fix bug : Skip level (#61)

* add description to skip level struct

* fix writer packages

* add scratch test and use tar files

Author: tomoyamachi

pkg/assessor/group/group.go

@@ -49,7 +49,13 @@ func (a GroupAssessor) Assess(fileMap extractor.FileMap) ([]*types.Assessment, e
 		}
 	}
 	if !existFile {
-		assesses = []*types.Assessment{{Code: types.AvoidDuplicateUserGroup, Level: types.SkipLevel}}
+		assesses = []*types.Assessment{
+			{
+				Code:  types.AvoidDuplicateUserGroup,
+				Level: types.SkipLevel,
+				Desc:  fmt.Sprintf("failed to detect %s", strings.Join(a.RequiredFiles(), ",")),
+			},
+		}
 	}
 
 	return assesses, nil

pkg/assessor/passwd/passwd.go

@@ -44,7 +44,13 @@ func (a PasswdAssessor) Assess(fileMap extractor.FileMap) ([]*types.Assessment,
 		}
 	}
 	if !existFile {
-		assesses = []*types.Assessment{{Code: types.AvoidEmptyPassword, Level: types.SkipLevel}}
+		assesses = []*types.Assessment{
+			{
+				Code:  types.AvoidEmptyPassword,
+				Level: types.SkipLevel,
+				Desc:  fmt.Sprintf("failed to detect %s", strings.Join(a.RequiredFiles(), ",")),
+			},
+		}
 	}
 	return assesses, nil
 }

pkg/assessor/user/user.go

@@ -47,7 +47,11 @@ func (a UserAssessor) Assess(fileMap extractor.FileMap) ([]*types.Assessment, er
 		}
 	}
 	if !existFile {
-		assesses = []*types.Assessment{{Code: types.AvoidDuplicateUserGroup, Level: types.SkipLevel}}
+		assesses = []*types.Assessment{{
+			Code:  types.AvoidDuplicateUserGroup,
+			Level: types.SkipLevel,
+			Desc:  fmt.Sprintf("failed to detect %s", strings.Join(a.RequiredFiles(), ",")),
+		}}
 	}
 
 	return assesses, nil

pkg/report/json.go

@@ -22,6 +22,7 @@ type JsonSummary struct {
 	Fatal int `json:"fatal"`
 	Warn  int `json:"warn"`
 	Info  int `json:"info"`
+	Skip  int `json:"skip"`
 	Pass  int `json:"pass"`
 }
 type JsonDetail struct {
@@ -40,22 +41,24 @@ func (jw JsonWriter) Write(assessMap types.AssessmentMap) (abend bool, err error
 			jsonSummary.Pass++
 			continue
 		}
-		assesses := assessMap[ass.Code].Assessments
-		detail := jsonDetail(ass.Code, ass.Level, assesses)
+		assess := assessMap[ass.Code]
+		detail := jsonDetail(assess.Code, assess.Level, assess.Assessments)
 		if detail != nil {
 			jsonDetails = append(jsonDetails, detail)
 		}
 
 		// increment summary
-		switch ass.Level {
+		switch assess.Level {
 		case types.FatalLevel:
 			jsonSummary.Fatal++
 		case types.WarnLevel:
 			jsonSummary.Warn++
 		case types.InfoLevel:
 			jsonSummary.Info++
+		case types.SkipLevel:
+			jsonSummary.Skip++
 		}
-		if ass.Level >= config.Conf.ExitLevel {
+		if assess.Level >= config.Conf.ExitLevel {
 			abend = true
 		}
 	}

pkg/report/list.go

@@ -37,9 +37,9 @@ func (lw ListWriter) Write(assessMap types.AssessmentMap) (abend bool, err error
 		if _, ok := assessMap[ass.Code]; !ok {
 			continue
 		}
-		assesses := assessMap[ass.Code].Assessments
-		showTargetResult(ass.Code, ass.Level, assesses)
-		if ass.Level >= config.Conf.ExitLevel {
+		assess := assessMap[ass.Code]
+		showTargetResult(assess.Code, assess.Level, assess.Assessments)
+		if assess.Level >= config.Conf.ExitLevel {
 			abend = true
 		}
 	}
@@ -48,7 +48,7 @@ func (lw ListWriter) Write(assessMap types.AssessmentMap) (abend bool, err error
 
 func showTargetResult(code string, level int, assessments []*types.Assessment) {
 	showTitleLine(code, level)
-	if level != types.IgnoreLevel {
+	if level > types.IgnoreLevel {
 		for _, assessment := range assessments {
 			showDescription(assessment)
 		}

pkg/scanner/scan_test.go

@@ -6,16 +6,14 @@ import (
 	"testing"
 	"time"
 
-	"github.com/goodwithtech/dockle/pkg/assessor/contentTrust"
-
-	"github.com/goodwithtech/dockle/pkg/assessor/manifest"
-
 	"github.com/google/go-cmp/cmp/cmpopts"
 
 	deckodertypes "github.com/goodwithtech/deckoder/types"
 
 	"github.com/google/go-cmp/cmp"
 
+	"github.com/goodwithtech/dockle/pkg/assessor/contentTrust"
+	"github.com/goodwithtech/dockle/pkg/assessor/manifest"
 	"github.com/goodwithtech/dockle/pkg/log"
 	"github.com/goodwithtech/dockle/pkg/types"
 )
@@ -30,7 +28,7 @@ func TestScanImage(t *testing.T) {
 		expected  []*types.Assessment
 	}{
 		"Dockerfile.base": {
-			fileName: "",
+			// TODO : too large to use github / fileName:  "base.tar",
 			// testdata/Dockerfile.base
 			imageName: "goodwithtech/dockle-test:base-test",
 			option:    deckodertypes.DockerOption{Timeout: time.Minute},
@@ -51,6 +49,17 @@ func TestScanImage(t *testing.T) {
 				{Code: types.UseContentTrust, Filename: contentTrust.HostEnvironmentFileName},
 			},
 		},
+		"Dockerfile.scratch": {
+			fileName: "./testdata/scratch.tar",
+			expected: []*types.Assessment{
+				{Code: types.AvoidCredential, Filename: "credentials.json"},
+				{Code: types.AddHealthcheck, Filename: manifest.ConfigFileName},
+				{Code: types.UseContentTrust, Filename: contentTrust.HostEnvironmentFileName},
+				{Code: types.AvoidEmptyPassword, Level: types.SkipLevel},
+				{Code: types.AvoidDuplicateUserGroup, Level: types.SkipLevel},
+				{Code: types.AvoidDuplicateUserGroup, Level: types.SkipLevel},
+			},
+		},
 		"emptyArg": {
 			wantErr: types.ErrSetImageOrFile,
 		},

pkg/scanner/testdata/Dockerfile.scratch

@@ -0,0 +1,3 @@
+FROM scratch
+ADD Dockerfile.base /credentials.json
+USER scratch

pkg/scanner/testdata/scratch.tar

@@ -17,7 +17,10 @@ type AssessmentMap map[string]CodeInfo
 func CreateAssessmentMap(as AssessmentSlice, ignoreMap map[string]struct{}) AssessmentMap {
 	asMap := AssessmentMap{}
 	for _, a := range as {
-		level := DefaultLevelMap[a.Code]
+		level := a.Level
+		if level == 0 {
+			level = DefaultLevelMap[a.Code]
+		}
 		if _, ok := ignoreMap[a.Code]; ok {
 			level = IgnoreLevel
 		}