try to upload sarif file without any findings w/ burnettk

sartography · Aug 19, 2024 · e56ffec · e56ffec
1 parent b3a7b8a
commit e56ffec
Show file tree

Hide file tree

Showing 4 changed files with 61 additions and 1 deletion.
diff --git a/.github/workflows/test_ecr_scan.yml b/.github/workflows/test_ecr_scan.yml
@@ -33,11 +33,17 @@ jobs:
         run: |
           pip install -r wait-for-ecr-scan-and-get-sarif/requirements.txt
 
+      # - name: Run the Python script to convert ECR scan to SARIF
+      #   shell: bash
+      #   run: |
+      #     python wait-for-ecr-scan-and-get-sarif/pylib/aws_scan_findings_to_sarif.py \
+      #       --input_file wait-for-ecr-scan-and-get-sarif/tests/ecr-scan-result-ubuntu.json \
+      #       --output_file report.sarif
       - name: Run the Python script to convert ECR scan to SARIF
         shell: bash
         run: |
           python wait-for-ecr-scan-and-get-sarif/pylib/aws_scan_findings_to_sarif.py \
-            --input_file wait-for-ecr-scan-and-get-sarif/tests/ecr-scan-result-ubuntu.json \
+            --input_file wait-for-ecr-scan-and-get-sarif/tests/ecr-scan-result-no-findings.json \
             --output_file report.sarif
 
       - name: Upload SARIF report as artifact

diff --git a/wait-for-ecr-scan-and-get-sarif/test_aws_scan_findings_to_sarif.py b/wait-for-ecr-scan-and-get-sarif/test_aws_scan_findings_to_sarif.py
@@ -36,3 +36,19 @@ def test_convert_to_sarif_enhanced_ecr_scan():
 
     sarif_report = convert_to_sarif(ecr_response)
     assert sarif_report == expected_response
+
+
+def test_convert_to_sarif_when_no_findings():
+    base_dir = os.path.dirname(os.path.abspath(__file__))
+    sample_file_path = os.path.join(base_dir, "tests/ecr-scan-result-no-findings.json")
+    with open(sample_file_path, "r") as f:
+        ecr_response = json.load(f)
+
+    expected_output_file_path = os.path.join(
+        base_dir, "tests/ecr-scan-result-no-findings-expected-sarif.json"
+    )
+    with open(expected_output_file_path, "r") as f:
+        expected_response = json.load(f)
+
+    sarif_report = convert_to_sarif(ecr_response)
+    assert sarif_report == expected_response
diff --git a/wait-for-ecr-scan-and-get-sarif/tests/ecr-scan-result-no-findings-expected-sarif.json b/wait-for-ecr-scan-and-get-sarif/tests/ecr-scan-result-no-findings-expected-sarif.json
@@ -0,0 +1,24 @@
+{
+  "version": "2.1.0",
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "Amazon ECR Image Scanning",
+          "informationUri": "https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html",
+          "rules": []
+        }
+      },
+      "results": [],
+      "properties": {
+        "imageID": "sha256:60f5317ec034730f044117f4661e61e6b35faeac4f7b853d0f048282a2201afc",
+        "imageName": "infr/testcloud2202",
+        "repoDigests": [
+          "infr/testcloud2202@sha256:60f5317ec034730f044117f4661e61e6b35faeac4f7b853d0f048282a2201afc"
+        ],
+        "repoTags": []
+      }
+    }
+  ]
+}
diff --git a/wait-for-ecr-scan-and-get-sarif/tests/ecr-scan-result-no-findings.json b/wait-for-ecr-scan-and-get-sarif/tests/ecr-scan-result-no-findings.json
@@ -0,0 +1,14 @@
+{
+    "imageScanFindings": {
+        "findings": []
+    },
+    "registryId": "772215651096",
+    "repositoryName": "infr/testcloud2202",
+    "imageId": {
+        "imageDigest": "sha256:60f5317ec034730f044117f4661e61e6b35faeac4f7b853d0f048282a2201afc"
+    },
+    "imageScanStatus": {
+        "status": "ACTIVE",
+        "description": "Continuous scan is selected for image."
+    }
+}