Only send vulnerability events if the minimum priority is gte to that specified
Fixes #770
This commit is contained in:
Joseph Schorr
parent
5926501e08
commit
ca7d736db2
13 changed files with 175 additions and 156 deletions
|
|
@ -1,9 +1,11 @@
|
|||
import logging
|
||||
import time
|
||||
import json
|
||||
|
||||
from datetime import datetime
|
||||
from notificationhelper import build_event_data
|
||||
from util.jinjautil import get_template_env
|
||||
from util.secscan.api import PRIORITY_LEVELS, get_priority_for_index
|
||||
|
||||
template_env = get_template_env("events")
|
||||
logger = logging.getLogger(__name__)
|
||||
|
|
@ -37,13 +39,18 @@ class NotificationEvent(object):
|
|||
'notification_data': notification_data
|
||||
})
|
||||
|
||||
def get_sample_data(self, repository=None):
|
||||
def get_sample_data(self, notification):
|
||||
"""
|
||||
Returns sample data for testing the raising of this notification, with an optional
|
||||
repository.
|
||||
Returns sample data for testing the raising of this notification, with an example notification.
|
||||
"""
|
||||
raise NotImplementedError
|
||||
|
||||
def should_perform(self, event_data, notification_data):
|
||||
"""
|
||||
Whether a notification for this event should be performed. By default returns True.
|
||||
"""
|
||||
return True
|
||||
|
||||
@classmethod
|
||||
def event_name(cls):
|
||||
"""
|
||||
|
|
@ -71,8 +78,8 @@ class RepoPushEvent(NotificationEvent):
|
|||
def get_summary(self, event_data, notification_data):
|
||||
return 'Repository %s updated' % (event_data['repository'])
|
||||
|
||||
def get_sample_data(self, repository):
|
||||
return build_event_data(repository, {
|
||||
def get_sample_data(self, notification):
|
||||
return build_event_data(notification.repository, {
|
||||
'updated_tags': {'latest': 'someimageid', 'foo': 'anotherimage'},
|
||||
'pruned_image_count': 3
|
||||
})
|
||||
|
|
@ -99,18 +106,27 @@ class VulnerabilityFoundEvent(NotificationEvent):
|
|||
|
||||
return 'info'
|
||||
|
||||
def get_sample_data(self, repository):
|
||||
return build_event_data(repository, {
|
||||
def get_sample_data(self, notification):
|
||||
event_config = json.loads(notification.event_config_json)
|
||||
|
||||
return build_event_data(notification.repository, {
|
||||
'tags': ['latest', 'prod'],
|
||||
'image': 'some-image-id',
|
||||
'vulnerability': {
|
||||
'id': 'CVE-FAKE-CVE',
|
||||
'description': 'A futurist vulnerability',
|
||||
'link': 'https://security-tracker.debian.org/tracker/CVE-FAKE-CVE',
|
||||
'priority': 'Critical',
|
||||
'priority': get_priority_for_index(event_config['level'])
|
||||
},
|
||||
})
|
||||
|
||||
def should_perform(self, event_data, notification_data):
|
||||
event_config = json.loads(notification_data.event_config_json)
|
||||
expected_level_index = event_config['level']
|
||||
priority = PRIORITY_LEVELS[event_data['vulnerability']['priority']]
|
||||
actual_level_index = priority['index']
|
||||
return expected_level_index <= actual_level_index
|
||||
|
||||
def get_summary(self, event_data, notification_data):
|
||||
msg = '%s vulnerability detected in repository %s in tags %s'
|
||||
return msg % (event_data['vulnerability']['priority'],
|
||||
|
|
@ -126,10 +142,10 @@ class BuildQueueEvent(NotificationEvent):
|
|||
def get_level(self, event_data, notification_data):
|
||||
return 'info'
|
||||
|
||||
def get_sample_data(self, repository):
|
||||
def get_sample_data(self, notification):
|
||||
build_uuid = 'fake-build-id'
|
||||
|
||||
return build_event_data(repository, {
|
||||
return build_event_data(notification.repository, {
|
||||
'is_manual': False,
|
||||
'build_id': build_uuid,
|
||||
'build_name': 'some-fake-build',
|
||||
|
|
@ -165,10 +181,10 @@ class BuildStartEvent(NotificationEvent):
|
|||
def get_level(self, event_data, notification_data):
|
||||
return 'info'
|
||||
|
||||
def get_sample_data(self, repository):
|
||||
def get_sample_data(self, notification):
|
||||
build_uuid = 'fake-build-id'
|
||||
|
||||
return build_event_data(repository, {
|
||||
return build_event_data(notification.repository, {
|
||||
'build_id': build_uuid,
|
||||
'build_name': 'some-fake-build',
|
||||
'docker_tags': ['latest', 'foo', 'bar'],
|
||||
|
|
@ -193,10 +209,10 @@ class BuildSuccessEvent(NotificationEvent):
|
|||
def get_level(self, event_data, notification_data):
|
||||
return 'success'
|
||||
|
||||
def get_sample_data(self, repository):
|
||||
def get_sample_data(self, notification):
|
||||
build_uuid = 'fake-build-id'
|
||||
|
||||
return build_event_data(repository, {
|
||||
return build_event_data(notification.repository, {
|
||||
'build_id': build_uuid,
|
||||
'build_name': 'some-fake-build',
|
||||
'docker_tags': ['latest', 'foo', 'bar'],
|
||||
|
|
@ -222,10 +238,10 @@ class BuildFailureEvent(NotificationEvent):
|
|||
def get_level(self, event_data, notification_data):
|
||||
return 'error'
|
||||
|
||||
def get_sample_data(self, repository):
|
||||
def get_sample_data(self, notification):
|
||||
build_uuid = 'fake-build-id'
|
||||
|
||||
return build_event_data(repository, {
|
||||
return build_event_data(notification.repository, {
|
||||
'build_id': build_uuid,
|
||||
'build_name': 'some-fake-build',
|
||||
'docker_tags': ['latest', 'foo', 'bar'],
|
||||
|
|
|
|||
Reference in a new issue