tools: trivy_operator: fix Trivy operator findings description and me…

…tadata after questionable upstream changes
netceteragroup · Nov 26, 2024 · f67fa4a · f67fa4a
1 parent 78c317c
commit f67fa4a
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 67 deletions.
diff --git a/dojo/tools/trivy_operator/checks_handler.py b/dojo/tools/trivy_operator/checks_handler.py
@@ -18,15 +18,8 @@
 
 
 class TrivyChecksHandler:
-    def handle_checks(self, labels, endpoint, service, checks, test):
+    def handle_checks(self, labels, endpoints, service, checks, test):
         findings = []
-        resource_namespace = labels.get("trivy-operator.resource.namespace", "")
-        resource_kind = labels.get("trivy-operator.resource.kind", "")
-        resource_name = labels.get("trivy-operator.resource.name", "")
-        container_name = labels.get("trivy-operator.container.name", "")
-        service = f"{resource_namespace}/{resource_kind}/{resource_name}"
-        if container_name != "":
-            service = f"{service}/{container_name}"
         for check in checks:
             check_title = check.get("title")
             check_severity = TRIVY_SEVERITIES[check.get("severity")]
@@ -68,8 +61,6 @@ def handle_checks(self, labels, endpoint, service, checks, test):
                 service=service,
                 mitigation=mitigation,
             )
-            if resource_namespace != "":
-                finding.tags = resource_namespace
             if check_id:
                 finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(check_id)]
             finding.unsaved_endpoints += endpoints

diff --git a/dojo/tools/trivy_operator/secrets_handler.py b/dojo/tools/trivy_operator/secrets_handler.py
@@ -11,19 +11,13 @@
 SECRET_DESCRIPTION_TEMPLATE = """{title}
 **Category:** {category}
 **Match:** {match}
+**ruleID:** {ruleID}
 """
 
 
 class TrivySecretsHandler:
-    def handle_secrets(self, labels, endpoint, service, secrets, test):
+    def handle_secrets(self, labels, endpoints, service, secrets, test):
         findings = []
-        resource_namespace = labels.get("trivy-operator.resource.namespace", "")
-        resource_kind = labels.get("trivy-operator.resource.kind", "")
-        resource_name = labels.get("trivy-operator.resource.name", "")
-        container_name = labels.get("trivy-operator.container.name", "")
-        service = f"{resource_namespace}/{resource_kind}/{resource_name}"
-        if container_name != "":
-            service = f"{service}/{container_name}"
         for secret in secrets:
             secret_title = secret.get("title")
             secret_category = secret.get("category")
@@ -37,12 +31,8 @@ def handle_secrets(self, labels, endpoint, service, secrets, test):
                 title=secret_title,
                 category=secret_category,
                 match=secret_match,
+                ruleID=secret_rule_id,
             )
-            secret_description += "\n**container.name:** " + container_name
-            secret_description += "\n**resource.kind:** " + resource_kind
-            secret_description += "\n**resource.name:** " + resource_name
-            secret_description += "\n**resource.namespace:** " + resource_namespace
-            secret_description += "\n**ruleID:** " + secret_rule_id
             finding = Finding(
                 test=test,
                 title=title,
@@ -54,8 +44,6 @@ def handle_secrets(self, labels, endpoint, service, secrets, test):
                 dynamic_finding=False,
                 service=service,
             )
-            if resource_namespace != "":
-                finding.tags = resource_namespace
             if secret_rule_id:
                 finding.unsaved_vulnerability_ids = [secret_rule_id]
             finding.unsaved_endpoints += endpoints

diff --git a/dojo/tools/trivy_operator/vulnerability_handler.py b/dojo/tools/trivy_operator/vulnerability_handler.py
@@ -18,15 +18,8 @@
 
 
 class TrivyVulnerabilityHandler:
-    def handle_vulns(self, labels, endpoint, service, vulnerabilities, test):
+    def handle_vulns(self, labels, endpoints, service, vulnerabilities, test):
         findings = []
-        resource_namespace = labels.get("trivy-operator.resource.namespace", "")
-        resource_kind = labels.get("trivy-operator.resource.kind", "")
-        resource_name = labels.get("trivy-operator.resource.name", "")
-        container_name = labels.get("trivy-operator.container.name", "")
-        service = f"{resource_namespace}/{resource_kind}/{resource_name}"
-        if container_name != "":
-            service = f"{service}/{container_name}"
         for vulnerability in vulnerabilities:
             vuln_id = vulnerability.get("vulnerabilityID", "0")
             severity = TRIVY_SEVERITIES[vulnerability.get("severity")]
@@ -35,34 +28,6 @@ def handle_vulns(self, labels, endpoint, service, vulnerabilities, test):
             package_name = vulnerability.get("resource")
             package_version = vulnerability.get("installedVersion")
             cvssv3_score = vulnerability.get("score")
-            finding_tags = [resource_namespace]
-            target_target = None
-            target_class = None
-            package_path = None
-
-            if vulnerability.get("packageType"):
-                package_type = vulnerability.get("packageType")
-                finding_tags.append(package_type)
-
-            if vulnerability.get("class"):
-                target_class = vulnerability.get("class")
-                finding_tags.append(target_class)
-
-            if vulnerability.get("packagePath"):
-                package_path = vulnerability.get("packagePath")
-
-            if vulnerability.get("target"):
-                target_target = vulnerability.get("target")
-
-            if target_class == "os-pkgs" or target_class == "lang-pkgs":
-                if package_path:
-                    file_path = package_path
-                elif target_target:
-                    file_path = target_target
-                else:
-                    file_path = None
-            else:
-                file_path = None
 
             vuln_description = "no details"
             if len(vulnerability.get("description", "")) > 0:
@@ -74,10 +39,6 @@ def handle_vulns(self, labels, endpoint, service, vulnerabilities, test):
                 published_date=vulnerability.get("publishedDate"),
                 description=vuln_description,
             )
-            description += "\n**container.name:** " + container_name
-            description += "\n**resource.kind:** " + resource_kind
-            description += "\n**resource.name:** " + resource_name
-            description += "\n**resource.namespace:** " + resource_namespace
             title = f"{vuln_id} {package_name} {package_version}"
             finding = Finding(
                 test=test,
@@ -92,8 +53,6 @@ def handle_vulns(self, labels, endpoint, service, vulnerabilities, test):
                 static_finding=True,
                 dynamic_finding=False,
                 service=service,
-                file_path=file_path,
-                tags=[tag for tag in finding_tags if tag != ""],
             )
             if vuln_id:
                 finding.unsaved_vulnerability_ids = [UniformTrivyVulnID().return_uniformed_vulnid(vuln_id)]