fix(config): Drop mixing of options with yaml config. (#148)
Also adds some documentation explaining how the config and flags are used in conjunction with each other. Fixes: https://github.com/aquasecurity/trivy-action/issues/147 Signed-off-by: Simar <simar@linux.com>pull/145/head
parent
81b9a6f5ab
commit
5144f05a8d
@ -0,0 +1,4 @@
|
|||||||
|
.PHONY: test
|
||||||
|
|
||||||
|
test:
|
||||||
|
BATS_LIB_PATH=/usr/local/lib/ bats -r .
|
@ -1,2 +1,5 @@
|
|||||||
format: json
|
format: json
|
||||||
severity: CRITICAL
|
severity: CRITICAL
|
||||||
|
vulnerability:
|
||||||
|
type: os
|
||||||
|
output: yamlconfig.test
|
@ -1,29 +1,104 @@
|
|||||||
{
|
{
|
||||||
"SchemaVersion": 2,
|
"SchemaVersion": 2,
|
||||||
"ArtifactName": ".",
|
"ArtifactName": "alpine:3.10",
|
||||||
"ArtifactType": "filesystem",
|
"ArtifactType": "container_image",
|
||||||
"Metadata": {
|
"Metadata": {
|
||||||
|
"OS": {
|
||||||
|
"Family": "alpine",
|
||||||
|
"Name": "3.10.9",
|
||||||
|
"EOSL": true
|
||||||
|
},
|
||||||
|
"ImageID": "sha256:e7b300aee9f9bf3433d32bc9305bfdd22183beb59d933b48d77ab56ba53a197a",
|
||||||
|
"DiffIDs": [
|
||||||
|
"sha256:9fb3aa2f8b8023a4bebbf92aa567caf88e38e969ada9f0ac12643b2847391635"
|
||||||
|
],
|
||||||
|
"RepoTags": [
|
||||||
|
"alpine:3.10"
|
||||||
|
],
|
||||||
|
"RepoDigests": [
|
||||||
|
"alpine@sha256:451eee8bedcb2f029756dc3e9d73bab0e7943c1ac55cff3a4861c52a0fdd3e98"
|
||||||
|
],
|
||||||
"ImageConfig": {
|
"ImageConfig": {
|
||||||
"architecture": "",
|
"architecture": "amd64",
|
||||||
"created": "0001-01-01T00:00:00Z",
|
"container": "fdb7e80e3339e8d0599282e606c907aa5881ee4c668a68136119e6dfac6ce3a4",
|
||||||
"os": "",
|
"created": "2021-04-14T19:20:05.338397761Z",
|
||||||
|
"docker_version": "19.03.12",
|
||||||
|
"history": [
|
||||||
|
{
|
||||||
|
"created": "2021-04-14T19:20:04.987219124Z",
|
||||||
|
"created_by": "/bin/sh -c #(nop) ADD file:c5377eaa926bf412dd8d4a08b0a1f2399cfd708743533b0aa03b53d14cb4bb4e in / "
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"created": "2021-04-14T19:20:05.338397761Z",
|
||||||
|
"created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]",
|
||||||
|
"empty_layer": true
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"os": "linux",
|
||||||
"rootfs": {
|
"rootfs": {
|
||||||
"type": "",
|
"type": "layers",
|
||||||
"diff_ids": null
|
"diff_ids": [
|
||||||
|
"sha256:9fb3aa2f8b8023a4bebbf92aa567caf88e38e969ada9f0ac12643b2847391635"
|
||||||
|
]
|
||||||
},
|
},
|
||||||
"config": {}
|
"config": {
|
||||||
|
"Cmd": [
|
||||||
|
"/bin/sh"
|
||||||
|
],
|
||||||
|
"Env": [
|
||||||
|
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
],
|
||||||
|
"Image": "sha256:eb2080c455e94c22ae35b3aef9e078c492a00795412e026e4d6b41ef64bc7dd8"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"Results": [
|
"Results": [
|
||||||
{
|
{
|
||||||
"Target": "Dockerfile",
|
"Target": "alpine:3.10 (alpine 3.10.9)",
|
||||||
"Class": "config",
|
"Class": "os-pkgs",
|
||||||
"Type": "dockerfile",
|
"Type": "alpine",
|
||||||
"MisconfSummary": {
|
"Vulnerabilities": [
|
||||||
"Successes": 6,
|
{
|
||||||
"Failures": 0,
|
"VulnerabilityID": "CVE-2021-36159",
|
||||||
"Exceptions": 0
|
"PkgName": "apk-tools",
|
||||||
}
|
"InstalledVersion": "2.10.6-r0",
|
||||||
|
"FixedVersion": "2.10.7-r0",
|
||||||
|
"Layer": {
|
||||||
|
"Digest": "sha256:396c31837116ac290458afcb928f68b6cc1c7bdd6963fc72f52f365a2a89c1b5",
|
||||||
|
"DiffID": "sha256:9fb3aa2f8b8023a4bebbf92aa567caf88e38e969ada9f0ac12643b2847391635"
|
||||||
|
},
|
||||||
|
"SeveritySource": "nvd",
|
||||||
|
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-36159",
|
||||||
|
"DataSource": {
|
||||||
|
"ID": "alpine",
|
||||||
|
"Name": "Alpine Secdb",
|
||||||
|
"URL": "https://secdb.alpinelinux.org/"
|
||||||
|
},
|
||||||
|
"Description": "libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\\0' terminator one byte too late.",
|
||||||
|
"Severity": "CRITICAL",
|
||||||
|
"CweIDs": [
|
||||||
|
"CWE-125"
|
||||||
|
],
|
||||||
|
"CVSS": {
|
||||||
|
"nvd": {
|
||||||
|
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
|
||||||
|
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
|
||||||
|
"V2Score": 6.4,
|
||||||
|
"V3Score": 9.1
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"References": [
|
||||||
|
"https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch",
|
||||||
|
"https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749",
|
||||||
|
"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E",
|
||||||
|
"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E",
|
||||||
|
"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E",
|
||||||
|
"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E"
|
||||||
|
],
|
||||||
|
"PublishedDate": "2021-08-03T14:15:00Z",
|
||||||
|
"LastModifiedDate": "2021-10-18T12:19:00Z"
|
||||||
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue