analysis: set success when vulnerability is not of type Vulnerability

This commit will be used to solve #615 and other repositories in security step to show vulnerabilities but not fail the pipeline Signed-off-by: Ian Cardoso <ian.cardoso@zup.com.br>
ZupIT · Oct 1, 2021 · 613ba0e · 613ba0e
1 parent 36816d6
commit 613ba0e
Show file tree

Hide file tree

Showing 12 changed files with 70 additions and 137 deletions.
diff --git a/cmd/app/start/start.go b/cmd/app/start/start.go
@@ -20,6 +20,8 @@ import (
 	"os"
 	"strings"
 
+	"github.com/ZupIT/horusec/internal/controllers/printresults"
+
 	"github.com/ZupIT/horusec/internal/controllers/requirements"
 
 	"github.com/ZupIT/horusec/config"
@@ -38,7 +40,7 @@ import (
 //
 // Analyze returns the total of vulnerabilies founded on directory
 type Analyzer interface {
-	Analyze() (int, error)
+	Analyze() error
 }
 
 // Prompt is the interface that interact with use terminal prompt
@@ -303,28 +305,29 @@ func (s *Start) CreateStartCommand() *cobra.Command {
 }
 
 func (s *Start) runE(cmd *cobra.Command, _ []string) error {
-	totalVulns, err := s.startAnalysis(cmd)
+	err := s.startAnalysis(cmd)
 	if err != nil {
-		return err
-	}
-
-	if totalVulns > 0 && s.configs.ReturnErrorIfFoundVulnerability {
-		cmd.SetUsageFunc(func(command *cobra.Command) error {
+		if errors.Is(err, printresults.ErrorUnknownVulnerabilitiesFound) {
+			if s.configs.ReturnErrorIfFoundVulnerability {
+				cmd.SetUsageFunc(func(command *cobra.Command) error {
+					return nil
+				})
+				return errors.New("analysis finished with blocking vulnerabilities")
+			}
 			return nil
-		})
-
-		return errors.New("analysis finished with blocking vulnerabilities")
+		}
+		return err
 	}
 	return nil
 }
 
-func (s *Start) startAnalysis(cmd *cobra.Command) (totalVulns int, err error) {
+func (s *Start) startAnalysis(cmd *cobra.Command) error {
 	if err := s.askIfRunInDirectorySelected(s.isRunPromptQuestion(cmd)); err != nil {
 		logger.LogErrorWithLevel(messages.MsgErrorWhenAskDirToRun, err)
-		return 0, err
+		return err
 	}
 	if err := s.configsValidations(cmd); err != nil {
-		return 0, err
+		return err
 	}
 	return s.executeAnalysisDirectory()
 }
@@ -364,7 +367,7 @@ func (s *Start) isRunPromptQuestion(cmd *cobra.Command) bool {
 	return true
 }
 
-func (s *Start) executeAnalysisDirectory() (totalVulns int, err error) {
+func (s *Start) executeAnalysisDirectory() error {
 	if s.analyzer == nil {
 		s.analyzer = analyzer.NewAnalyzer(s.configs)
 	}

diff --git a/cmd/app/start/start_test.go b/cmd/app/start/start_test.go
@@ -22,6 +22,8 @@ import (
 	"os"
 	"testing"
 
+	"github.com/ZupIT/horusec/internal/controllers/printresults"
+
 	"github.com/google/uuid"
 
 	"github.com/spf13/cobra"
@@ -75,8 +77,7 @@ func TestStartCommand_Execute(t *testing.T) {
 		configs.WorkDir = &workdir.WorkDir{}
 
 		analyzerControllerMock := &analyzer.Mock{}
-		analyzerControllerMock.On("AnalysisDirectory").Return(0, nil)
-
+		analyzerControllerMock.On("AnalysisDirectory").Return(nil)
 		requirementsMock := &requirements.Mock{}
 		requirementsMock.On("ValidateDocker")
 
