1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-29 19:38:12 +00:00

Do not print remediation messages not on --status

This commit is contained in:
Manuel Tiago Pereira 2021-11-05 09:01:20 +00:00
parent 0c1c5aa2e0
commit 5ed6c78c81
No known key found for this signature in database
GPG Key ID: 0F7AEBEEEEB5DC0C
2 changed files with 27 additions and 10 deletions

View File

@ -205,24 +205,29 @@ func prettyPrint(r *check.Controls, summary check.Summary) {
// Print remediations.
if !noRemediations {
var remediationOutput strings.Builder
if summary.Fail > 0 || summary.Warn > 0 {
colors[check.WARN].Printf("== Remediations %s ==\n", r.Type)
for _, g := range r.Groups {
for _, c := range g.Checks {
if c.State == check.FAIL {
fmt.Printf("%s %s\n", c.ID, c.Remediation)
if c.State == check.FAIL && printStatus(check.FAIL) {
remediationOutput.WriteString(fmt.Sprintf("%s %s\n", c.ID, c.Remediation))
}
if c.State == check.WARN {
if c.State == check.WARN && printStatus(check.WARN) {
// Print the error if test failed due to problem with the audit command
if c.Reason != "" && c.Type != "manual" {
fmt.Printf("%s audit test did not run: %s\n", c.ID, c.Reason)
remediationOutput.WriteString(fmt.Sprintf("%s audit test did not run: %s\n", c.ID, c.Reason))
} else {
fmt.Printf("%s %s\n", c.ID, c.Remediation)
remediationOutput.WriteString(fmt.Sprintf("%s %s\n", c.ID, c.Remediation))
}
}
}
}
fmt.Println()
output := remediationOutput.String()
if len(output) > 0 {
remediationOutput.WriteString("\n")
fmt.Printf(colors[check.WARN].Sprintf("== Remediations %s ==\n", r.Type))
fmt.Printf(remediationOutput.String())
}
}
}

View File

@ -756,27 +756,35 @@ func TestWriteStdoutOutputStatusList(t *testing.T) {
statusList string
notContains []string
contains []string
}
testCases := []testCase{
{
name: "statusList PASS",
statusList: "PASS",
notContains: []string{"INFO", "WARN", "FAIL"},
notContains: []string{"INFO", "WARN", "FAIL", "== Remediations controlplane =="},
},
{
name: "statusList PASS,INFO",
statusList: "PASS,INFO",
notContains: []string{"WARN", "FAIL"},
notContains: []string{"WARN", "FAIL", "== Remediations controlplane =="},
},
{
name: "statusList WARN",
statusList: "WARN",
notContains: []string{"INFO", "FAIL", "PASS"},
contains: []string{"== Remediations controlplane =="},
},
{
name: "statusList FAIL",
statusList: "FAIL",
notContains: []string{"INFO", "WARN", "PASS"},
notContains: []string{"INFO", "WARN", "PASS", "== Remediations controlplane =="},
},
{
name: "statusList empty",
statusList: "",
notContains: nil,
contains: []string{"== Remediations controlplane =="},
},
}
@ -801,6 +809,10 @@ func TestWriteStdoutOutputStatusList(t *testing.T) {
for _, n := range tt.notContains {
assert.NotContains(t, string(out), n)
}
for _, c := range tt.contains {
assert.Contains(t, string(out), c)
}
}
}