Skip to content

Commit

Permalink
fix(osv-github-action): If all vulnerabilities are not called, don't …
Browse files Browse the repository at this point in the history 
…return an non zero exit code in osv-reporter (#1152)

If all vulnerabilities are not called, don't return an non zero exit
code in osv-reporter.
  • Loading branch information
@another-rex
another-rex authored Jul 31, 2024
1 parent 6a05a02 commit 7668bd5
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
11 changes: 10 additions & 1 deletion cmd/osv-reporter/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,8 +172,17 @@ func run(args []string, stdout, stderr io.Writer) int {
// Default to true, only false when explicitly set to false
failOnVuln := !context.IsSet("fail-on-vuln") || context.Bool("fail-on-vuln")

// Check if any is *not* called
anyIsCalled := false
for _, vuln := range diffVulns.Flatten() {
if vuln.GroupInfo.IsCalled() {
anyIsCalled = true
break
}
}

// if vulnerability exists it should return error
if len(diffVulns.Results) > 0 && failOnVuln {
if len(diffVulns.Results) > 0 && failOnVuln && anyIsCalled {
return osvscanner.VulnerabilitiesFoundErr
}

Expand Down
6 changes: 6 additions & 0 deletions cmd/osv-scanner/__snapshots__/main_test.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1921,6 +1921,7 @@ Scanning image ../../internal/image/fixtures/test-node_modules-npm-empty.tar
| https://osv.dev/CVE-2023-42363 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-npm-empty.tar:/lib/apk/db/installed |
| https://osv.dev/CVE-2023-42364 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-npm-empty.tar:/lib/apk/db/installed |
| https://osv.dev/CVE-2023-42365 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-npm-empty.tar:/lib/apk/db/installed |
| https://osv.dev/CVE-2023-42366 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-npm-empty.tar:/lib/apk/db/installed |
+--------------------------------+------+--------------+---------+------------+-------------------------------------------------------------------------------------+

---
Expand All @@ -1937,6 +1938,7 @@ Scanning image ../../internal/image/fixtures/test-node_modules-npm-full.tar
| https://osv.dev/CVE-2023-42363 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-npm-full.tar:/lib/apk/db/installed |
| https://osv.dev/CVE-2023-42364 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-npm-full.tar:/lib/apk/db/installed |
| https://osv.dev/CVE-2023-42365 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-npm-full.tar:/lib/apk/db/installed |
| https://osv.dev/CVE-2023-42366 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-npm-full.tar:/lib/apk/db/installed |
| https://osv.dev/GHSA-38f5-ghc2-fcmv | 9.8 | npm | cryo | 0.0.6 | ../../internal/image/fixtures/test-node_modules-npm-full.tar:/usr/app/node_modules/.package-lock.json |
| https://osv.dev/GHSA-vh95-rmgr-6w4m | 5.6 | npm | minimist | 0.0.8 | ../../internal/image/fixtures/test-node_modules-npm-full.tar:/usr/app/node_modules/.package-lock.json |
| https://osv.dev/GHSA-xvch-5gv4-984h | 9.8 | npm | minimist | 0.0.8 | ../../internal/image/fixtures/test-node_modules-npm-full.tar:/usr/app/node_modules/.package-lock.json |
Expand All @@ -1956,6 +1958,7 @@ Scanning image ../../internal/image/fixtures/test-node_modules-pnpm-empty.tar
| https://osv.dev/CVE-2023-42363 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-pnpm-empty.tar:/lib/apk/db/installed |
| https://osv.dev/CVE-2023-42364 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-pnpm-empty.tar:/lib/apk/db/installed |
| https://osv.dev/CVE-2023-42365 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-pnpm-empty.tar:/lib/apk/db/installed |
| https://osv.dev/CVE-2023-42366 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-pnpm-empty.tar:/lib/apk/db/installed |
+--------------------------------+------+--------------+---------+------------+--------------------------------------------------------------------------------------+

---
Expand All @@ -1972,6 +1975,7 @@ Scanning image ../../internal/image/fixtures/test-node_modules-pnpm-full.tar
| https://osv.dev/CVE-2023-42363 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-pnpm-full.tar:/lib/apk/db/installed |
| https://osv.dev/CVE-2023-42364 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-pnpm-full.tar:/lib/apk/db/installed |
| https://osv.dev/CVE-2023-42365 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-pnpm-full.tar:/lib/apk/db/installed |
| https://osv.dev/CVE-2023-42366 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-pnpm-full.tar:/lib/apk/db/installed |
+--------------------------------+------+--------------+---------+------------+-------------------------------------------------------------------------------------+

---
Expand All @@ -1988,6 +1992,7 @@ Scanning image ../../internal/image/fixtures/test-node_modules-yarn-empty.tar
| https://osv.dev/CVE-2023-42363 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-yarn-empty.tar:/lib/apk/db/installed |
| https://osv.dev/CVE-2023-42364 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-yarn-empty.tar:/lib/apk/db/installed |
| https://osv.dev/CVE-2023-42365 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-yarn-empty.tar:/lib/apk/db/installed |
| https://osv.dev/CVE-2023-42366 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-yarn-empty.tar:/lib/apk/db/installed |
+--------------------------------+------+--------------+---------+------------+--------------------------------------------------------------------------------------+

---
Expand All @@ -2004,6 +2009,7 @@ Scanning image ../../internal/image/fixtures/test-node_modules-yarn-full.tar
| https://osv.dev/CVE-2023-42363 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-yarn-full.tar:/lib/apk/db/installed |
| https://osv.dev/CVE-2023-42364 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-yarn-full.tar:/lib/apk/db/installed |
| https://osv.dev/CVE-2023-42365 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-yarn-full.tar:/lib/apk/db/installed |
| https://osv.dev/CVE-2023-42366 | 5.5 | Alpine:v3.19 | busybox | 1.36.1-r15 | ../../internal/image/fixtures/test-node_modules-yarn-full.tar:/lib/apk/db/installed |
+--------------------------------+------+--------------+---------+------------+-------------------------------------------------------------------------------------+

---
Expand Down

0 comments on commit 7668bd5

Please sign in to comment.