From 52019fd9d5e044e4eafbd44e51d4a7921e3e2fda Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Mon, 4 Nov 2024 17:30:25 +0100 Subject: [PATCH 01/18] :tada: Uniform Trivy Operator K8s vulnids --- dojo/settings/.settings.dist.py.sha256sum | 2 +- dojo/settings/settings.dist.py | 2 ++ dojo/templatetags/display_tags.py | 2 ++ dojo/tools/trivy_operator/checks_handler.py | 3 ++- .../tools/trivy_operator/compliance_handler.py | 3 ++- dojo/tools/trivy_operator/secrets_handler.py | 3 ++- dojo/tools/trivy_operator/uniform_vulnid.py | 18 ++++++++++++++++++ .../trivy_operator/vulnerability_handler.py | 3 ++- 8 files changed, 31 insertions(+), 5 deletions(-) create mode 100644 dojo/tools/trivy_operator/uniform_vulnid.py diff --git a/dojo/settings/.settings.dist.py.sha256sum b/dojo/settings/.settings.dist.py.sha256sum index 010373c985..ebdc0f81da 100644 --- a/dojo/settings/.settings.dist.py.sha256sum +++ b/dojo/settings/.settings.dist.py.sha256sum @@ -1 +1 @@ -fcc15cb97df6ff9ef6752a1fe498502126174285e37d67640a6cc7a83314d951 +ca83dd01d1e9f651155ecfdc9ca254cd8736916d5fb0221568cfd9e63d6858fc diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index cfeacb9a41..2434bf2f4a 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1738,6 +1738,8 @@ def saml2_attrib_map_format(dict): "ELSA": "https://linux.oracle.com/errata/&&.html", # e.g. https://linux.oracle.com/errata/ELSA-2024-12714.html "ELBA": "https://linux.oracle.com/errata/&&.html", # e.g. https://linux.oracle.com/errata/ELBA-2024-7457.html "RXSA": "https://errata.rockylinux.org/", # e.g. https://errata.rockylinux.org/RXSA-2024:4928 + "AVD": "https://avd.aquasec.com/misconfig/", # e.g. https://avd.aquasec.com/misconfig/avd-ksv-01010 + "KHV": "https://avd.aquasec.com/misconfig/kubernetes/", # e.g. https://avd.aquasec.com/misconfig/kubernetes/khv045 } # List of acceptable file types that can be uploaded to a given object via arbitrary file upload FILE_UPLOAD_TYPES = env("DD_FILE_UPLOAD_TYPES") diff --git a/dojo/templatetags/display_tags.py b/dojo/templatetags/display_tags.py index 7b634febf6..d07f3ab4cf 100644 --- a/dojo/templatetags/display_tags.py +++ b/dojo/templatetags/display_tags.py @@ -782,6 +782,8 @@ def vulnerability_url(vulnerability_id): if vulnerability_id.upper().startswith(key): if "&&" in settings.VULNERABILITY_URLS[key]: return settings.VULNERABILITY_URLS[key].split("&&")[0] + str(vulnerability_id) + settings.VULNERABILITY_URLS[key].split("&&")[1] + if key in ["AVD", "KHV"]: + return settings.VULNERABILITY_URLS[key] + str(vulnerability_id.lower()) return settings.VULNERABILITY_URLS[key] + str(vulnerability_id) return "" diff --git a/dojo/tools/trivy_operator/checks_handler.py b/dojo/tools/trivy_operator/checks_handler.py index c42eef0fa8..ecdb70ffca 100644 --- a/dojo/tools/trivy_operator/checks_handler.py +++ b/dojo/tools/trivy_operator/checks_handler.py @@ -1,4 +1,5 @@ from dojo.models import Finding +from dojo.tools.trivy_operator.uniform_vulnid import UniformTrivyVulnID TRIVY_SEVERITIES = { "CRITICAL": "Critical", @@ -47,6 +48,6 @@ def handle_checks(self, labels, checks, test): tags=[resource_namespace], ) if check_id: - finding.unsaved_vulnerability_ids = [check_id] + finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(check_id, test)] findings.append(finding) return findings diff --git a/dojo/tools/trivy_operator/compliance_handler.py