@@ -106,7 +107,7 @@ func TestStartCommand_Execute(t *testing.T) {
 		configs.WorkDir = &workdir.WorkDir{}
 
 		analyzerControllerMock := &analyzer.Mock{}
-		analyzerControllerMock.On("AnalysisDirectory").Return(0, nil)
+		analyzerControllerMock.On("AnalysisDirectory").Return(nil)
 
 		requirementsMock := &requirements.Mock{}
 		requirementsMock.On("ValidateDocker")
@@ -138,7 +139,7 @@ func TestStartCommand_Execute(t *testing.T) {
 		configs.WorkDir = &workdir.WorkDir{}
 
 		analyzerControllerMock := &analyzer.Mock{}
-		analyzerControllerMock.On("AnalysisDirectory").Return(10, nil)
+		analyzerControllerMock.On("AnalysisDirectory").Return(printresults.ErrorUnknownVulnerabilitiesFound)
 
 		requirementsMock := &requirements.Mock{}
 		requirementsMock.On("ValidateDocker")
@@ -170,7 +171,7 @@ func TestStartCommand_Execute(t *testing.T) {
 		configs.WorkDir = &workdir.WorkDir{}
 
 		analyzerControllerMock := &analyzer.Mock{}
-		analyzerControllerMock.On("AnalysisDirectory").Return(0, nil)
+		analyzerControllerMock.On("AnalysisDirectory").Return(nil)
 
 		requirementsMock := &requirements.Mock{}
 		requirementsMock.On("ValidateDocker")
@@ -202,7 +203,7 @@ func TestStartCommand_Execute(t *testing.T) {
 		configs.WorkDir = &workdir.WorkDir{}
 
 		analyzerControllerMock := &analyzer.Mock{}
-		analyzerControllerMock.On("AnalysisDirectory").Return(0, nil)
+		analyzerControllerMock.On("AnalysisDirectory").Return(nil)
 
 		requirementsMock := &requirements.Mock{}
 		requirementsMock.On("ValidateDocker")
@@ -235,7 +236,7 @@ func TestStartCommand_Execute(t *testing.T) {
 		configs.WorkDir = &workdir.WorkDir{}
 
 		analyzerControllerMock := &analyzer.Mock{}
-		analyzerControllerMock.On("AnalysisDirectory").Return(0, nil)
+		analyzerControllerMock.On("AnalysisDirectory").Return(nil)
 
 		requirementsMock := &requirements.Mock{}
 		requirementsMock.On("ValidateDocker")
@@ -269,7 +270,7 @@ func TestStartCommand_Execute(t *testing.T) {
 		configs.WorkDir = &workdir.WorkDir{}
 
 		analyzerControllerMock := &analyzer.Mock{}
-		analyzerControllerMock.On("AnalysisDirectory").Return(0, nil)
+		analyzerControllerMock.On("AnalysisDirectory").Return(nil)
 
 		requirementsMock := &requirements.Mock{}
 		requirementsMock.On("ValidateDocker")
@@ -303,7 +304,7 @@ func TestStartCommand_Execute(t *testing.T) {
 		configs.WorkDir = &workdir.WorkDir{}
 
 		analyzerControllerMock := &analyzer.Mock{}
-		analyzerControllerMock.On("AnalysisDirectory").Return(10, nil)
+		analyzerControllerMock.On("AnalysisDirectory").Return(nil)
 
 		requirementsMock := &requirements.Mock{}
 		requirementsMock.On("ValidateDocker")

diff --git a/go.mod b/go.mod
@@ -26,4 +26,5 @@ require (
 	github.com/spf13/cobra v1.2.1
 	github.com/spf13/viper v1.9.0
 	github.com/stretchr/testify v1.7.0
+	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -165,12 +165,8 @@ github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMx
 github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
 github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
 github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
-github.com/ZupIT/horusec-devkit v1.0.16 h1:MBO1RjochmJfrWYm0Jr6qC9c5x6t/5LwjVDhZvdzOnE=
-github.com/ZupIT/horusec-devkit v1.0.16/go.mod h1:SEzhqEWkXrJ5/N+tGfQVvIsBsuWaU0x0g7wVl6fqlmc=
 github.com/ZupIT/horusec-devkit v1.0.17 h1:j4KtyP3bV7eAWNZtk/2ZB9TIZYaD7QyUv0zRDPuKWiA=
 github.com/ZupIT/horusec-devkit v1.0.17/go.mod h1:wTsXrXTD1YrChTQEng8EvVg+zL9nMUIQkhUG85sQwuQ=
-github.com/ZupIT/horusec-engine v0.3.5 h1:RwjMuogcG/rO0UQ4Ci1qvmOOWDPW/W4bgCJQAZ1EnHg=
-github.com/ZupIT/horusec-engine v0.3.5/go.mod h1:8IoM2BGMJ7jHThgkTIWHD/S4YeEgLD0j3tsxy6nwyd0=
 github.com/ZupIT/horusec-engine v0.3.6 h1:m/kL9K8+OVAaYjagoDmNFFDEA3BnyJbcx0DfNYGyaDM=
 github.com/ZupIT/horusec-engine v0.3.6/go.mod h1:s3SZQ9gXXlEcIagEuopZJga+Dw6RBFWMD7Rh5A+tIys=
 github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
@@ -553,8 +549,6 @@ github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxm
 github.com/go-chi/cors v1.2.0/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-critic/go-critic v0.4.1/go.mod h1:7/14rZGnZbY6E38VEGk2kVhoq6itzc1E68facVDK23g=
 github.com/go-critic/go-critic v0.4.3/go.mod h1:j4O3D4RoIwRqlZw5jJpx0BNfXWWbpcJoKu5cYSe4YmQ=
-github.com/go-enry/go-enry/v2 v2.7.1 h1:WCqtfyteIz61GYk9lRVy8HblvIv4cP9GIiwm/6txCbU=
-github.com/go-enry/go-enry/v2 v2.7.1/go.mod h1:GVzIiAytiS5uT/QiuakK7TF1u4xDab87Y8V5EJRpsIQ=
 github.com/go-enry/go-enry/v2 v2.7.2 h1:IBtFo783PgL7oyd/TL1/8HQFMNzOAl4NaLPbzNOvbwM=
 github.com/go-enry/go-enry/v2 v2.7.2/go.mod h1:GVzIiAytiS5uT/QiuakK7TF1u4xDab87Y8V5EJRpsIQ=
 github.com/go-enry/go-oniguruma v1.2.1 h1:k8aAMuJfMrqm/56SG2lV9Cfti6tC4x8673aHCcBk+eo=
@@ -1649,10 +1643,10 @@ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
 golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20210920023735-84f357641f63 h1:kETrAMYZq6WVGPa8IIixL0CaEcIUNi+1WX7grUoi3y8=
 golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=

diff --git a/horusec-config.json b/horusec-config.json
@@ -22,23 +22,6 @@
   "horusecCliEnableGitHistoryAnalysis": false,
   "horusecCliEnableInformationSeverity": false,
   "horusecCliFalsePositiveHashes": [
-    "2eab7620998c54bcbdb1da9ad96f54c3b6ac7b5e0babbff8f502ec10594479ad",
-    "52ccbcd6c0d13a6af137ba7d5fc6c66a466f7e746256558550e660c82449851b",
-    "b9f0d3772a885673b4a968d21eb9c350d25aae332b7c1a9bf113b5af24704ff9",
-    "e8c6a9744859f048a44a4eb160ce0e22df524507a288cfbfcbfcdc26d2533c63",
-    "9c205ee4b31bea1254f4e8031958995912312a524105469cb49e757d59558496",
-    "3e64eb0ec371e5ef7d97adec60d3b94cb7dd5a1189951f2a45ed1827e6781d30",
-    "5fc8f08b377cdc0c92913da73a2d8d8acd85896993e04ae4c15e34ecb829d8b5",
-    "362a89c4517db256b648e9b1d21ddb0d99018e7c7b9f9b45d200ede54a49363d",
-    "06f6ce2402e20f1e885e5d59f66db4dde44dfdd2eaf821d86b1d066a707c9fff",
-    "85492fbc829b64336a4f858022fbe52f05e27ee18d7a8fbdf5ffd23991ebd7a9",
-    "36f41965e929e9763260c61451ce0a5ca572f8a1a8979390b7c694e54e3dce29",
-    "c25edc56029ba81e69515d3bca44fa5545af63cf841d8f219ac57fcd7cb95265",
-    "daf141d66c2b98a3c579726372fbd91957d3e51c00b3a6ec18e5b40ca98fcbe6",
-    "10415a9f27493234fc73226fd2697c7a4af6ae48bfa8b733ba8fb6693ed44f90",
-    "8ff7424e06c66ce6264da9c160de02d05c644672de9ec9420a9c1f6f7d632ea0",
-    "a49902aabb86572896df9baba7d15a5b6db7e968ccd59b88c371bccaefc8fcf2",
-    "f1721f8345e395a894e4341442a9e22c46eafc4fdf777a8d30ed1cf4f5ea22c1"
   ],
   "horusecCliFilesOrPathsToIgnore": [
     "**/e2e/**",
@@ -64,7 +47,6 @@
   "horusecCliRiskAcceptHashes": [],
   "horusecCliSeveritiesToIgnore": [],
   "horusecCliShowVulnerabilitiesTypes": [
-    "Vulnerability"
   ],
   "horusecCliTimeoutInSecondsAnalysis": 1000,
   "horusecCliTimeoutInSecondsRequest": 300,

