fix(cli): filter results from a vulnerability scan (#1367)

afiune · dmurray-lacework · web-flow · commit aae53da6b16a · 2023-08-30T10:34:33.000+01:00
* fix(cli): filter results from a vulnerability scan

Unfortunately, we applied some filters to the `show-assessment` command
but we forgot to apply them to our `scan` command.

Signed-off-by: Salim Afiune Maya &lt;afiune@lacework.net&gt;

* test: fix TestContainerVulnerabilityCommandsEndToEnd

Signed-off-by: Darren Murray &lt;darren.murray@lacework.net&gt;

* test: fix TestContainerVulnerabilityCommandsEndToEnd

Signed-off-by: Darren Murray &lt;darren.murray@lacework.net&gt;

---------

Signed-off-by: Salim Afiune Maya &lt;afiune@lacework.net&gt;
Signed-off-by: Darren Murray &lt;darren.murray@lacework.net&gt;
Co-authored-by: Darren Murray &lt;darren.murray@lacework.net&gt;
diff --git a/cli/cmd/vuln_container_scan.go b/cli/cmd/vuln_container_scan.go
@@ -272,6 +272,10 @@ func pollScanStatus(requestID string, args []string) error {
 			)
 		}
 
+		cli.Log.Infow("raw assessment", "data_points", len(assessment.Data))
+		filterContainerAssessmentByVulnerable(&assessment)
+		cli.Log.Infow("filtered assessment (status = vulnerable)", "data_points", len(assessment.Data))
+
 		if err := outputContainerVulnerabilityAssessment(assessment); err != nil {
 			return err
 		}
diff --git a/integration/container_vulnerability_test.go b/integration/container_vulnerability_test.go
@@ -276,7 +276,7 @@ func TestContainerVulnerabilityCommandsEndToEnd(t *testing.T) {
 	)
 	t.Run(fmt.Sprintf("run scan for %s/%s", registry, dirtyRepository), func(t *testing.T) {
 		out, err, exitcode = LaceworkCLIWithTOMLConfig(
-			"vulnerability", "container", "scan", registry, dirtyRepository, "latest", "--poll")
+			"vulnerability", "container", "scan", registry, dirtyRepository, "latest", "--poll", "--details")
 		assert.Empty(t,
 			err.String(),
 			"STDERR should be empty")
@@ -307,6 +307,9 @@ func TestContainerVulnerabilityCommandsEndToEnd(t *testing.T) {
 		"Info",
 	}
 
+	assert.NotContains(t, out.String(), "GOOD",
+		"STDOUT should not have vulnerabilities with status 'GOOD'")
+
 	t.Run("inspecting summary scan output/table", func(t *testing.T) {
 		assert.Contains(t, scanOutput,
 			"A new vulnerability scan has been requested. (request_id:",
@@ -315,9 +318,6 @@ func TestContainerVulnerabilityCommandsEndToEnd(t *testing.T) {
 			assert.Contains(t, scanOutput, str,
 				"STDOUT table does not contain the '"+str+"' output")
 		}
-		assert.Contains(t, scanOutput,
-			"Try adding '--details' to increase details shown about the vulnerability assessment.",
-			"STDOUT breadcrumbs changed, please update")
 	})
 
 	// extract the image id

Original file line number	Diff line number	Diff line change
`@@ -272,6 +272,10 @@ func pollScanStatus(requestID string, args []string) error {`
`272`	`272`	`)`
`273`	`273`	`}`
`274`	`274`
	`275`	`+ cli.Log.Infow("raw assessment", "data_points", len(assessment.Data))`
	`276`	`+ filterContainerAssessmentByVulnerable(&assessment)`
	`277`	`+ cli.Log.Infow("filtered assessment (status = vulnerable)", "data_points", len(assessment.Data))`
	`278`	`+`
`275`	`279`	`if err := outputContainerVulnerabilityAssessment(assessment); err != nil {`
`276`	`280`	`return err`
`277`	`281`	`}`