Merge pull request #1685 from kubescape/fixfix

fix yamlhandler deleting too many lines during fix
kubescape · May 23, 2024 · f52056a · f52056a
2 parents 7f9f6d3 + 840162c
commit f52056a
Show file tree

Hide file tree

Showing 20 changed files with 34 additions and 28 deletions.
diff --git a/core/pkg/fixhandler/testdata/hybrids/tc-01-00-input.yaml b/core/pkg/fixhandler/testdata/hybrids/tc-01-00-input.yaml
@@ -14,6 +14,6 @@ metadata:
 spec:
   containers:
   - name: nginx_container
-    image: nginx
     securityContext:
       runAsRoot: true
+    image: nginx
diff --git a/core/pkg/fixhandler/testdata/hybrids/tc-02-00-input-indented-list.yaml b/core/pkg/fixhandler/testdata/hybrids/tc-02-00-input-indented-list.yaml
@@ -14,6 +14,6 @@ metadata:
 spec:
   containers:
     - name: nginx_container
-      image: nginx
       securityContext:
         runAsRoot: true
+      image: nginx
diff --git a/core/pkg/fixhandler/testdata/hybrids/tc-03-00-input-comments.yaml b/core/pkg/fixhandler/testdata/hybrids/tc-03-00-input-comments.yaml
@@ -16,6 +16,6 @@ spec:
   containers:
     # These are the first containers comments
     - name: nginx_container
-      image: nginx
       securityContext:
         runAsRoot: true
+      image: nginx
diff --git a/core/pkg/fixhandler/testdata/hybrids/tc-04-00-input-separated-keys.yaml b/core/pkg/fixhandler/testdata/hybrids/tc-04-00-input-separated-keys.yaml
@@ -15,7 +15,7 @@ spec:
   containers:
     - name: nginx_container
 
-      image: nginx
-
       securityContext:
         runAsRoot: true
+
+      image: nginx
diff --git a/core/pkg/fixhandler/testdata/hybrids/tc-04-01-expected.yaml b/core/pkg/fixhandler/testdata/hybrids/tc-04-01-expected.yaml
@@ -15,7 +15,7 @@ spec:
   containers:
     - name: nginx_container
 
+
       image: nginx
   securityContext:
     runAsRoot: false
-
diff --git a/core/pkg/fixhandler/testdata/hybrids/tc-05-00-input-leading-doc-separator.yaml b/core/pkg/fixhandler/testdata/hybrids/tc-05-00-input-leading-doc-separator.yaml
@@ -16,7 +16,7 @@ spec:
   containers:
     - name: nginx_container
 
-      image: nginx
-
       securityContext:
         runAsRoot: true
+
+      image: nginx
diff --git a/core/pkg/fixhandler/testdata/hybrids/tc-05-01-expected.yaml b/core/pkg/fixhandler/testdata/hybrids/tc-05-01-expected.yaml
@@ -16,7 +16,7 @@ spec:
   containers:
     - name: nginx_container
 
+
       image: nginx
   securityContext:
     runAsRoot: false
-
diff --git a/core/pkg/fixhandler/testdata/removals/tc-01-00-input.yaml b/core/pkg/fixhandler/testdata/removals/tc-01-00-input.yaml
@@ -9,6 +9,6 @@ metadata:
 spec:
   containers:
   - name: nginx_container
-    image: nginx
     securityContext:
-      runAsRoot: false
+      runAsRoot: false
+    image: nginx
diff --git a/core/pkg/fixhandler/testdata/removals/tc-01-01-expected.yaml b/core/pkg/fixhandler/testdata/removals/tc-01-01-expected.yaml
@@ -9,4 +9,4 @@ metadata:
 spec:
   containers:
   - name: nginx_container
-    image: nginx
+    image: nginx
diff --git a/core/pkg/fixhandler/testdata/removals/tc-02-00-input.yaml b/core/pkg/fixhandler/testdata/removals/tc-02-00-input.yaml
@@ -12,4 +12,5 @@ spec:
     image: nginx
 
