Query existing vulnerability by UUID in internal Starboard vulnerability API
What does this MR do and why?
Rectifies a regression introduced in !79208 (merged): The Create Starboard Vulnerability internal API endpoint raises when it receives the same payload more than once.
How to set up and validate locally
- Create a JWT:
JWT.encode({ 'iss' => Gitlab::Kas::JWT_ISSUER }, Gitlab::Kas.secret, 'HS256')
-
Create a fresh project.
-
Create an agent and accompanying token:
agent = Project.last.cluster_agents.create(name: "test", created_by_user: User.find(1))
token = agent.agent_tokens.create(name: "test", created_by_user: User.find(1))
token.token
- Throw the same vulnerability payload against the API endpoint. On master, the second request is answered with 500.
./vuln.json
{
"vulnerability": {
"category": "cluster_image_scanning",
"name": "CVE-2012-1111",
"message": "CVE-2012-9579 in Alpha",
"description": "If we reboot the microchip, we can get to the HTTP feed through the haptic SAS transmitter!",
"cve": "CVE-2012-9579",
"severity": "low",
"confidence": "low",
"solution": "Try to program the SMTP bus, maybe it will index the back-end alarm!",
"scanner": {
"id": "starboard_trivy",
"name": "Trivy (via Starboard Operator)"
},
"location": {
"dependency": {
"package": {
"name": "Zamit"
},
"version": "0.72"
},
"image": "http://altenwerth-gislason.biz/image:latest",
"kubernetes_resource": {
"namespace": "commodi",
"kind": "pod",
"name": "jpzlsnxepu",
"container_name": "zwvjljycyb",
"agent_id": "rvxwobxjzz"
}
},
"identifiers": [
{
"type": "cve",
"name": "CVE-2012-9579",
"value": "CVE-2012-9579",
"url": "http://brown-kunze.com/glen.kassulke"
}
],
"links": [
"http://wiegand.io/merry.stark"
]
},
"scanner": {
"id": "starboard-trivy",
"name": "Trivy (via Starboard Operator)",
"url": "https://github.com/aquasecurity/trivy",
"vendor": {
"name": "GitLab"
}
}
}
curl --request PUT --header "Gitlab-Kas-Api-Request: $KAS_JWT" \
--header "Authorization: Bearer $AGENT_TOKEN" --header "Content-Type: application/json" \
--url "http://gdk.test:3000/api/v4/internal/kubernetes/modules/starboard_vulnerability" \
-d @vuln.json
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #345905 (closed)