Scan.Status field is empty for successful analyzer scans using command package v3.3.0 and v3.3.1
Summary
Gracefully generate error reports in the comman... (gitlab-org/security-products/analyzers/command!70 - merged) • Julian Thome • 18.1 updated the command package so that analyzers always return a report and set the scan.status field as either success or failure. However, there's a breaking-change bug in the logic:
The old code used to set:
newReport.Scan.Status = report.StatusSuccessHowever, this new code only sets
errorReport.Scan.Statusif there's an error. If no error occurs, theScan.Statusfield is not set, however, this field is required, which causes a schema validation error, as shown in this failing integration test:1) running image with test project with ansible by default created report behaves like recorded report scan is equivalent Failure/Error: DEFAULT_FAILURE_NOTIFIER = lambda { |failure, _opts| raise failure } json atom at path "status" is missing Shared Example Group: "recorded report" called from ./spec/kics_image_spec.rb:86
Steps to reproduce
-
Upgrade any analyzer project to use either of the following command packages:
For example Update command from v3.2.0 to v3.3.1 (gitlab-org/security-products/analyzers/kics!165 - closed) • Adam Cohen • 18.3.
-
Perform a successful scan, and notice that the
scan.statusfield is empty.
Example Project
What is the current bug behavior?
The report scan.status field is empty when a successful scan is performed.
What is the expected correct behavior?
The report scan.status field is set to success when a successful scan is performed.
Possible fixes
Add another conditional to the code which sets the scan.status in the successful scenario.