Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add oracle support #706

Merged
merged 30 commits into from
Jul 29, 2024
Merged

feat: add oracle support #706

merged 30 commits into from
Jul 29, 2024

Conversation

MiahaCybersec
Copy link
Contributor

Closes #190

Did we want to add some docs that Oracle is only supported without a vulnerability scan?

Add Oracle support
062850e 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
@codecov Codecov
Copy link

codecov bot commented Jul 17, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 42.85714% with 4 lines in your changes missing coverage. Please review.

Project coverage is 34.21%. Comparing base (473202f) to head (fc5d70f).
Report is 1 commits behind head on main.

Files Patch % Lines
pkg/pkgmgr/rpm.go 0.00% 4 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #706      +/-   ##
==========================================
- Coverage   34.22%   34.21%   -0.01%     
==========================================
  Files          18       18              
  Lines        1578     1584       +6     
==========================================
+ Hits          540      542       +2     
- Misses       1007     1011       +4     
  Partials       31       31

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Miaha Cybersec added 3 commits July 17, 2024 10:02
Added "ignoreErrors" flag to Oracle test images
e3a173d 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
Add condition to ignore errors in patch_test
3d8e534 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
Ignore false positives from Oracle in patch test
6366476 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
@sozercan
Copy link
Member

sozercan commented Jul 18, 2024
edited
Loading

can we fast fail if scanner input is specified with a descriptive error message?

yes please add to docs. thanks!

Miaha Cybersec and others added 4 commits July 22, 2024 12:07
Add fast fail for Oracle in patch tests and update docs
c9c28ad 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
@MiahaCybersec
Merge branch 'main' into add-oracle-support
e6b7a55
Add fast fail for Oracle in patch tests
acaf1f1 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
Add fast fail for Oracle in patch tests
172a631 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
Miaha Cybersec and others added 4 commits July 24, 2024 09:22
Update troubleshooting docs
c65c417 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
Set ignoreErrors to true for Oracle images
bf1784d 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
golangci-lint
db8b87e 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
@MiahaCybersec
Merge branch 'main' into add-oracle-support
5157c9a
Update error handling for Oracle images and remove v0.7 docs
0e9a769 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
ashnamehrotra
ashnamehrotra reviewed Jul 24, 2024
View reviewed changes
pkg/pkgmgr/rpm.go Outdated Show resolved Hide resolved
@MiahaCybersec @ashnamehrotra
Update pkg/pkgmgr/rpm.go
3ffc33a 
Co-authored-by: Ashna Mehrotra <ashnamehrotra@gmail.com>
Signed-off-by: Miaha <143584635+MiahaCybersec@users.noreply.github.com>
@ashnamehrotra
Copy link
Contributor

@MiahaCybersec for codecov coverage, maybe we can modify the getOSType() to check for Oracle?

Miaha Cybersec added 2 commits July 24, 2024 17:42
Add oracle to getOSType tests
2a8c26f 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
Merge remote-tracking branch 'origin/add-oracle-support' into add-ora…
533c2f8 
…cle-support
Miaha Cybersec added 2 commits July 24, 2024 18:10
Modify patch_test integration tests
920bb1a 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
Refactor error handling for Oracle image detection
eada247 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
Miaha Cybersec added 9 commits July 25, 2024 10:00
Refactor error handling for Oracle image detection, golangci-lint
e7bef01 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
Refactor error handling for Oracle image detection
21bab9c 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
Refactor error handling
e71f29e 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
Remove unused check
26db502 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
Undo previous commit
b39a923 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
Update assertion message in patch test
d710887 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
Update assertion message in patch test
4b3ac81 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
Update assertion logic
78297de 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
Enhance Oracle image error message in patch test
d76f01a 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
sozercan
sozercan reviewed Jul 29, 2024
View reviewed changes
website/docs/troubleshooting.md Outdated
With a vulnerability scan, `--ignore-errors` must be passed in:

```bash
patch -r /oracle-7.9-vulns.json -i docker.io/library/oraclelinux:7.9 --ignore-errors
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

copa patch?

Copy link
Member

@sozercan sozercan Jul 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i don't think this is going to patch all vulns, is that right? can we add a note or should we fail completely (including ignore-errors) for vuln report scenarios?

Copy link
Contributor Author

@MiahaCybersec MiahaCybersec Jul 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is referring to copa patch.

This will patch all vulnerabilities, but --ignore-errors must be passed in due to how Oracle handles CVEs.

Even if an Oracle image is fully patched, Trivy scans will complain about _fips. This is known upstream but has unfortunately remained unfixed for a couple years.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can add a note that this will patch all errors aside from the false positives due to Oracle CVE

sozercan
sozercan reviewed Jul 29, 2024
View reviewed changes
website/docs/troubleshooting.md Outdated
Without a vulnerability scan, Copa will update all packages in the image:

```bash
patch -i docker.io/library/oraclelinux:7.9
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

copa patch?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would be referencing copa patch

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets change it to copa patch to be consistent with other parts of the doc and avoid confusion

website/docs/troubleshooting.md Outdated
With a vulnerability scan, `--ignore-errors` must be passed in:

```bash
patch -r /oracle-7.9-vulns.json -i docker.io/library/oraclelinux:7.9 --ignore-errors
Copy link
Member

@sozercan sozercan Jul 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i don't think this is going to patch all vulns, is that right? can we add a note or should we fail completely (including ignore-errors) for vuln report scenarios?

Miaha Cybersec added 2 commits July 29, 2024 16:05
Update oracle docs
89afd32 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
Update oracle docs
65574b5 
Signed-off-by: Miaha Cybersec <MiahaCybersec@gmail.com>
ashnamehrotra
ashnamehrotra approved these changes Jul 29, 2024
View reviewed changes
Copy link
Contributor

@ashnamehrotra ashnamehrotra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ashnamehrotra ashnamehrotra merged commit 358a7ff into project-copacetic:main Jul 29, 2024
24 of 25 checks passed
@MiahaCybersec MiahaCybersec deleted the add-oracle-support branch July 30, 2024 15:02
@MiahaCybersec MiahaCybersec mentioned this pull request Aug 28, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sozercan sozercan sozercan left review comments

@ashnamehrotra ashnamehrotra ashnamehrotra approved these changes

@jeremyrickard jeremyrickard Awaiting requested review from jeremyrickard jeremyrickard is a code owner

Assignees
No one assigned
Labels
None yet
Projects
Copacetic Workboard
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[REQ] Add Oracle Linux as supported OS
3 participants
@MiahaCybersec @sozercan @ashnamehrotra