diff --git a/internal/controllers/analyzer/analyzer.go b/internal/controllers/analyzer/analyzer.go
@@ -96,7 +96,7 @@ type LanguageDetect interface {
 //
 // Print print the results to stdout and return the total vulnerabilities that was printed.
 type PrintResults interface {
-	Print() (int, error)
+	Print() error
 	SetAnalysis(analysis *analysis.Analysis)
 }
 
@@ -137,11 +137,11 @@ func NewAnalyzer(cfg *config.Config) *Analyzer {
 	}
 }
 
-func (a *Analyzer) Analyze() (totalVulns int, err error) {
+func (a *Analyzer) Analyze() error {
 	a.removeTrashByInterruptProcess()
-	totalVulns, err = a.runAnalysis()
+	err := a.runAnalysis()
 	a.removeHorusecFolder()
-	return totalVulns, err
+	return err
 }
 
 func (a *Analyzer) removeTrashByInterruptProcess() {
@@ -163,16 +163,16 @@ func (a *Analyzer) removeHorusecFolder() {
 	}
 }
 
-func (a *Analyzer) runAnalysis() (totalVulns int, err error) {
+func (a *Analyzer) runAnalysis() error {
 	langs, err := a.languageDetect.Detect(a.config.ProjectPath)
 	if err != nil {
-		return 0, err
+		return err
 	}
 	a.startDetectVulnerabilities(langs)
 	return a.sendAnalysisAndStartPrintResults()
 }
 
-func (a *Analyzer) sendAnalysisAndStartPrintResults() (int, error) {
+func (a *Analyzer) sendAnalysisAndStartPrintResults() error {
 	a.formatAnalysisToSendToAPI()
 	a.horusec.SendAnalysis(a.analysis)
 	analysisSaved := a.horusec.GetAnalysis(a.analysis.ID)

diff --git a/internal/controllers/analyzer/analyzer_mock.go b/internal/controllers/analyzer/analyzer_mock.go
@@ -24,7 +24,7 @@ type Mock struct {
 	mock.Mock
 }
 
-func (m *Mock) Analyze() (int, error) {
+func (m *Mock) Analyze() error {
 	args := m.MethodCalled("AnalysisDirectory")
-	return args.Get(0).(int), utilsMock.ReturnNilOrError(args, 0)
+	return utilsMock.ReturnNilOrError(args, 0)
 }
diff --git a/internal/controllers/analyzer/analyzer_test.go b/internal/controllers/analyzer/analyzer_test.go
@@ -60,7 +60,7 @@ func BenchmarkAnalyzerAnalyze(b *testing.B) {
 	analyzer := NewAnalyzer(cfg)
 
 	for i := 0; i < b.N; i++ {
-		if _, err := analyzer.Analyze(); err != nil {
+		if err := analyzer.Analyze(); err != nil {
 			b.Fatalf("Unexepcted error to analyze on benchmark: %v\n", err)
 		}
 	}
@@ -98,7 +98,7 @@ func TestAnalyzer_AnalysisDirectory(t *testing.T) {
 		}, nil)
 
 		printResultMock := &printresults.Mock{}
-		printResultMock.On("StartPrintResults").Return(0, nil)
+		printResultMock.On("StartPrintResults").Return(nil)
 		printResultMock.On("SetAnalysis")
 
 		horusecAPIMock := &horusecAPI.Mock{}
@@ -129,9 +129,8 @@ func TestAnalyzer_AnalysisDirectory(t *testing.T) {
 		}
 
 		controller.analysis = &entitiesAnalysis.Analysis{ID: uuid.New()}
-		totalVulns, err := controller.Analyze()
+		err := controller.Analyze()
 		assert.NoError(t, err)
-		assert.Equal(t, 0, totalVulns)
 	})
 	t.Run("Should run all analysis with and send to server correctly", func(t *testing.T) {
 		configs := config.New()
@@ -156,7 +155,7 @@ func TestAnalyzer_AnalysisDirectory(t *testing.T) {
 		}, nil)
 
