Skip to content

Commit

Permalink
feat: Show auto detected user instructions in 'container test' output
Browse files Browse the repository at this point in the history 
Updated 'container test' Dockerfile instructions to "Image layer:" to be consistent with what we show in the UI.
Added showing auto detected instructions if Dockerfile not present.
  • Loading branch information
@agatakrajewska
agatakrajewska committed Feb 11, 2021
1 parent 157663f commit 2e3237e
Show file tree
Hide file tree
Showing 3 changed files with 105 additions and 5 deletions.
5 changes: 3 additions & 2 deletions src/cli/commands/test/formatters/legacy-format-issue.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,11 +136,12 @@ export function titleCaseText(text) {

function dockerfileInstructionText(vuln) {
if (vuln.dockerfileInstruction) {
return `\n Introduced in your Dockerfile by '${vuln.dockerfileInstruction}'`;
JSON.stringify(vuln.dockerfileInstruction);
return `\n Image layer: '${vuln.dockerfileInstruction}'`;
}

if (vuln.dockerBaseImage) {
return `\n Introduced by your base image (${vuln.dockerBaseImage})`;
return `\n Image layer: Introduced by your base image (${vuln.dockerBaseImage})`;
}

return '';
Expand Down
9 changes: 6 additions & 3 deletions src/lib/snyk-test/run-test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,10 +104,13 @@ function prepareEcosystemResponseForParsing(
depGraphData !== undefined
? depGraphLib.createFromJSON(depGraphData)
: undefined;
const dockerfileAnalysisFact = payloadBody?.facts.find(
(fact) => fact.type === 'dockerfileAnalysis',
const imageUserInstructions = payloadBody?.facts.find(
(fact) =>
fact.type === 'dockerfileAnalysis' ||
fact.type === 'autoDetectedUserInstructions',
);
const dockerfilePackages = dockerfileAnalysisFact?.data?.dockerfilePackages;

const dockerfilePackages = imageUserInstructions?.data?.dockerfilePackages;
const projectName = payloadBody?.name || depGraph?.rootPkg.name;
const packageManager = payloadBody?.identity?.type as SupportedProjectTypes;
const targetFile = payloadBody?.identity?.targetFile || options.file;
Expand Down
96 changes: 96 additions & 0 deletions test/acceptance/cli-test/cli-test.docker.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -642,6 +642,102 @@ export const DockerTests: AcceptanceTests = {
}
},

'`test foo:latest --docker with dockerfile instructions`': (
params,
) => async (t) => {
stubDockerPluginResponse(
params.ecoSystemPlugins,
{
scanResults: [
{
facts: [
{ type: 'depGraph', data: {} },
{
type: 'dockerfileAnalysis',
data: {
dockerfilePackages: {
bzip2: {
instruction: 'RUN test instruction',
},
},
},
},
],
identity: {
type: 'deb',
},
target: {
image: 'docker-image|ubuntu',
},
},
],
},
t,
);

const vulns = require('../fixtures/docker/find-result-remediation.json');
params.server.setNextResponse(vulns);

try {
await params.cli.test('foo:latest', {
docker: true,
org: 'explicit-org',
});
t.fail('should have found vuln');
} catch (err) {
const msg = err.message;
t.match(msg, "Image layer: 'RUN test instruction'");
}
},

'`test foo:latest --docker with auto detected instructions`': (
params,
) => async (t) => {
stubDockerPluginResponse(
params.ecoSystemPlugins,
{
scanResults: [
{
facts: [
{ type: 'depGraph', data: {} },
{
type: 'autoDetectedUserInstructions',
data: {
dockerfilePackages: {
bzip2: {
instruction: 'RUN test instruction',
},
},
},
},
],
identity: {
type: 'deb',
},
target: {
image: 'docker-image|ubuntu',
},
},
],
},
t,
);

const vulns = require('../fixtures/docker/find-result-remediation.json');
params.server.setNextResponse(vulns);

try {
await params.cli.test('foo:latest', {
docker: true,
org: 'explicit-org',
});
t.fail('should have found vuln');
} catch (err) {
const msg = err.message;
t.match(msg, "Image layer: 'RUN test instruction'");
}
},

'`test --docker --file=Dockerfile --sarif `': (params, utils) => async (
t,
) => {
Expand Down

0 comments on commit 2e3237e

Please sign in to comment.