mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-23 15:37:50 -08:00
feat(aws): Add support to see successes in results (#4427)
Fixes: https://github.com/aquasecurity/trivy/discussions/4417 Signed-off-by: Simar <simar@linux.com>
This commit is contained in:
simar7
@@ -142,7 +142,12 @@ func Run(ctx context.Context, opt flag.Options) error {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
r := report.New(cloud.ProviderAWS, opt.Account, opt.Region, results.GetFailed(), opt.Services)
|
res := results.GetFailed()
|
||||||
|
if opt.MisconfOptions.IncludeNonFailures {
|
||||||
|
res = results
|
||||||
|
}
|
||||||
|
|
||||||
|
r := report.New(cloud.ProviderAWS, opt.Account, opt.Region, res, opt.Services)
|
||||||
if err := report.Write(r, opt, cached); err != nil {
|
if err := report.Write(r, opt, cached); err != nil {
|
||||||
return fmt.Errorf("unable to write results: %w", err)
|
return fmt.Errorf("unable to write results: %w", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -76,6 +76,7 @@ func Test_Run(t *testing.T) {
|
|||||||
CloudOptions: flag.CloudOptions{
|
CloudOptions: flag.CloudOptions{
|
||||||
MaxCacheAge: time.Hour * 24 * 365 * 100,
|
MaxCacheAge: time.Hour * 24 * 365 * 100,
|
||||||
},
|
},
|
||||||
|
MisconfOptions: flag.MisconfOptions{IncludeNonFailures: true},
|
||||||
},
|
},
|
||||||
cacheContent: exampleS3Cache,
|
cacheContent: exampleS3Cache,
|
||||||
want: `{
|
want: `{
|
||||||
@@ -99,7 +100,7 @@ func Test_Run(t *testing.T) {
|
|||||||
"Class": "config",
|
"Class": "config",
|
||||||
"Type": "cloud",
|
"Type": "cloud",
|
||||||
"MisconfSummary": {
|
"MisconfSummary": {
|
||||||
"Successes": 0,
|
"Successes": 1,
|
||||||
"Failures": 9,
|
"Failures": 9,
|
||||||
"Exceptions": 0
|
"Exceptions": 0
|
||||||
},
|
},
|
||||||
@@ -272,6 +273,29 @@ func Test_Run(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"Type": "AWS",
|
||||||
|
"ID": "AVD-AWS-0092",
|
||||||
|
"AVDID": "AVD-AWS-0092",
|
||||||
|
"Title": "S3 Buckets not publicly accessible through ACL.",
|
||||||
|
"Description": "Buckets should not have ACLs that allow public access",
|
||||||
|
"Resolution": "Don't use canned ACLs or switch to private acl",
|
||||||
|
"Severity": "HIGH",
|
||||||
|
"PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0092",
|
||||||
|
"References": [
|
||||||
|
"https://avd.aquasec.com/misconfig/avd-aws-0092"
|
||||||
|
],
|
||||||
|
"Status": "PASS",
|
||||||
|
"Layer": {},
|
||||||
|
"CauseMetadata": {
|
||||||
|
"Resource": "arn:aws:s3:::examplebucket",
|
||||||
|
"Provider": "aws",
|
||||||
|
"Service": "s3",
|
||||||
|
"Code": {
|
||||||
|
"Lines": null
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"Type": "AWS",
|
"Type": "AWS",
|
||||||
"ID": "AVD-AWS-0093",
|
"ID": "AVD-AWS-0093",
|
||||||
@@ -327,7 +351,7 @@ func Test_Run(t *testing.T) {
|
|||||||
`,
|
`,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "custom rego rule",
|
name: "custom rego rule with passed results",
|
||||||
options: flag.Options{
|
options: flag.Options{
|
||||||
AWSOptions: flag.AWSOptions{
|
AWSOptions: flag.AWSOptions{
|
||||||
Region: "us-east-1",
|
Region: "us-east-1",
|
||||||
@@ -347,6 +371,7 @@ func Test_Run(t *testing.T) {
|
|||||||
},
|
},
|
||||||
SkipPolicyUpdate: true,
|
SkipPolicyUpdate: true,
|
||||||
},
|
},
|
||||||
|
MisconfOptions: flag.MisconfOptions{IncludeNonFailures: true},
|
||||||
},
|
},
|
||||||
regoPolicy: `# METADATA
|
regoPolicy: `# METADATA
|
||||||
# title: No example buckets
|
# title: No example buckets
|
||||||
@@ -390,7 +415,7 @@ deny[res] {
|
|||||||
"Class": "config",
|
"Class": "config",
|
||||||
"Type": "cloud",
|
"Type": "cloud",
|
||||||
"MisconfSummary": {
|
"MisconfSummary": {
|
||||||
"Successes": 0,
|
"Successes": 1,
|
||||||
"Failures": 10,
|
"Failures": 10,
|
||||||
"Exceptions": 0
|
"Exceptions": 0
|
||||||
},
|
},
|
||||||
@@ -563,6 +588,29 @@ deny[res] {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"Type": "AWS",
|
||||||
|
"ID": "AVD-AWS-0092",
|
||||||
|
"AVDID": "AVD-AWS-0092",
|
||||||
|
"Title": "S3 Buckets not publicly accessible through ACL.",
|
||||||
|
"Description": "Buckets should not have ACLs that allow public access",
|
||||||
|
"Resolution": "Don't use canned ACLs or switch to private acl",
|
||||||
|
"Severity": "HIGH",
|
||||||
|
"PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0092",
|
||||||
|
"References": [
|
||||||
|
"https://avd.aquasec.com/misconfig/avd-aws-0092"
|
||||||
|
],
|
||||||
|
"Status": "PASS",
|
||||||
|
"Layer": {},
|
||||||
|
"CauseMetadata": {
|
||||||
|
"Resource": "arn:aws:s3:::examplebucket",
|
||||||
|
"Provider": "aws",
|
||||||
|
"Service": "s3",
|
||||||
|
"Code": {
|
||||||
|
"Lines": null
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"Type": "AWS",
|
"Type": "AWS",
|
||||||
"ID": "AVD-AWS-0093",
|
"ID": "AVD-AWS-0093",
|
||||||
|
|||||||
@@ -64,7 +64,10 @@ func Write(rep *Report, opt flag.Options, fromCache bool) error {
|
|||||||
for _, resultsAtTime := range rep.Results {
|
for _, resultsAtTime := range rep.Results {
|
||||||
for _, res := range resultsAtTime.Results {
|
for _, res := range resultsAtTime.Results {
|
||||||
resCopy := res
|
resCopy := res
|
||||||
if err := result.FilterResult(ctx, &resCopy, result.FilterOption{Severities: opt.Severities}); err != nil {
|
if err := result.FilterResult(ctx, &resCopy, result.FilterOption{
|
||||||
|
Severities: opt.Severities,
|
||||||
|
IncludeNonFailures: opt.IncludeNonFailures,
|
||||||
|
}); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
sort.Slice(resCopy.Misconfigurations, func(i, j int) bool {
|
sort.Slice(resCopy.Misconfigurations, func(i, j int) bool {
|
||||||
|
|||||||
Reference in New Issue
Block a user