diff --git a/dojo/tools/trivy_operator/checks_handler.py b/dojo/tools/trivy_operator/checks_handler.py index c866142e35..5a3888d478 100644 --- a/dojo/tools/trivy_operator/checks_handler.py +++ b/dojo/tools/trivy_operator/checks_handler.py @@ -18,15 +18,8 @@ class TrivyChecksHandler: - def handle_checks(self, labels, endpoint, service, checks, test): + def handle_checks(self, labels, endpoints, service, checks, test): findings = [] - resource_namespace = labels.get("trivy-operator.resource.namespace", "") - resource_kind = labels.get("trivy-operator.resource.kind", "") - resource_name = labels.get("trivy-operator.resource.name", "") - container_name = labels.get("trivy-operator.container.name", "") - service = f"{resource_namespace}/{resource_kind}/{resource_name}" - if container_name != "": - service = f"{service}/{container_name}" for check in checks: check_title = check.get("title") check_severity = TRIVY_SEVERITIES[check.get("severity")] @@ -68,8 +61,6 @@ def handle_checks(self, labels, endpoint, service, checks, test): service=service, mitigation=mitigation, ) - if resource_namespace != "": - finding.tags = resource_namespace if check_id: finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(check_id)] finding.unsaved_endpoints += endpoints diff --git a/dojo/tools/trivy_operator/secrets_handler.py b/dojo/tools/trivy_operator/secrets_handler.py index 0e5707a6a4..9d5ae667b0 100644 --- a/dojo/tools/trivy_operator/secrets_handler.py +++ b/dojo/tools/trivy_operator/secrets_handler.py @@ -11,19 +11,13 @@ SECRET_DESCRIPTION_TEMPLATE = """{title} **Category:** {category} **Match:** {match} +**ruleID:** {ruleID} """ class TrivySecretsHandler: - def handle_secrets(self, labels, endpoint, service, secrets, test): + def handle_secrets(self, labels, endpoints, service, secrets, test): findings = [] - resource_namespace = labels.get("trivy-operator.resource.namespace", "") - resource_kind = labels.get("trivy-operator.resource.kind", "") - resource_name = labels.get("trivy-operator.resource.name", "") - container_name = labels.get("trivy-operator.container.name", "") - service = f"{resource_namespace}/{resource_kind}/{resource_name}" - if container_name != "": - service = f"{service}/{container_name}" for secret in secrets: secret_title = secret.get("title") secret_category = secret.get("category") @@ -37,12 +31,8 @@ def handle_secrets(self, labels, endpoint, service, secrets, test): title=secret_title, category=secret_category, match=secret_match, + ruleID=secret_rule_id, ) - secret_description += "\n**container.name:** " + container_name - secret_description += "\n**resource.kind:** " + resource_kind - secret_description += "\n**resource.name:** " + resource_name - secret_description += "\n**resource.namespace:** " + resource_namespace - secret_description += "\n**ruleID:** " + secret_rule_id finding = Finding( test=test, title=title, @@ -54,8 +44,6 @@ def handle_secrets(self, labels, endpoint, service, secrets, test): dynamic_finding=False, service=service, ) - if resource_namespace != "": - finding.tags = resource_namespace if secret_rule_id: finding.unsaved_vulnerability_ids = [secret_rule_id] finding.unsaved_endpoints += endpoints diff --git a/dojo/tools/trivy_operator/vulnerability_handler.py b/dojo/tools/trivy_operator/vulnerability_handler.py index a2fe9059a1..34a2882604 100644 --- a/dojo/tools/trivy_operator/vulnerability_handler.py +++ b/dojo/tools/trivy_operator/vulnerability_handler.py @@ -18,15 +18,8 @@ class TrivyVulnerabilityHandler: - def handle_vulns(self, labels, endpoint, service, vulnerabilities, test): + def handle_vulns(self, labels, endpoints, service, vulnerabilities, test): findings = [] - resource_namespace = labels.get("trivy-operator.resource.namespace", "") - resource_kind = labels.get("trivy-operator.resource.kind", "") - resource_name = labels.get("trivy-operator.resource.name", "") - container_name = labels.get("trivy-operator.container.name", "") - service = f"{resource_namespace}/{resource_kind}/{resource_name}" - if container_name != "": - service = f"{service}/{container_name}" for vulnerability in vulnerabilities: vuln_id = vulnerability.get("vulnerabilityID", "0") severity = TRIVY_SEVERITIES[vulnerability.get("severity")] @@ -35,34 +28,6 @@ def handle_vulns(self, labels, endpoint, service, vulnerabilities, test): package_name = vulnerability.get("resource") package_version = vulnerability.get("installedVersion") cvssv3_score = vulnerability.get("score") - finding_tags = [resource_namespace] - target_target = None - target_class = None - package_path = None - - if vulnerability.get("packageType"): - package_type = vulnerability.get("packageType") - finding_tags.append(package_type) - - if vulnerability.get("class"): - target_class = vulnerability.get("class") - finding_tags.append(target_class) - - if vulnerability.get("packagePath"): - package_path = vulnerability.get("packagePath") - - if vulnerability.get("target"): - target_target = vulnerability.get("target") - - if target_class == "os-pkgs" or target_class == "lang-pkgs": - if package_path: - file_path = package_path - elif target_target: - file_path = target_target - else: - file_path = None - else: - file_path = None vuln_description = "no details" if len(vulnerability.get("description", "")) > 0: @@ -74,10 +39,6 @@ def handle_vulns(self, labels, endpoint, service, vulnerabilities, test): published_date=vulnerability.get("publishedDate"), description=vuln_description, ) - description += "\n**container.name:** " + container_name - description += "\n**resource.kind:** " + resource_kind - description += "\n**resource.name:** " + resource_name - description += "\n**resource.namespace:** " + resource_namespace title = f"{vuln_id} {package_name} {package_version}" finding = Finding( test=test, @@ -92,8 +53,6 @@ def handle_vulns(self, labels, endpoint, service, vulnerabilities, test): static_finding=True, dynamic_finding=False, service=service, - file_path=file_path, - tags=[tag for tag in finding_tags if tag != ""], ) if vuln_id: finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(vuln_id)]