diff --git a/src/common/models/pro_meta.go b/src/common/models/pro_meta.go index d9952714c..d733e05de 100644 --- a/src/common/models/pro_meta.go +++ b/src/common/models/pro_meta.go @@ -26,7 +26,7 @@ const ( ProMetaSeverity = "severity" ProMetaAutoScan = "auto_scan" ProMetaReuseSysCVEWhitelist = "reuse_sys_cve_whitelist" - SeverityNone = "negligible" + SeverityNegligible = "negligible" SeverityLow = "low" SeverityMedium = "medium" SeverityHigh = "high" diff --git a/src/core/api/metadata.go b/src/core/api/metadata.go index 20cdd35dd..12fe9ac22 100644 --- a/src/core/api/metadata.go +++ b/src/core/api/metadata.go @@ -231,7 +231,7 @@ func validateProjectMetadata(metas map[string]string) (map[string]string, error) value, exist := metas[models.ProMetaSeverity] if exist { switch strings.ToLower(value) { - case models.SeverityHigh, models.SeverityMedium, models.SeverityLow, models.SeverityNone: + case models.SeverityHigh, models.SeverityMedium, models.SeverityLow, models.SeverityNegligible: metas[models.ProMetaSeverity] = strings.ToLower(value) default: return nil, fmt.Errorf("invalid severity %s", value) diff --git a/src/core/middlewares/util/util.go b/src/core/middlewares/util/util.go index e023fc802..52d203071 100644 --- a/src/core/middlewares/util/util.go +++ b/src/core/middlewares/util/util.go @@ -366,27 +366,28 @@ func (pc PmsPolicyChecker) VulnerablePolicy(name string) (bool, vuln.Severity, m log.Errorf("Unexpected error when getting the project, error: %v", err) return true, vuln.Unknown, wl } + mgr := whitelist.NewDefaultManager() if project.ReuseSysCVEWhitelist() { w, err := mgr.GetSys() if err != nil { log.Error(errors.Wrap(err, "policy checker: vulnerable policy")) - return project.VulPrevented(), vuln.Severity(project.Severity()), wl - } - wl = *w + } else { + wl = *w - // Use the real project ID - wl.ProjectID = project.ProjectID + // Use the real project ID + wl.ProjectID = project.ProjectID + } } else { w, err := mgr.Get(project.ProjectID) if err != nil { log.Error(errors.Wrap(err, "policy checker: vulnerable policy")) - return project.VulPrevented(), vuln.Severity(project.Severity()), wl + } else { + wl = *w } - wl = *w } - return project.VulPrevented(), vuln.Severity(project.Severity()), wl + return project.VulPrevented(), getProjectVulnSeverity(project), wl } // NewPMSPolicyChecker returns an instance of an pmsPolicyChecker @@ -561,3 +562,20 @@ func ParseManifestInfoFromPath(req *http.Request) (*ManifestInfo, error) { return info, nil } + +func getProjectVulnSeverity(project *models.Project) vuln.Severity { + mp := map[string]vuln.Severity{ + models.SeverityNegligible: vuln.Negligible, + models.SeverityLow: vuln.Low, + models.SeverityMedium: vuln.Medium, + models.SeverityHigh: vuln.High, + models.SeverityCritical: vuln.Critical, + } + + severity, ok := mp[project.Severity()] + if !ok { + return vuln.Unknown + } + + return severity +} diff --git a/src/core/middlewares/util/util_test.go b/src/core/middlewares/util/util_test.go index f44fcd885..2cfe9899a 100644 --- a/src/core/middlewares/util/util_test.go +++ b/src/core/middlewares/util/util_test.go @@ -171,7 +171,7 @@ func TestPMSPolicyChecker(t *testing.T) { Metadata: map[string]string{ models.ProMetaEnableContentTrust: "true", models.ProMetaPreventVul: "true", - models.ProMetaSeverity: "Low", + models.ProMetaSeverity: "low", // validateProjectMetadata function make the severity to lowercase models.ProMetaReuseSysCVEWhitelist: "false", }, })