fix(k8s): check all results for vulnerabilities (#7946)

aquasecurity · Nov 20, 2024 · 797b36f · 797b36f
1 parent 516e7cb
commit 797b36f
Show file tree

Hide file tree

Showing 2 changed files with 74 additions and 1 deletion.
diff --git a/pkg/k8s/report/report.go b/pkg/k8s/report/report.go
@@ -280,7 +280,12 @@ func shouldAddToReport(scanners types.Scanners) bool {
 }
 
 func vulnerabilitiesOrSecretResource(resource Resource) bool {
-	return len(resource.Results) > 0 && (len(resource.Results[0].Vulnerabilities) > 0 || len(resource.Results[0].Secrets) > 0)
+	for _, result := range resource.Results {
+		if len(result.Vulnerabilities) > 0 || len(resource.Results[0].Secrets) > 0 {
+			return true
+		}
+	}
+	return false
 }
 
 func misconfigsResource(resource Resource) bool {

diff --git a/pkg/k8s/report/report_test.go b/pkg/k8s/report/report_test.go
@@ -118,6 +118,58 @@ var (
 			},
 		},
 	}
+	deployOrionWithThirdVulns = Resource{
+		Namespace: "default",
+		Kind:      "Deploy",
+		Name:      "orion",
+		Metadata: []types.Metadata{
+			{
+				ImageID: "123",
+				RepoTags: []string{
+					"alpine:3.14",
+				},
+				RepoDigests: []string{
+					"alpine:3.14@sha256:8fe1727132b2506c17ba0e1f6a6ed8a016bb1f5735e43b2738cd3fd1979b6260",
+				},
+			},
+		},
+		Results: types.Results{
+			{},
+			{},
+			{
+				Vulnerabilities: []types.DetectedVulnerability{
+					{
+						VulnerabilityID: "CVE-2022-1111",
+						Vulnerability:   dbTypes.Vulnerability{Severity: "LOW"},
+					},
+					{
+						VulnerabilityID: "CVE-2022-2222",
+						Vulnerability:   dbTypes.Vulnerability{Severity: "MEDIUM"},
+					},
+					{
+						VulnerabilityID: "CVE-2022-3333",
+						Vulnerability:   dbTypes.Vulnerability{Severity: "HIGH"},
+					},
+					{
+						VulnerabilityID: "CVE-2022-4444",
+						Vulnerability:   dbTypes.Vulnerability{Severity: "CRITICAL"},
+					},
+					{
+						VulnerabilityID: "CVE-2022-5555",
+						Vulnerability:   dbTypes.Vulnerability{Severity: "UNKNOWN"},
+					},
+					{
+						VulnerabilityID: "CVE-2022-6666",
+						Vulnerability:   dbTypes.Vulnerability{Severity: "CRITICAL"},
+					},
+					{
+						VulnerabilityID: "CVE-2022-7777",
+						Vulnerability:   dbTypes.Vulnerability{Severity: "MEDIUM"},
+					},
+				},
+			},
+		},
+	}
 
 	orionDeployWithAnotherMisconfig = Resource{
 		Namespace: "default",
@@ -492,6 +544,17 @@ func TestReport_consolidate(t *testing.T) {
 				"default/cronjob/hello": cronjobHelloWithVulns,
 			},
 		},
+		{
+			name: "report with vulnerabilities in the third result",
+			report: Report{
+				Resources: []Resource{
+					deployOrionWithThirdVulns,
+				},
+			},
+			expectedFindings: map[string]Resource{
+				"default/deploy/orion": deployOrionWithThirdVulns,
+			},
+		},
 		{
 			name: "report with misconfigs in image and pod",
 			report: Report{
@@ -521,6 +584,11 @@ func TestReport_consolidate(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			consolidateReport := tt.report.consolidate()
+
+			if len(consolidateReport.Findings) != len(tt.expectedFindings) {
+				t.Errorf("expected %d findings, got %d", len(tt.expectedFindings), len(consolidateReport.Findings))
+			}
+
 			for _, f := range consolidateReport.Findings {
 				key := f.fullname()