Merge pull request #315 from snyk/feat/support-docker-binaries

feat: dedicated display docker binaries issues
snyk · Dec 26, 2018 · ee43b4a · ee43b4a
2 parents 3fece7c + c3f6b3f
commit ee43b4a
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 9 deletions.
diff --git a/src/cli/commands/test.js b/src/cli/commands/test.js
@@ -195,6 +195,7 @@ function summariseErrorResults(errorResults) {
 function displayResult(res, options) {
   var meta = metaForDisplay(res, options) + '\n\n';
   var dockerAdvice = dockerRemediationForDisplay(res);
+  var binariesIssues = binariesIssuesForDisplay(res);
   var packageManager = options.packageManager;
   var prefix = chalk.bold.white('\nTesting ' + options.path + '...\n\n');
 
@@ -235,6 +236,7 @@ function displayResult(res, options) {
     return (
       prefix + meta + summaryOKText + (
         isCI ? '' :
+          binariesIssues +
           dockerAdvice +
           nextStepsText +
           dockerSuggestion)
@@ -274,13 +276,11 @@ function displayResult(res, options) {
   if (options.docker &&
     !options.file &&
     (config.disableSuggestions !== 'true')) {
-    summary += chalk.bold.white('\n\nPro tip: use `--file` option to get base image remediation advice.' +
+    dockerSuggestion += chalk.bold.white('\n\nPro tip: use `--file` option to get base image remediation advice.' +
       `\nExample: $ snyk test --docker ${options.path} --file=path/to/Dockerfile` +
       '\n\nTo remove this message in the future, please run `snyk config set disableSuggestions=true`');
   }
 
-  summary += dockerSuggestion;
-
   var vulns = res.vulnerabilities || [];
   var groupedVulns = groupVulnerabilities(vulns);
   var sortedGroupedVulns = _.orderBy(
@@ -328,9 +328,9 @@ function displayResult(res, options) {
       vulnOutput.extraInfo
     );
   });
-
-  var body = groupedVulnInfoOutput.join('\n\n') + '\n\n' + meta + summary;
-  return prefix + body + dockerAdvice;
+  var body =
+    groupedVulnInfoOutput.join('\n\n') + '\n\n\n' + binariesIssues + '\n\n' + meta + summary;
+  return prefix + body + dockerAdvice + dockerSuggestion;
 };
 
 function createFixedInText(groupedVuln) {
@@ -523,6 +523,34 @@ function dockerRemediationForDisplay(res) {
   return '\n\n' + out.join('\n');
 }
 
+function binariesIssuesForDisplay(res) {
+  const issues = [];
+  const dockerRes = res.docker;
+  if (dockerRes && dockerRes.binariesVulns) {
+    const binariesVulns = dockerRes.binariesVulns;
+    for (const pkgInfo of _.values(binariesVulns.affectedPkgs)) {
+      issues.push(chalk.bold.white(
+        `------------ Detected ${_.values(pkgInfo.issues).length} vulnerabilities`+
+        ` for ${pkgInfo.pkg.name}@${pkgInfo.pkg.version} ------------`, '\n'));
+      for (const pkgIssue of _.values(pkgInfo.issues)) {
+        const issueID = pkgIssue.issueId;
+        const issueData = binariesVulns.issuesData[issueID];
+        const issueHeading = createSeverityBasedIssueHeading(
+          issueData.severity,
+          issueData.type,
+          issueData.packageName
+        );
+        issues.push(
+          issueHeading +
+          '\n  Description: ' + issueData.title +
+          '\n  Info: ' + chalk.underline(config.ROOT + '/vuln/' + issueID) + '\n'
+        );
+      }
+    }
+  }
+  return issues.join('\n');
+}
+
 function validateSeverityThreshold(severityThreshold) {
   return SEVERITIES
     .map(function (s) {

diff --git a/test/acceptance/cli.acceptance.test.ts b/test/acceptance/cli.acceptance.test.ts
@@ -1582,11 +1582,11 @@ test('`test foo:latest --docker with binaries`', async (t) => {
   };
   const spyPlugin = sinon.spy(plugin, 'inspect');
 
-   const loadPlugin = sinon.stub(plugins, 'loadPlugin');
+  const loadPlugin = sinon.stub(plugins, 'loadPlugin');
   loadPlugin.withArgs(sinon.match.any, sinon.match({docker: true})).returns(plugin);
   t.teardown(loadPlugin.restore);
 
-   const res = await cli.test('foo:latest', {
+  const res = await cli.test('foo:latest', {
     docker: true,
     org: 'explicit-org',
   });
@@ -1656,13 +1656,14 @@ test('`test foo:latest --docker with binaries vulnerabilities`', async (t) => {
     t.fail('should have found vuln');
   } catch (err) {
     const msg = err.message;
-    console.log(msg);
     t.match(msg, 'Tested 2 dependencies for known vulnerabilities, found 2 vulnerabilities');
     t.match(msg, 'From: bzip2/libbz2-1.0@1.0.6-8.1');
     t.match(msg, 'From: apt/libapt-pkg5.0@1.6.3ubuntu0.1 > bzip2/libbz2-1.0@1.0.6-8.1');
     t.match(msg, 'Info: http://localhost:12345/vuln/SNYK-UPSTREAM-NODE-72359');
     t.false(msg.includes('vulnerable paths'),
       'docker should not includes number of vulnerable paths');
+    t.match(msg, 'Detected 1 vulnerabilities for node@5.10.1');
+    t.match(msg, 'High severity vulnerability found in node');
   }
 });