Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add oracle support #706

Merged
merged 30 commits into from
Jul 29, 2024
Merged

feat: add oracle support #706

merged 30 commits into from
Jul 29, 2024

Conversation

MiahaCybersec
Copy link
Contributor

Closes #190

Did we want to add some docs that Oracle is only supported without a vulnerability scan?

Add Oracle support
062850e 
Signed-off-by: Miaha Cybersec <[email protected]>
@codecov Codecov
Copy link

codecov bot commented Jul 17, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 42.85714% with 4 lines in your changes missing coverage. Please review.

Project coverage is 34.21%. Comparing base (473202f) to head (fc5d70f).
Report is 1 commits behind head on main.

Files Patch % Lines
pkg/pkgmgr/rpm.go 0.00% 4 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #706      +/-   ##
==========================================
- Coverage   34.22%   34.21%   -0.01%     
==========================================
  Files          18       18              
  Lines        1578     1584       +6     
==========================================
+ Hits          540      542       +2     
- Misses       1007     1011       +4     
  Partials       31       31

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@sozercan
Copy link
Member

sozercan commented Jul 18, 2024
edited
Loading

can we fast fail if scanner input is specified with a descriptive error message?

yes please add to docs. thanks!

Miaha Cybersec and others added 4 commits July 24, 2024 09:22
ashnamehrotra
ashnamehrotra reviewed Jul 24, 2024
View reviewed changes
pkg/pkgmgr/rpm.go Outdated Show resolved Hide resolved
@MiahaCybersec @ashnamehrotra
Update pkg/pkgmgr/rpm.go
3ffc33a 
Co-authored-by: Ashna Mehrotra <[email protected]>
Signed-off-by: Miaha <[email protected]>
@ashnamehrotra
Copy link
Contributor

@MiahaCybersec for codecov coverage, maybe we can modify the getOSType() to check for Oracle?

Miaha Cybersec added 2 commits July 24, 2024 18:10
Miaha Cybersec added 9 commits July 25, 2024 10:00
Refactor error handling for Oracle image detection, golangci-lint
e7bef01 
Signed-off-by: Miaha Cybersec <[email protected]>
Refactor error handling for Oracle image detection
21bab9c 
Signed-off-by: Miaha Cybersec <[email protected]>
Refactor error handling
e71f29e 
Signed-off-by: Miaha Cybersec <[email protected]>
Remove unused check
26db502 
Signed-off-by: Miaha Cybersec <[email protected]>
Undo previous commit
b39a923 
Signed-off-by: Miaha Cybersec <[email protected]>
Update assertion message in patch test
d710887 
Signed-off-by: Miaha Cybersec <[email protected]>
Update assertion message in patch test
4b3ac81 
Signed-off-by: Miaha Cybersec <[email protected]>
Update assertion logic
78297de 
Signed-off-by: Miaha Cybersec <[email protected]>
Enhance Oracle image error message in patch test
d76f01a 
Signed-off-by: Miaha Cybersec <[email protected]>
sozercan
sozercan reviewed Jul 29, 2024
View reviewed changes
website/docs/troubleshooting.md Outdated
With a vulnerability scan, `--ignore-errors` must be passed in:

```bash
patch -r /oracle-7.9-vulns.json -i docker.io/library/oraclelinux:7.9 --ignore-errors
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

copa patch?

Copy link
Member

@sozercan sozercan Jul 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i don't think this is going to patch all vulns, is that right? can we add a note or should we fail completely (including ignore-errors) for vuln report scenarios?

Copy link
Contributor Author

@MiahaCybersec MiahaCybersec Jul 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is referring to copa patch.

This will patch all vulnerabilities, but --ignore-errors must be passed in due to how Oracle handles CVEs.

Even if an Oracle image is fully patched, Trivy scans will complain about _fips. This is known upstream but has unfortunately remained unfixed for a couple years.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can add a note that this will patch all errors aside from the false positives due to Oracle CVE

sozercan
sozercan reviewed Jul 29, 2024
View reviewed changes
website/docs/troubleshooting.md Outdated
Without a vulnerability scan, Copa will update all packages in the image:

```bash
patch -i docker.io/library/oraclelinux:7.9
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

copa patch?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would be referencing copa patch

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets change it to copa patch to be consistent with other parts of the doc and avoid confusion

website/docs/troubleshooting.md Outdated
With a vulnerability scan, `--ignore-errors` must be passed in:

```bash
patch -r /oracle-7.9-vulns.json -i docker.io/library/oraclelinux:7.9 --ignore-errors
Copy link
Member

@sozercan sozercan Jul 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i don't think this is going to patch all vulns, is that right? can we add a note or should we fail completely (including ignore-errors) for vuln report scenarios?

Miaha Cybersec added 2 commits July 29, 2024 16:05
Update oracle docs
89afd32 
Signed-off-by: Miaha Cybersec <[email protected]>
Update oracle docs
65574b5 
Signed-off-by: Miaha Cybersec <[email protected]>
ashnamehrotra
ashnamehrotra approved these changes Jul 29, 2024
View reviewed changes
Copy link
Contributor

@ashnamehrotra ashnamehrotra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ashnamehrotra ashnamehrotra merged commit 358a7ff into project-copacetic:main Jul 29, 2024
24 of 25 checks passed
@MiahaCybersec MiahaCybersec deleted the add-oracle-support branch July 30, 2024 15:02
@MiahaCybersec MiahaCybersec mentioned this pull request Aug 28, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sozercan sozercan sozercan left review comments

@ashnamehrotra ashnamehrotra ashnamehrotra approved these changes

@jeremyrickard jeremyrickard Awaiting requested review from jeremyrickard jeremyrickard is a code owner

Assignees
No one assigned
Labels
None yet
Projects
Copacetic Workboard
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[REQ] Add Oracle Linux as supported OS
3 participants
@MiahaCybersec @sozercan @ashnamehrotra