b/dojo/tools/trivy_operator/compliance_handler.py index 9e27c56ddf..080c339f40 100644 --- a/dojo/tools/trivy_operator/compliance_handler.py +++ b/dojo/tools/trivy_operator/compliance_handler.py @@ -1,4 +1,5 @@ from dojo.models import Finding +from dojo.tools.trivy_operator.uniform_vulnid import UniformTrivyVulnID TRIVY_SEVERITIES = { "CRITICAL": "Critical", @@ -54,6 +55,6 @@ def handle_compliance(self, benchmarkreport, test): dynamic_finding=True, ) if check_checkID: - finding.unsaved_vulnerability_ids = [check_checkID] + finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(check_checkID, test)] findings.append(finding) return findings diff --git a/dojo/tools/trivy_operator/secrets_handler.py b/dojo/tools/trivy_operator/secrets_handler.py index a00c894a03..ef8e721621 100644 --- a/dojo/tools/trivy_operator/secrets_handler.py +++ b/dojo/tools/trivy_operator/secrets_handler.py @@ -1,4 +1,5 @@ from dojo.models import Finding +from dojo.tools.trivy_operator.uniform_vulnid import UniformTrivyVulnID TRIVY_SEVERITIES = { "CRITICAL": "Critical", @@ -55,6 +56,6 @@ def handle_secrets(self, labels, secrets, test): tags=[resource_namespace], ) if secret_rule_id: - finding.unsaved_vulnerability_ids = [secret_rule_id] + finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(secret_rule_id, test)] findings.append(finding) return findings diff --git a/dojo/tools/trivy_operator/uniform_vulnid.py b/dojo/tools/trivy_operator/uniform_vulnid.py new file mode 100644 index 0000000000..6d775ee40b --- /dev/null +++ b/dojo/tools/trivy_operator/uniform_vulnid.py @@ -0,0 +1,18 @@ +import re + + +class UniformTrivyVulnID: + def return_uniformed_vulnid(self, vulnid, test): + if "cve" in vulnid.lower(): + return vulnid + if "khv" in vulnid.lower(): + temp = re.compile("([a-zA-Z-_]+)([0-9]+)") + number = str(temp.match(vulnid).groups()[1]).zfill(3) + avd_category = str(temp.match(vulnid.lower()).groups()[0]) + uniformed_vuln_id = avd_category.upper() + number + else: + temp = re.compile("([a-zA-Z-_]+)([0-9]+)") + number = str(temp.match(vulnid).groups()[1]).zfill(4) + avd_category = str(temp.match(vulnid.lower().replace("_", "").replace("-", "")).groups()[0].replace("avd", "")) + uniformed_vuln_id = "AVD-" + avd_category.upper() + "-" + number + return uniformed_vuln_id diff --git a/dojo/tools/trivy_operator/vulnerability_handler.py b/dojo/tools/trivy_operator/vulnerability_handler.py index a5a26e1288..ffafa31abf 100644 --- a/dojo/tools/trivy_operator/vulnerability_handler.py +++ b/dojo/tools/trivy_operator/vulnerability_handler.py @@ -1,4 +1,5 @@ from dojo.models import Finding +from dojo.tools.trivy_operator.uniform_vulnid import UniformTrivyVulnID DESCRIPTION_TEMPLATE = """{title} **Fixed version:** {fixed_version} @@ -85,6 +86,6 @@ def handle_vulns(self, labels, vulnerabilities, test): tags=finding_tags, ) if vuln_id: - finding.unsaved_vulnerability_ids = [vuln_id] + finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(vuln_id, test)] findings.append(finding) return findings From 0a2438c143ed5baef2faa8d0a6f483b29db5e914 Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Mon, 4 Nov 2024 17:33:34 +0100 Subject: [PATCH 02/18] sha sum --- dojo/settings/.settings.dist.py.sha256sum | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/settings/.settings.dist.py.sha256sum b/dojo/settings/.settings.dist.py.sha256sum index ebdc0f81da..bf1f1f1af2 100644 --- a/dojo/settings/.settings.dist.py.sha256sum +++ b/dojo/settings/.settings.dist.py.sha256sum @@ -1 +1 @@ -ca83dd01d1e9f651155ecfdc9ca254cd8736916d5fb0221568cfd9e63d6858fc +d1f567235384130c55f62ec11a02e275a8185b9cd3cf683c6a9c3e89936f9bb7 From 3b1870809eec22a40cf6c54f30b1730f4237f76c Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Mon, 4 Nov 2024 17:50:18 +0100 Subject: [PATCH 03/18] sha sum --- dojo/settings/.settings.dist.py.sha256sum | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/settings/.settings.dist.py.sha256sum b/dojo/settings/.settings.dist.py.sha256sum index 2347c09dca..bf1f1f1af2 100644 --- a/dojo/settings/.settings.dist.py.sha256sum +++ b/dojo/settings/.settings.dist.py.sha256sum @@ -1 +1 @@ -39cdd5dfe53499bfe201d3e5a0f55b20514272235e86db7d5238f2663b79f946 +d1f567235384130c55f62ec11a02e275a8185b9cd3cf683c6a9c3e89936f9bb7 From 96b635360bbe4e835b0343fe59b105da3eb6c62e Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Mon, 4 Nov 2024 17:54:22 +0100 Subject: [PATCH 04/18] bug fix --- dojo/tools/trivy_operator/uniform_vulnid.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/dojo/tools/trivy_operator/uniform_vulnid.py b/dojo/tools/trivy_operator/uniform_vulnid.py index 6d775ee40b..43024f92ab 100644 --- a/dojo/tools/trivy_operator/uniform_vulnid.py +++ b/dojo/tools/trivy_operator/uniform_vulnid.py @@ -3,9 +3,11 @@ class UniformTrivyVulnID: def return_uniformed_vulnid(self, vulnid, test): - if "cve" in vulnid.lower(): + if vulnid is None: return vulnid - if "khv" in vulnid.lower(): + elif "cve" in vulnid.lower(): + return vulnid + elif "khv" in vulnid.lower(): temp = re.compile("([a-zA-Z-_]+)([0-9]+)") number = str(temp.match(vulnid).groups()[1]).zfill(3) avd_category = str(temp.match(vulnid.lower()).groups()[0]) From 73622c7eea1696690ae9a8fd16e7fd01b740237d Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Mon, 4 Nov 2024 17:55:51 +0100 Subject: [PATCH 05/18] ruff --- dojo/tools/trivy_operator/uniform_vulnid.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dojo/tools/trivy_operator/uniform_vulnid.py b/dojo/tools/trivy_operator/uniform_vulnid.py index 43024f92ab..8f3625cf72 100644 --- a/dojo/tools/trivy_operator/uniform_vulnid.py +++ b/dojo/tools/trivy_operator/uniform_vulnid.py @@ -5,9 +5,9 @@ class UniformTrivyVulnID: def return_uniformed_vulnid(self, vulnid, test): if vulnid is None: return vulnid - elif "cve" in vulnid.lower(): + if "cve" in vulnid.lower(): return vulnid - elif "khv" in vulnid.lower(): + if "khv" in vulnid.lower(): temp = re.compile("([a-zA-Z-_]+)([0-9]+)") number = str(temp.match(vulnid).groups()[1]).zfill(3) avd_category = str(temp.match(vulnid.lower()).groups()[0]) From f23949b0c1863771c81008537d2f60ba1dad8f4e Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Mon, 4 Nov 2024 18:12:06 +0100 Subject: [PATCH 06/18] fix secretshandler --- dojo/tools/trivy_operator/secrets_handler.py | 3 +-- dojo/tools/trivy_operator/uniform_vulnid.py | 2 ++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/dojo/tools/trivy_operator/secrets_handler.py b/dojo/tools/trivy_operator/secrets_handler.py index ef8e721621..a00c894a03 100644 --- a/dojo/tools/trivy_operator/secrets_handler.py +++ b/dojo/tools/trivy_operator/secrets_handler.py @@ -1,5 +1,4 @@ from dojo.models import Finding -from dojo.tools.trivy_operator.uniform_vulnid import UniformTrivyVulnID TRIVY_SEVERITIES = { "CRITICAL": "Critical", @@ -56,6 +55,6 @@ def handle_secrets(self, labels, secrets, test): tags=[resource_namespace], ) if secret_rule_id: - finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(secret_rule_id, test)] + finding.unsaved_vulnerability_ids = [secret_rule_id] findings.append(finding) return findings diff --git a/dojo/tools/trivy_operator/uniform_vulnid.py b/dojo/tools/trivy_operator/uniform_vulnid.py index 8f3625cf72..0ca60b6397 100644 --- a/dojo/tools/trivy_operator/uniform_vulnid.py +++ b/dojo/tools/trivy_operator/uniform_vulnid.py @@ -14,6 +14,8 @@ def return_uniformed_vulnid(self, vulnid, test): uniformed_vuln_id = avd_category.upper() + number else: temp = re.compile("([a-zA-Z-_]+)([0-9]+)") + print(vulnid) + print("===============================") number = str(temp.match(vulnid).groups()[1]).zfill(4) avd_category = str(temp.match(vulnid.lower().replace("_", "").replace("-", "")).groups()[0].replace("avd", "")) uniformed_vuln_id = "AVD-" + avd_category.upper() + "-" + number From 0d7fba267909027b8030898c1a93afd8d4bd8c5a Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Mon, 4 Nov 2024 18:14:54 +0100 Subject: [PATCH 07/18] sha sum --- dojo/settings/.settings.dist.py.sha256sum | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/settings/.settings.dist.py.sha256sum b/dojo/settings/.settings.dist.py.sha256sum index 259f13a4c6..bf1f1f1af2 100644 --- a/dojo/settings/.settings.dist.py.sha256sum +++ b/dojo/settings/.settings.dist.py.sha256sum @@ -1 +1 @@ -6b9365d002880ae64ab54da905ede076db5a8661960f8f1e2793b7f4d25ff7e8 +d1f567235384130c55f62ec11a02e275a8185b9cd3cf683c6a9c3e89936f9bb7 From 0a18832561a20f4fc30bb0f50b59e0afee10c203 Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Mon, 4 Nov 2024 18:15:44 +0100 Subject: [PATCH 08/18] ruff --- dojo/tools/trivy_operator/uniform_vulnid.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/dojo/tools/trivy_operator/uniform_vulnid.py b/dojo/tools/trivy_operator/uniform_vulnid.py index 0ca60b6397..8f3625cf72 100644 --- a/dojo/tools/trivy_operator/uniform_vulnid.py +++ b/dojo/tools/trivy_operator/uniform_vulnid.py @@ -14,8 +14,6 @@ def return_uniformed_vulnid(self, vulnid, test): uniformed_vuln_id = avd_category.upper() + number else: temp = re.compile("([a-zA-Z-_]+)([0-9]+)") - print(vulnid) - print("===============================") number = str(temp.match(vulnid).groups()[1]).zfill(4) avd_category = str(temp.match(vulnid.lower().replace("_", "").replace("-", "")).groups()[0].replace("avd", "")) uniformed_vuln_id = "AVD-" + avd_category.upper() + "-" + number From 3a901ba34dd7d399484474955797195f0d9f30a1 Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Mon, 4 Nov 2024 18:33:00 +0100 Subject: [PATCH 09/18] fix --- dojo/tools/trivy_operator/secrets_handler.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/dojo/tools/trivy_operator/secrets_handler.py b/dojo/tools/trivy_operator/secrets_handler.py index a00c894a03..4cc4009993 100644 --- a/dojo/tools/trivy_operator/secrets_handler.py +++ b/dojo/tools/trivy_operator/secrets_handler.py @@ -54,7 +54,5 @@ def handle_secrets(self, labels, secrets, test): service=service, tags=[resource_namespace], ) - if secret_rule_id: - finding.unsaved_vulnerability_ids = [secret_rule_id] findings.append(finding) return findings From dcba7de9e3338cfe87ca49bdcddcdfc47c0aec43 Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Mon, 4 Nov 2024 20:59:35 +0100 Subject: [PATCH 10/18] fix --- dojo/tools/trivy_operator/secrets_handler.py | 1 + 1 file changed, 1 insertion(+) diff --git a/dojo/tools/trivy_operator/secrets_handler.py b/dojo/tools/trivy_operator/secrets_handler.py index 4cc4009993..6509835b4f 100644 --- a/dojo/tools/trivy_operator/secrets_handler.py +++ b/dojo/tools/trivy_operator/secrets_handler.py @@ -42,6 +42,7 @@ def handle_secrets(self, labels, secrets, test): secret_description += "\n**resource.kind:** " + resource_kind secret_description += "\n**resource.name:** " + resource_name secret_description += "\n**resource.namespace:** " + resource_namespace + secret_description += "\n**ruleID:** " + secret_rule_id finding = Finding( test=test, title=title, From 4b06720e54f1cd161991e31914931b0e8e0e2abb Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Mon, 4 Nov 2024 21:20:53 +0100 Subject: [PATCH 11/18] fix unittests --- unittests/tools/test_trivy_operator_parser.py | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/unittests/tools/test_trivy_operator_parser.py b/unittests/tools/test_trivy_operator_parser.py index 5e4a71558d..85ce55bc75 100644 --- a/unittests/tools/test_trivy_operator_parser.py +++ b/unittests/tools/test_trivy_operator_parser.py @@ -25,7 +25,7 @@ def test_configauditreport_single_vulns(self): finding = findings[0] self.assertEqual("Low", finding.severity) self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) - self.assertEqual("KSV014", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("AVD-KSV-0014", finding.unsaved_vulnerability_ids[0]) self.assertEqual("KSV014 - Root file system is not read-only", finding.title) def test_configauditreport_many_vulns(self): @@ -36,12 +36,12 @@ def test_configauditreport_many_vulns(self): finding = findings[0] self.assertEqual("Low", finding.severity) self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) - self.assertEqual("KSV014", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("AVD-KSV-0014", finding.unsaved_vulnerability_ids[0]) self.assertEqual("KSV014 - Root file system is not read-only", finding.title) finding = findings[1] self.assertEqual("Low", finding.severity) self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) - self.assertEqual("KSV016", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("AVD-KSV-0016", finding.unsaved_vulnerability_ids[0]) self.assertEqual("KSV016 - Memory requests not specified", finding.title) def test_vulnerabilityreport_no_vuln(self): @@ -96,8 +96,6 @@ def test_exposedsecretreport_single_vulns(self): self.assertEqual(len(findings), 1) finding = findings[0] self.assertEqual("Critical", finding.severity) - self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) - self.assertEqual("aws-secret-access-key", finding.unsaved_vulnerability_ids[0]) self.assertEqual("aws-secret-access-key", finding.references) self.assertEqual("root/aws_secret.txt", finding.file_path) self.assertEqual("Secret detected in root/aws_secret.txt - AWS Secret Access Key", finding.title) @@ -109,15 +107,11 @@ def test_exposedsecretreport_many(self): self.assertEqual(len(findings), 2) finding = findings[0] self.assertEqual("Critical", finding.severity) - self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) - self.assertEqual("aws-secret-access-key", finding.unsaved_vulnerability_ids[0]) self.assertEqual("aws-secret-access-key", finding.references) self.assertEqual("root/aws_secret.txt", finding.file_path) self.assertEqual("Secret