integrations: Update harbor for new payload format.

This commit is contained in:
Christopher Chong 2022-06-18 09:30:25 +00:00 committed by Tim Abbott
parent 76bff6e1ac
commit a8217c51de
6 changed files with 116 additions and 79 deletions

View File

@ -1,9 +1,10 @@
{
"type": "deleteImage",
"type": "DELETE_ARTIFACT",
"occur_at": 1571334977,
"event_data": {
"resources": [
{
"digest": "sha256:59856107563b1e1b2e48c8635e5cb44fa9b194f6a425e0b668917602213bb5b4",
"tag": "latest",
"resource_url": "harbor.example.com/example/test:latest"
}

View File

@ -1,5 +1,5 @@
{
"type": "pushImage",
"type": "PUSH_ARTIFACT",
"occur_at": 1571334632,
"event_data": {
"resources": [

View File

@ -1,54 +1,44 @@
{
"type": "scanningCompleted",
"occur_at": 1571341880,
"type": "SCANNING_COMPLETED",
"occur_at": 1648715576,
"operator": "auto",
"event_data": {
"resources": [
{
"digest": "sha256:d55414535f65d9b0ca180a9a591868c93d72e6f7d1de03a315215220e63e622e",
"tag": "latest",
"resource_url": "harbor.example.com/example/test:latest",
"digest": "sha256:b50334049354ed01330403212605dce2f4676a4e787ed113506861d9cf3c5424",
"tag": "3.8.1",
"resource_url": "harbor.xxx.xxxx.com/test/alpine/helm:3.8.1",
"scan_overview": {
"image_digest": "sha256:d55414535f65d9b0ca180a9a591868c93d72e6f7d1de03a315215220e63e622e",
"scan_status": "finished",
"job_id": 5,
"severity": 5,
"components": {
"total": 168,
"summary": [
{
"severity": 5,
"count": 12
},
{
"severity": 4,
"count": 16
},
{
"severity": 2,
"count": 2
},
{
"severity": 3,
"count": 7
},
{
"severity": 1,
"count": 131
"application/vnd.security.vulnerability.report; version=1.1": {
"report_id": "65e8a295-749c-44e2-93fe-2ebb49b9e51a",
"scan_status": "Success",
"severity": "High",
"duration": 3,
"summary": {
"total": 5,
"fixable": 5,
"summary": {
"High": 4,
"Unknown": 1
}
]
},
"details_key": "71ffc66d04c94f01d2990d7ae908f66e6266bc82e45fdffa12181ea521e3a30c",
"creation_time": "2019-10-17T19:50:10.728751Z",
"update_time": "2019-10-17T19:51:20.370425Z"
"start_time": "2022-03-31T08:32:53Z",
"end_time": "2022-03-31T08:32:56Z",
"scanner": {
"name": "Trivy",
"vendor": "Aqua Security",
"version": "v0.20.1"
},
"complete_percent": 100
}
}
}
],
"repository": {
"name": "test",
"namespace": "example",
"repo_full_name": "example/test",
"name": "alpine/helm",
"namespace": "test",
"repo_full_name": "test/alpine/helm",
"repo_type": "private"
}
},
"operator": "auto"
}
}

View File

@ -0,0 +1,41 @@
{
"type": "SCANNING_COMPLETED",
"occur_at": 1655522951,
"operator": "auto",
"event_data": {
"resources": [
{
"digest": "sha256:59856107563b1e1b2e48c8635e5cb44fa9b194f6a425e0b668917602213bb5b4",
"tag": "latest",
"resource_url": "demo.goharbor.io/test123/test-image:latest",
"scan_overview": {
"application/vnd.security.vulnerability.report; version=1.1": {
"report_id": "f316b072-38e4-41b1-a1da-91ec0b2e7767",
"scan_status": "Success",
"severity": "None",
"duration": 8,
"summary": {
"total": 0,
"fixable": 0,
"summary": {}
},
"start_time": "2022-06-18T03:29:03Z",
"end_time": "2022-06-18T03:29:11Z",
"scanner": {
"name": "Trivy",
"vendor": "Aqua Security",
"version": "v0.24.2"
},
"complete_percent": 100
}
}
}
],
"repository": {
"name": "test-image",
"namespace": "test123",
"repo_full_name": "test123/test-image",
"repo_type": "public"
}
}
}