   - name: container_with_security_issues
-    image: image_with_security_issues
+    image: image_with_security_issues
+  restartPolicy: Always
diff --git a/core/pkg/fixhandler/testdata/removals/tc-02-01-expected.yaml b/core/pkg/fixhandler/testdata/removals/tc-02-01-expected.yaml
@@ -10,3 +10,5 @@ spec:
   containers:
   - name: nginx_container
     image: nginx
+
+  restartPolicy: Always
diff --git a/core/pkg/fixhandler/testdata/removals/tc-03-00-input.yaml b/core/pkg/fixhandler/testdata/removals/tc-03-00-input.yaml
@@ -8,7 +8,7 @@ metadata:
 spec:
   containers:
   - name: nginx1
-    image: nginx
     securityContext:
       capabilities:
-        drop: ["NET_RAW", "SYS_ADM"]
+        drop: ["NET_RAW", "SYS_ADM"]
+    image: nginx
diff --git a/core/pkg/fixhandler/testdata/removals/tc-03-01-expected.yaml b/core/pkg/fixhandler/testdata/removals/tc-03-01-expected.yaml
@@ -8,7 +8,7 @@ metadata:
 spec:
   containers:
   - name: nginx1
-    image: nginx
     securityContext:
       capabilities:
-        drop: ["NET_RAW"]
+        drop: ["NET_RAW"]
+    image: nginx
diff --git a/core/pkg/fixhandler/testdata/removals/tc-04-00-input.yaml b/core/pkg/fixhandler/testdata/removals/tc-04-00-input.yaml
@@ -9,9 +9,9 @@ metadata:
 spec:
   containers:
   - name: nginx_container
-    image: nginx
     securityContext:
       runAsRoot: false
+    image: nginx
 
 ---
 
@@ -29,4 +29,5 @@ spec:
     image: nginx
 
   - name: container_with_security_issues
-    image: image_with_security_issues
+    image: image_with_security_issues
+  restartPolicy: Always
diff --git a/core/pkg/fixhandler/testdata/removals/tc-04-01-expected.yaml b/core/pkg/fixhandler/testdata/removals/tc-04-01-expected.yaml
@@ -25,3 +25,5 @@ spec:
   containers:
   - name: nginx_container
     image: nginx
+
+  restartPolicy: Always
diff --git a/core/pkg/fixhandler/testdata/replaces/tc-01-00-input.yaml b/core/pkg/fixhandler/testdata/replaces/tc-01-00-input.yaml
@@ -9,6 +9,6 @@ metadata:
 spec:
   containers:
   - name: nginx_container
-    image: nginx
     securityContext:
-      runAsRoot: true
+      runAsRoot: true
+    image: nginx
diff --git a/core/pkg/fixhandler/testdata/replaces/tc-01-01-expected.yaml b/core/pkg/fixhandler/testdata/replaces/tc-01-01-expected.yaml
@@ -9,6 +9,6 @@ metadata:
 spec:
   containers:
   - name: nginx_container
-    image: nginx
     securityContext:
-      runAsRoot: false
+      runAsRoot: false
+    image: nginx
diff --git a/core/pkg/fixhandler/testdata/replaces/tc-02-00-input.yaml b/core/pkg/fixhandler/testdata/replaces/tc-02-00-input.yaml
@@ -10,9 +10,9 @@ metadata:
 spec:
   containers:
   - name: nginx1
-    image: nginx
     securityContext:
       capabilities:
         drop:
         - "NET_RAW"
-        add: ["SYS_ADM"]
+        add: ["SYS_ADM"]
+    image: nginx
diff --git a/core/pkg/fixhandler/testdata/replaces/tc-02-01-expected.yaml b/core/pkg/fixhandler/testdata/replaces/tc-02-01-expected.yaml
@@ -10,9 +10,9 @@ metadata:
 spec:
   containers:
   - name: nginx1
-    image: nginx
     securityContext:
       capabilities:
         drop:
         - "SYS_ADM"
-        add: ["NET_RAW"]
+        add: ["NET_RAW"]
+    image: nginx
diff --git a/core/pkg/fixhandler/yamlhandler.go b/core/pkg/fixhandler/yamlhandler.go
@@ -182,7 +182,7 @@ func addLinesToRemove(ctx context.Context, fixInfoMetadata *fixInfoMetadata) (in
 	newOriginalListTracker := updateTracker(fixInfoMetadata.originalList, fixInfoMetadata.originalListTracker)
 	*fixInfoMetadata.linesToRemove = append(*fixInfoMetadata.linesToRemove, linesToRemove{
 		startLine: currentDFSNode.node.Line,
-		endLine:   getNodeLine(fixInfoMetadata.originalList, newOriginalListTracker),
+		endLine:   getNodeLine(fixInfoMetadata.originalList, newOriginalListTracker-1), // newOriginalListTracker is the next node
 	})
 
 	return newOriginalListTracker, fixInfoMetadata.fixedListTracker