fix(k8s): skip resources without misconfigs (#7797)

2025-12-05 20:40:16 -08:00 · 2024-10-31 07:14:56 +06:00
parent f2bb9c6227
commit 78827768a6
2 changed files with 43 additions and 1 deletions
--- a/pkg/k8s/report/report.go
+++ b/pkg/k8s/report/report.go
@@ -90,8 +90,13 @@ func (r Report) consolidate() ConsolidatedReport {
 	for _, m := range r.Resources {
 		if vulnerabilitiesOrSecretResource(m) {
 			vulnerabilities = append(vulnerabilities, m)
-		} else {
+		}
+		if misconfigsResource(m) {
+			res, ok := index[m.fullname()]
 			index[m.fullname()] = m
+			if ok {
+				index[m.fullname()].Results[0].Misconfigurations = append(index[m.fullname()].Results[0].Misconfigurations, res.Results[0].Misconfigurations...)
+			}
 		}
 	}

@@ -278,6 +283,10 @@ func vulnerabilitiesOrSecretResource(resource Resource) bool {
 	return len(resource.Results) > 0 && (len(resource.Results[0].Vulnerabilities) > 0 || len(resource.Results[0].Secrets) > 0)
 }

+func misconfigsResource(resource Resource) bool {
+	return len(resource.Results) > 0 && len(resource.Results[0].Misconfigurations) > 0
+}
+
 func nodeKind(resource Resource) Resource {
 	if nodeInfoResource(resource) {
 		resource.Kind = "Node"
--- a/pkg/k8s/report/report_test.go
+++ b/pkg/k8s/report/report_test.go
@@ -119,6 +119,23 @@ var (
 		},
 	}

+	orionDeployWithAnotherMisconfig = Resource{
+		Namespace: "default",
+		Kind:      "Deploy",
+		Name:      "orion",
+		Results: types.Results{
+			{
+				Misconfigurations: []types.DetectedMisconfiguration{
+					{
+						ID:       "ID201",
+						Status:   types.MisconfStatusFailure,
+						Severity: "HIGH",
+					},
+				},
+			},
+		},
+	}
+
 	image1WithVulns = Resource{
 		Namespace: "default",
 		Kind:      "Pod",
@@ -424,6 +441,10 @@ var (
 )

 func TestReport_consolidate(t *testing.T) {
+	concatenatedResource := orionDeployWithAnotherMisconfig
+	concatenatedResource.Results[0].Misconfigurations = append(concatenatedResource.Results[0].Misconfigurations,
+		deployOrionWithMisconfigs.Results[0].Misconfigurations...)
+
 	tests := []struct {
 		name             string
 		report           Report
@@ -471,6 +492,18 @@ func TestReport_consolidate(t *testing.T) {
 				"default/cronjob/hello": cronjobHelloWithVulns,
 			},
 		},
+		{
+			name: "report with misconfigs in image and pod",
+			report: Report{
+				Resources: []Resource{
+					deployOrionWithMisconfigs,
+					orionDeployWithAnotherMisconfig,
+				},
+			},
+			expectedFindings: map[string]Resource{
+				"default/deploy/orion": concatenatedResource,
+			},
+		},
 		{
 			name: "report with multi image pod containing vulnerabilities",
 			report: Report{