View File

@ -22,16 +22,24 @@ class HarborHookTests(WebhookTestCase):
self.assert_json_success(result)
def test_scanning_completed(self) -> None:
expected_topic = "example/test"
expected_topic = "test/alpine/helm"
expected_message = """
Image scan completed for `example/test:latest`. Vulnerabilities by severity:
Image scan completed for `test/alpine/helm:3.8.1`. Vulnerabilities by severity:
* High: **12**
* Medium: **16**
* Low: **7**
* Unknown: **2**
* None: **131**
* High: **4**
* Unknown: **1**
""".strip()
self.check_webhook("scanning_completed", expected_topic, expected_message)
def test_scanning_completed_no_vulnerability(self) -> None:
expected_topic = "test123/test-image"
expected_message = """
Image scan completed for `test123/test-image:latest`. Vulnerabilities by severity:
None
""".strip()
self.check_webhook("scanning_completed_no_vulnerability", expected_topic, expected_message)

View File

@ -12,12 +12,12 @@ from zerver.lib.webhooks.common import check_send_webhook_message
from zerver.models import Realm, UserProfile
IGNORED_EVENTS = [
"downloadChart",
"deleteChart",
"uploadChart",
"pullImage",
"deleteImage",
"scanningFailed",
"DOWNLOAD_CHART",
"DELETE_CHART",
"UPLOAD_CHART",
"PULL_ARTIFACT",
"DELETE_ARTIFACT",
"SCANNING_FAILED",
]
@ -45,14 +45,6 @@ def handle_push_image_event(
return f"{operator_username} pushed image `{image_name}:{image_tag}`"
VULNERABILITY_SEVERITY_NAME_MAP = {
1: "None",
2: "Unknown",
3: "Low",
4: "Medium",
5: "High",
}
SCANNING_COMPLETED_TEMPLATE = """
Image scan completed for `{image_name}:{image_tag}`. Vulnerabilities by severity:
@ -64,12 +56,17 @@ def handle_scanning_completed_event(
payload: Dict[str, Any], user_profile: UserProfile, operator_username: str
) -> str:
scan_results = ""
scan_summaries = payload["event_data"]["resources"][0]["scan_overview"]["components"]["summary"]
summaries_sorted = sorted(scan_summaries, key=lambda x: x["severity"], reverse=True)
for scan_summary in summaries_sorted:
scan_results += "* {}: **{}**\n".format(
VULNERABILITY_SEVERITY_NAME_MAP[scan_summary["severity"]], scan_summary["count"]
)
scan_overview = payload["event_data"]["resources"][0]["scan_overview"]
if "application/vnd.security.vulnerability.report; version=1.1" not in scan_overview:
raise UnsupportedWebhookEventType("Unsupported harbor scanning webhook payload")
scan_summaries = scan_overview["application/vnd.security.vulnerability.report; version=1.1"][
"summary"
]["summary"]
if len(scan_summaries) > 0:
for severity, count in scan_summaries.items():
scan_results += "* {}: **{}**\n".format(severity, count)
else:
scan_results += "None\n"
return SCANNING_COMPLETED_TEMPLATE.format(
image_name=payload["event_data"]["repository"]["repo_full_name"],
@ -79,8 +76,8 @@ def handle_scanning_completed_event(
EVENT_FUNCTION_MAPPER = {
"pushImage": handle_push_image_event,
"scanningCompleted": handle_scanning_completed_event,
"PUSH_ARTIFACT": handle_push_image_event,
"SCANNING_COMPLETED": handle_scanning_completed_event,
}
ALL_EVENT_TYPES = list(EVENT_FUNCTION_MAPPER.keys())