\n",
"\n",
"Resource: path/to/requirements.txt.django\n",
"File: /path/to/requirements.txt: 0-0\n",
Expand All @@ -432,6 +435,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result):
"Base Score: 6.1\n",
"Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\n",
"Risk Factors: ['Attack complexity: low', 'Attack vector: network', 'Exploit exists', 'Has fix', 'Medium severity']\n",
"Fix Details:\n"
" Status: fixed in 1.9.8, 1.8.14\n",
" Fixed Version: 1.8.14\n",
"\n",
"Resource: path/to/requirements.txt.django\n",
"File: /path/to/requirements.txt: 0-0\n",
Expand All @@ -446,6 +452,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result):
"Base Score: 7.5\n",
"Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\n",
"Risk Factors: ['High severity', 'Attack complexity: low', 'Attack vector: network', 'Has fix']\n",
"Fix Details:\n",
" Status: fixed in 1.9.10, 1.8.15\n",
" Fixed Version: 1.8.15\n",
"\n",
"Resource: path/to/requirements.txt.django\n",
"File: /path/to/requirements.txt: 0-0\n",
Expand All @@ -460,6 +469,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result):
"Base Score: 4.9\n",
"Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\n",
"Risk Factors: ['Attack complexity: low', 'Attack vector: network', 'Has fix', 'Medium severity', 'Recent vulnerability']\n",
"Fix Details:\n"
" Status: fixed in 3.2.4, 3.1.12, 2.2.24\n",
" Fixed Version: 2.2.24\n",
"\n",
"Resource: path/to/requirements.txt.django\n",
"File: /path/to/requirements.txt: 0-0\n",
Expand All @@ -474,6 +486,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result):
"Base Score: 7.5\n",
"Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n",
"Risk Factors: ['Attack complexity: low', 'Attack vector: network', 'DoS', 'Has fix', 'High severity']\n",
"Fix Details:\n"
" Status: fixed in 1.0\n",
" Fixed Version: 1.0\n",
"\n",
"Resource: path/to/requirements.txt.flask\n",
"File: /path/to/requirements.txt: 0-0\n",
Expand All @@ -488,6 +503,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result):
"Base Score: 7.5\n",
"Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n",
"Risk Factors: ['Attack complexity: low', 'Attack vector: network', 'DoS', 'Has fix', 'High severity']\n",
"Fix Details:\n"
" Status: fixed in 0.12.3\n"
" Fixed Version: 0.12.3\n"
"\n",
"Resource: path/to/requirements.txt.flask\n",
"File: /path/to/requirements.txt: 0-0\n",
Expand All @@ -502,6 +520,9 @@ def test_get_junit_xml_string(mocker: MockerFixture, scan_result):
"Base Score: 7.7\n",
"Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\n",
"Risk Factors: ['High severity', 'Attack complexity: low', 'Attack vector: network', 'Has fix']\n",
"Fix Details:\n"
" Status: fixed in v4.0.0-preview1\n",
" Fixed Version: 4.0.0rc1\n",
"\n",
"Resource: path/to/go.sum.github.com/dgrijalva/jwt-go\n",
"File: /path/to/go.sum: 0-0\n",
Expand Down