issue #3733 change code to allow all images if DOCKER_SECURITY_TOOL_OS is empty (as in was previously)

SilinPavel · SilinPavel · commit 41757876885f · 2024-10-04T16:58:03.000+02:00
diff --git a/api/src/main/java/com/epam/pipeline/manager/pipeline/ToolManager.java b/api/src/main/java/com/epam/pipeline/manager/pipeline/ToolManager.java
@@ -828,8 +828,7 @@ public boolean isToolOSVersionAllowed(final ToolOSVersion toolOSVersion) {
         final String allowedOSes = preferenceManager.getPreference(SystemPreferences.DOCKER_SECURITY_TOOL_OS);
         final String allowedWithWarningOSes = preferenceManager.getPreference(
                 SystemPreferences.DOCKER_SECURITY_TOOL_OS_WITH_WARNING);
-        if ((StringUtils.isEmpty(allowedOSes) && StringUtils.isEmpty(allowedWithWarningOSes))
-                || toolOSVersion == null) {
+        if (StringUtils.isEmpty(allowedOSes) || toolOSVersion == null) {
             return true;
         }
         return toolOSVersion.isMatched(allowedOSes) || toolOSVersion.isMatched(allowedWithWarningOSes);
diff --git a/api/src/test/java/com/epam/pipeline/manager/docker/scan/AggregatingToolScanManagerTest.java b/api/src/test/java/com/epam/pipeline/manager/docker/scan/AggregatingToolScanManagerTest.java
@@ -456,13 +456,33 @@ public void testAllowOnAllowedOSVersion() {
 
     @Test
     public void testAllowOnAllowedOSInToolOsWithWarning() {
+        when(preferenceManager.getPreference(SystemPreferences.DOCKER_SECURITY_TOOL_OS))
+                .thenReturn("centos");
+        when(preferenceManager.getPreference(SystemPreferences.DOCKER_SECURITY_TOOL_OS_WITH_WARNING))
+                .thenReturn("ubuntu:14");
+        TestUtils.generateScanResult(0, 0,
+                1, toolScanResult, new ToolOSVersion("ubuntu", "14"));
+        Assert.assertTrue(aggregatingToolScanManager.checkTool(testTool, LATEST_VERSION).isAllowed());
+    }
+
+    @Test
+    public void testAllowIfAllowedOSsIsEmpty() {
         when(preferenceManager.getPreference(SystemPreferences.DOCKER_SECURITY_TOOL_OS_WITH_WARNING))
                 .thenReturn("ubuntu:14");
         TestUtils.generateScanResult(0, 0,
                 1, toolScanResult, new ToolOSVersion("ubuntu", "14"));
         Assert.assertTrue(aggregatingToolScanManager.checkTool(testTool, LATEST_VERSION).isAllowed());
     }
 
+    @Test
+    public void testAllowIfAllowedOSsIsEmptyAndAllowedOSesWithWarningDoesntAllow() {
+        when(preferenceManager.getPreference(SystemPreferences.DOCKER_SECURITY_TOOL_OS_WITH_WARNING))
+                .thenReturn("centos");
+        TestUtils.generateScanResult(0, 0,
+                1, toolScanResult, new ToolOSVersion("ubuntu", "14"));
+        Assert.assertTrue(aggregatingToolScanManager.checkTool(testTool, LATEST_VERSION).isAllowed());
+    }
+
     @Test
     public void testDenyOnHigh() {
         TestUtils.generateScanResult(MAX_CRITICAL_VULNERABILITIES, MAX_HIGH_VULNERABILITIES + 1,