 		printResultMock := &printresults.Mock{}
-		printResultMock.On("StartPrintResults").Return(0, nil)
+		printResultMock.On("StartPrintResults").Return(nil)
 		printResultMock.On("SetAnalysis")
 
 		horusecAPIMock := &horusecAPI.Mock{}
@@ -187,9 +186,8 @@ func TestAnalyzer_AnalysisDirectory(t *testing.T) {
 		}
 
 		controller.analysis = &entitiesAnalysis.Analysis{ID: uuid.New()}
-		totalVulns, err := controller.Analyze()
+		err := controller.Analyze()
 		assert.NoError(t, err)
-		assert.Equal(t, 0, totalVulns)
 	})
 	t.Run("Should run error in language detect", func(t *testing.T) {
 		configs := config.New()
@@ -199,7 +197,7 @@ func TestAnalyzer_AnalysisDirectory(t *testing.T) {
 		languageDetectMock.On("LanguageDetect").Return([]languages.Language{}, errors.New("test"))
 
 		printResultMock := &printresults.Mock{}
-		printResultMock.On("StartPrintResults").Return(0, nil)
+		printResultMock.On("StartPrintResults").Return(nil)
 		printResultMock.On("SetAnalysis")
 
 		horusecAPIMock := &horusecAPI.Mock{}
@@ -230,8 +228,7 @@ func TestAnalyzer_AnalysisDirectory(t *testing.T) {
 		}
 
 		controller.analysis = &entitiesAnalysis.Analysis{ID: uuid.New()}
-		totalVulns, err := controller.Analyze()
+		err := controller.Analyze()
 		assert.Error(t, err)
-		assert.Equal(t, 0, totalVulns)
 	})
 }
diff --git a/internal/controllers/printresults/print_results.go b/internal/controllers/printresults/print_results.go
@@ -37,7 +37,8 @@ import (
 )
 
 var (
-	ErrOutputJSON = errors.New("{HORUSEC_CLI} error creating and/or writing to the specified file")
+	ErrOutputJSON                    = errors.New("{HORUSEC_CLI} error creating and/or writing to the specified file")
+	ErrorUnknownVulnerabilitiesFound = errors.New("unknown vulnerabilities found")
 )
 
 type SonarQubeConverter interface {
@@ -69,9 +70,9 @@ func (pr *PrintResults) SetAnalysis(entity *analysis.Analysis) {
 	pr.analysis = entity
 }
 
-func (pr *PrintResults) Print() (totalVulns int, err error) {
+func (pr *PrintResults) Print() error {
 	if err := pr.factoryPrintByType(); err != nil {
-		return 0, err
+		return err
 	}
 
 	pr.checkIfExistVulnerabilityOrNoSec()
@@ -82,9 +83,16 @@ func (pr *PrintResults) Print() (totalVulns int, err error) {
 		logger.LogWarnWithLevel(messages.MsgErrorTimeoutOccurs)
 	}
 
-	return pr.totalVulns, nil
+	return pr.checkIfHasUnkownVulnerabilities()
+}
+func (pr *PrintResults) checkIfHasUnkownVulnerabilities() error {
+	for i := range pr.analysis.AnalysisVulnerabilities {
+		if pr.analysis.AnalysisVulnerabilities[i].Vulnerability.Type == enumsVulnerability.Vulnerability {
+			return ErrorUnknownVulnerabilitiesFound
+		}
+	}
+	return nil
 }
-
 func (pr *PrintResults) factoryPrintByType() error {
 	switch {
 	case pr.configs.PrintOutputType == outputtype.JSON:

diff --git a/internal/controllers/printresults/print_results_mock.go b/internal/controllers/printresults/print_results_mock.go
@@ -25,9 +25,9 @@ type Mock struct {
 	mock.Mock
 }
 
-func (m *Mock) Print() (totalVulns int, err error) {
+func (m *Mock) Print() error {
 	args := m.MethodCalled("StartPrintResults")
-	return args.Get(0).(int), utilsMock.ReturnNilOrError(args, 0)
+	return utilsMock.ReturnNilOrError(args, 0)
 }
 
 func (m *Mock) SetAnalysis(analysis *entitiesAnalysis.Analysis) {