Skip to content

Commit c4c6fc3

Browse files
valentijnscholtenvalentijnscholten
authored
anchorectl: add format check (#12375)
* anchorectl: add format check * anchorectl: add format check
1 parent bbda765 commit c4c6fc3

File tree

2 files changed

+49
-49
lines changed

2 files changed

+49
-49
lines changed

dojo/tools/anchorectl_policies/parser.py

Lines changed: 48 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -28,53 +28,54 @@ def get_findings(self, filename, test):
2828

2929
find_date = datetime.now()
3030
items = []
31-
try:
32-
for image in data:
33-
if image["detail"] is not None:
34-
for result in image["detail"]:
35-
try:
36-
gate = result["gate"]
37-
description = result["description"]
38-
policy_id = result["policyId"]
39-
status = result["status"]
40-
image_name = result["tag"]
41-
trigger_id = result["triggerId"]
42-
repo, tag = image_name.split(":", 2)
43-
severity, active = get_severity(status, description)
44-
vulnerability_id = extract_vulnerability_id(trigger_id)
45-
title = (
46-
policy_id
47-
+ " - gate|"
48-
+ gate
49-
+ " - trigger|"
50-
+ trigger_id
51-
)
52-
find = Finding(
53-
title=title,
54-
test=test,
55-
description=description,
56-
severity=severity,
57-
active=active,
58-
references=f"Policy ID: {policy_id}\nTrigger ID: {trigger_id}",
59-
file_path=search_filepath(description),
60-
component_name=repo,
61-
component_version=tag,
62-
date=find_date,
63-
static_finding=True,
64-
dynamic_finding=False,
65-
)
66-
if vulnerability_id:
67-
find.unsaved_vulnerability_ids = [vulnerability_id]
68-
items.append(find)
69-
except (KeyError, IndexError) as err:
70-
msg = f"Invalid format: {err} key not found"
71-
raise ValueError(msg)
72-
except AttributeError as err:
73-
# import empty policies without error (e.g. policies or images
74-
# objects are not a dictionary)
75-
logger.warning(
76-
"Exception at %s", "parsing anchore policy", exc_info=err,
77-
)
31+
32+
if not isinstance(data, list):
33+
msg = "This doesn't look like a valid Anchore CTRL Policies report: Expected a list with image data at the root of the JSON data"
34+
raise TypeError(msg)
35+
36+
for image in data:
37+
if not isinstance(image, dict) or image.get("detail") is None or not isinstance(image.get("detail"), list):
38+
msg = "This doesn't look like a valid Anchore CTRL Policies report, missing 'detail' list object key for image"
39+
raise ValueError(msg)
40+
41+
for result in image["detail"]:
42+
try:
43+
gate = result["gate"]
44+
description = result["description"]
45+
policy_id = result["policyId"]
46+
status = result["status"]
47+
image_name = result["tag"]
48+
trigger_id = result["triggerId"]
49+
repo, tag = image_name.split(":", 2)
50+
severity, active = get_severity(status, description)
51+
vulnerability_id = extract_vulnerability_id(trigger_id)
52+
title = (
53+
policy_id
54+
+ " - gate|"
55+
+ gate
56+
+ " - trigger|"
57+
+ trigger_id
58+
)
59+
find = Finding(
60+
title=title,
61+
test=test,
62+
description=description,
63+
severity=severity,
64+
active=active,
65+
references=f"Policy ID: {policy_id}\nTrigger ID: {trigger_id}",
66+
file_path=search_filepath(description),
67+
component_name=repo,
68+
component_version=tag,
69+
date=find_date,
70+
static_finding=True,
71+
dynamic_finding=False,
72+
)
73+
if vulnerability_id:
74+
find.unsaved_vulnerability_ids = [vulnerability_id]
75+
items.append(find)
76+
except (KeyError, IndexError) as err:
77+
msg = f"Invalid format: {err} key not found"
78+
raise ValueError(msg)
7879
return items
7980

8081

unittests/scans/anchorectl_policies/many_violations.json

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -40,5 +40,4 @@
4040
"status": "fail",
4141
"tag": "test/testimage:testtag"
4242
}
43-
]
44-
43+
]

0 commit comments

Comments
 (0)