detected in root/aws_secret.txt - AWS Secret Access Key", finding.title) finding = findings[1] self.assertEqual("Critical", finding.severity) - self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) - self.assertEqual("github-pat", finding.unsaved_vulnerability_ids[0]) self.assertEqual("github-pat", finding.references) self.assertEqual("root/github_secret.txt", finding.file_path) self.assertEqual("Secret detected in root/github_secret.txt - GitHub Personal Access Token", finding.title) From 072eb27d538dca92759c394e846f79a4cd21ce02 Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Mon, 4 Nov 2024 22:44:19 +0100 Subject: [PATCH 12/18] fix --- dojo/tools/trivy_operator/uniform_vulnid.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dojo/tools/trivy_operator/uniform_vulnid.py b/dojo/tools/trivy_operator/uniform_vulnid.py index 8f3625cf72..97d3060777 100644 --- a/dojo/tools/trivy_operator/uniform_vulnid.py +++ b/dojo/tools/trivy_operator/uniform_vulnid.py @@ -11,10 +11,10 @@ def return_uniformed_vulnid(self, vulnid, test): temp = re.compile("([a-zA-Z-_]+)([0-9]+)") number = str(temp.match(vulnid).groups()[1]).zfill(3) avd_category = str(temp.match(vulnid.lower()).groups()[0]) - uniformed_vuln_id = avd_category.upper() + number - else: + return avd_category.upper() + number + if "ksv" in vulnid.lower() or "kcv" in vulnid.lower(): temp = re.compile("([a-zA-Z-_]+)([0-9]+)") number = str(temp.match(vulnid).groups()[1]).zfill(4) avd_category = str(temp.match(vulnid.lower().replace("_", "").replace("-", "")).groups()[0].replace("avd", "")) - uniformed_vuln_id = "AVD-" + avd_category.upper() + "-" + number - return uniformed_vuln_id + return "AVD-" + avd_category.upper() + "-" + number + return vulnid From 1486efedcf31991111ea8e8fd36468a615830d95 Mon Sep 17 00:00:00 2001 From: manuelsommer <47991713+manuel-sommer@users.noreply.github.com> Date: Sat, 9 Nov 2024 01:56:58 +0100 Subject: [PATCH 13/18] Update dojo/tools/trivy_operator/uniform_vulnid.py Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> --- dojo/tools/trivy_operator/uniform_vulnid.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/tools/trivy_operator/uniform_vulnid.py b/dojo/tools/trivy_operator/uniform_vulnid.py index 97d3060777..b3aae5055e 100644 --- a/dojo/tools/trivy_operator/uniform_vulnid.py +++ b/dojo/tools/trivy_operator/uniform_vulnid.py @@ -2,7 +2,7 @@ class UniformTrivyVulnID: - def return_uniformed_vulnid(self, vulnid, test): + def return_uniformed_vulnid(self, vulnid): if vulnid is None: return vulnid if "cve" in vulnid.lower(): From ece3c3ea6ac3a6be2cddc84fa925f2ca8a6b026a Mon Sep 17 00:00:00 2001 From: manuelsommer <47991713+manuel-sommer@users.noreply.github.com> Date: Sat, 9 Nov 2024 01:57:07 +0100 Subject: [PATCH 14/18] Update dojo/tools/trivy_operator/compliance_handler.py Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> --- dojo/tools/trivy_operator/compliance_handler.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/tools/trivy_operator/compliance_handler.py b/dojo/tools/trivy_operator/compliance_handler.py index 080c339f40..62a63929e2 100644 --- a/dojo/tools/trivy_operator/compliance_handler.py +++ b/dojo/tools/trivy_operator/compliance_handler.py @@ -55,6 +55,6 @@ def handle_compliance(self, benchmarkreport, test): dynamic_finding=True, ) if check_checkID: - finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(check_checkID, test)] + finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(check_checkID)] findings.append(finding) return findings From e3fe32d718993712508ecb5426b43ec33bc2ac13 Mon Sep 17 00:00:00 2001 From: manuelsommer <47991713+manuel-sommer@users.noreply.github.com> Date: Sat, 9 Nov 2024 01:57:13 +0100 Subject: [PATCH 15/18] Update dojo/tools/trivy_operator/checks_handler.py Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> --- dojo/tools/trivy_operator/checks_handler.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/tools/trivy_operator/checks_handler.py b/dojo/tools/trivy_operator/checks_handler.py index ecdb70ffca..2a260ff568 100644 --- a/dojo/tools/trivy_operator/checks_handler.py +++ b/dojo/tools/trivy_operator/checks_handler.py @@ -48,6 +48,6 @@ def handle_checks(self, labels, checks, test): tags=[resource_namespace], ) if check_id: - finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(check_id, test)] + finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(check_id)] findings.append(finding) return findings From 09e4a8c2e6dc7d51b47986c27124a800c2b476af Mon Sep 17 00:00:00 2001 From: manuelsommer <47991713+manuel-sommer@users.noreply.github.com> Date: Sat, 9 Nov 2024 01:57:24 +0100 Subject: [PATCH 16/18] Update dojo/tools/trivy_operator/vulnerability_handler.py Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> --- dojo/tools/trivy_operator/vulnerability_handler.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/tools/trivy_operator/vulnerability_handler.py b/dojo/tools/trivy_operator/vulnerability_handler.py index ffafa31abf..99faa009d1 100644 --- a/dojo/tools/trivy_operator/vulnerability_handler.py +++ b/dojo/tools/trivy_operator/vulnerability_handler.py @@ -86,6 +86,6 @@ def handle_vulns(self, labels, vulnerabilities, test): tags=finding_tags, ) if vuln_id: - finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(vuln_id, test)] + finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(vuln_id)] findings.append(finding) return findings From 1580d1dd4ff6ebf989b8668947363e693682a017 Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Mon, 11 Nov 2024 17:10:03 +0100 Subject: [PATCH 17/18] update sha sum --- dojo/settings/.settings.dist.py.sha256sum | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/settings/.settings.dist.py.sha256sum b/dojo/settings/.settings.dist.py.sha256sum index 84c89f426a..0714b1f523 100644 --- a/dojo/settings/.settings.dist.py.sha256sum +++ b/dojo/settings/.settings.dist.py.sha256sum @@ -1 +1 @@ -60628ca4667641350d3d1854d1a6f863ce2ddeefa4f6e5df83f7e11a700cde0e \ No newline at end of file +662f676088227aa6a0850c8569a760c62f4d796f53968909a71d67039c0bdeb1 From 96a41e936dad2bcbd9cdb33fe788a08167b2a3da Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Tue, 12 Nov 2024 17:25:19 +0100 Subject: [PATCH 18/18] update sha sum --- dojo/settings/.settings.dist.py.sha256sum | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/settings/.settings.dist.py.sha256sum b/dojo/settings/.settings.dist.py.sha256sum index 0bb6e36087..071a9f0ae2 100644 --- a/dojo/settings/.settings.dist.py.sha256sum +++ b/dojo/settings/.settings.dist.py.sha256sum @@ -1 +1 @@ -662f676088227aa6a0850c8569a760c62f4d796f53968909a71d67039c0bdeb1 \ No newline at end of file +16d7a27d3146421a9aa6a8b1283f3d71b5c41b8bdb7c88ca70b0160e251034d1