From 59780594aee2e2b5327c68d031a4b638e5e4a60c Mon Sep 17 00:00:00 2001 From: ThomGeG Date: Tue, 9 Aug 2022 10:13:16 +1000 Subject: [PATCH] Mapping Critical to Error for Trivy Parser Brings the Trivy severity mappings inline with the DependencyCheck ones --- .../hafner/analysis/parser/TrivyParser.java | 6 ++---- .../analysis/parser/TrivyParserTest.java | 20 +++++++++++++++++++ .../analysis/parser/trivy_result_0.20.0.json | 4 ++-- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/src/main/java/edu/hm/hafner/analysis/parser/TrivyParser.java b/src/main/java/edu/hm/hafner/analysis/parser/TrivyParser.java index a4147f1b3..2ad30d77a 100644 --- a/src/main/java/edu/hm/hafner/analysis/parser/TrivyParser.java +++ b/src/main/java/edu/hm/hafner/analysis/parser/TrivyParser.java @@ -23,7 +23,6 @@ */ public class TrivyParser extends JsonIssueParser { private static final String VALUE_NOT_SET = "-"; - private static final String TRIVY_VULNERABILITY_LEVEL_TAG_CRITICAL = "critcal"; private static final String TRIVY_VULNERABILITY_LEVEL_TAG_HIGH = "high"; private static final String TRIVY_VULNERABILITY_LEVEL_TAG_MEDIUM = "medium"; private static final String TRIVY_VULNERABILITY_LEVEL_TAG_LOW = "low"; @@ -78,12 +77,11 @@ private Severity mapSeverity(final String string) { else if (TRIVY_VULNERABILITY_LEVEL_TAG_MEDIUM.equalsIgnoreCase(string)) { return Severity.WARNING_NORMAL; } - else if (TRIVY_VULNERABILITY_LEVEL_TAG_HIGH.equalsIgnoreCase(string) - || TRIVY_VULNERABILITY_LEVEL_TAG_CRITICAL.equalsIgnoreCase(string)) { + else if (TRIVY_VULNERABILITY_LEVEL_TAG_HIGH.equalsIgnoreCase(string)) { return Severity.WARNING_HIGH; } else { - return Severity.WARNING_HIGH; + return Severity.ERROR; } } diff --git a/src/test/java/edu/hm/hafner/analysis/parser/TrivyParserTest.java b/src/test/java/edu/hm/hafner/analysis/parser/TrivyParserTest.java index a2965de66..f286af6f4 100644 --- a/src/test/java/edu/hm/hafner/analysis/parser/TrivyParserTest.java +++ b/src/test/java/edu/hm/hafner/analysis/parser/TrivyParserTest.java @@ -50,6 +50,26 @@ void shouldHandleEmptyResultsJenkins67296() { assertThat(report).isEmpty(); } + @Test + void shouldMapCorrectly() { + Report report = parse("trivy_result_0.20.0.json"); + + assertThat(report).hasSize(4); + + assertThat(report.get(0)) + .hasSeverity(Severity.WARNING_LOW) + .hasType("CVE-2017-6519"); + assertThat(report.get(1)) + .hasSeverity(Severity.WARNING_NORMAL) + .hasType("CVE-2020-8619"); + assertThat(report.get(2)) + .hasSeverity(Severity.WARNING_HIGH) + .hasType("CVE-2020-5555"); + assertThat(report.get(3)) + .hasSeverity(Severity.ERROR) + .hasType("CVE-2020-9999"); + } + @Test void brokenInput() { assertThatThrownBy(() -> parse("eclipse.txt")).isInstanceOf(ParsingException.class); diff --git a/src/test/resources/edu/hm/hafner/analysis/parser/trivy_result_0.20.0.json b/src/test/resources/edu/hm/hafner/analysis/parser/trivy_result_0.20.0.json index 6b0816b2b..937815188 100644 --- a/src/test/resources/edu/hm/hafner/analysis/parser/trivy_result_0.20.0.json +++ b/src/test/resources/edu/hm/hafner/analysis/parser/trivy_result_0.20.0.json @@ -147,7 +147,7 @@ "LastModifiedDate": "2020-10-20T12:15:00Z" }, { - "VulnerabilityID": "CVE-2020-9999", + "VulnerabilityID": "CVE-2020-5555", "PkgName": "generatedSample", "InstalledVersion": "32:9.11.13-6.el8_2.1", "FixedVersion": "32:9.11.20-5.el8", @@ -177,4 +177,4 @@ ] } ] -} \ No newline at end of file +}