fix(vulnerable): fix the wrong count of vulnerabilities in message

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2024-09-21 03:13:18 +00:00 · 2020-04-08 09:06:27 +00:00 · 2020-04-08 09:06:27 +00:00 · 20115b92c7
commit 20115b92c7
parent 6ad855f0ee
2 changed files with 43 additions and 13 deletions
--- a/src/server/middleware/vulnerable/vulnerable.go
+++ b/src/server/middleware/vulnerable/vulnerable.go
@ -143,8 +143,13 @@ func Middleware() func(http.Handler) http.Handler {

 		// Do judgement
 		if summary.Severity.Code() >= projectSeverity.Code() {
-			msg := fmt.Sprintf(`current image with %d vulnerabilities cannot be pulled due to configured policy in 'Prevent images with vulnerability severity of "%s" or higher from running.' `+
-				`To continue with pull, please contact your project administrator to exempt matched vulnerabilities through configuring the CVE whitelist.`, summary.TotalCount, projectSeverity)
+			thing := "vulnerability"
+			if summary.Summary.Total > 1 {
+				thing = "vulnerabilities"
+			}
+			msg := fmt.Sprintf(`current image with %d %s cannot be pulled due to configured policy in 'Prevent images with vulnerability severity of "%s" or higher from running.' `+
+				`To continue with pull, please contact your project administrator to exempt matched vulnerabilities through configuring the CVE whitelist.`,
+				summary.Summary.Total, thing, projectSeverity)
 			return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage(msg)
 		}

--- a/src/server/middleware/vulnerable/vulnerable_test.go
+++ b/src/server/middleware/vulnerable/vulnerable_test.go
@ -339,19 +339,44 @@ func (suite *MiddlewareTestSuite) TestPrevented() {
 	mock.OnAnything(suite.artifactController, "GetByReference").Return(suite.artifact, nil)
 	mock.OnAnything(suite.projectController, "Get").Return(suite.project, nil)
 	mock.OnAnything(suite.checker, "IsScannable").Return(true, nil)
-	mock.OnAnything(suite.scanController, "GetSummary").Return(map[string]interface{}{
-		v1.MimeTypeNativeReport: &vuln.NativeReportSummary{
-			ScanStatus: "Success",
-			Severity:   vuln.Critical,
-			Summary:    &vuln.VulnerabilitySummary{Total: 1},
-		},
-	}, nil)

-	req := suite.makeRequest()
-	rr := httptest.NewRecorder()
+	{
+		// only one vulnerability
+		mock.OnAnything(suite.scanController, "GetSummary").Return(map[string]interface{}{
+			v1.MimeTypeNativeReport: &vuln.NativeReportSummary{
+				ScanStatus: "Success",
+				Severity:   vuln.Critical,
+				Summary:    &vuln.VulnerabilitySummary{Total: 1},
+			},
+		}, nil).Once()

-	Middleware()(suite.next).ServeHTTP(rr, req)
-	suite.Equal(rr.Code, http.StatusPreconditionFailed)
+		req := suite.makeRequest()
+		rr := httptest.NewRecorder()
+
+		Middleware()(suite.next).ServeHTTP(rr, req)
+		suite.Equal(rr.Code, http.StatusPreconditionFailed)
+
+		suite.Contains(rr.Body.String(), "current image with 1 vulnerability cannot be pulled")
+	}
+
+	{
+		// multiple vulnerabilities
+		mock.OnAnything(suite.scanController, "GetSummary").Return(map[string]interface{}{
+			v1.MimeTypeNativeReport: &vuln.NativeReportSummary{
+				ScanStatus: "Success",
+				Severity:   vuln.Critical,
+				Summary:    &vuln.VulnerabilitySummary{Total: 2},
+			},
+		}, nil).Once()
+
+		req := suite.makeRequest()
+		rr := httptest.NewRecorder()
+
+		Middleware()(suite.next).ServeHTTP(rr, req)
+		suite.Equal(rr.Code, http.StatusPreconditionFailed)
+
+		suite.Contains(rr.Body.String(), "current image with 2 vulnerabilities cannot be pulled")
+	}
 }

 func (suite *MiddlewareTestSuite) TestArtifactIsImageIndex() {