Merge pull request #123 from influxdata/jdstrand/dso-dont-store-corre…

…lation-id-with-dump fix: don't store dso correlation_id since it is always changing
influxdata · Aug 21, 2023 · 3480072 · 3480072
2 parents 56baaf9 + d16af66
commit 3480072
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 3 deletions.
diff --git a/cvelib/dso.py b/cvelib/dso.py
@@ -910,6 +910,11 @@ def main_dso_dump_reports():
                 warn("unexpected format of report for '%s'" % full_name)
                 j = {}
 
+            # clear the correlation_id since it changes on every fetch which
+            # causes the sha256 to always change
+            if "extensions" in j and "correlation_id" in j["extensions"]:
+                del j["extensions"]["correlation_id"]
+
         if len(j) == 0:
             continue
 

diff --git a/tests/test_dso.py b/tests/test_dso.py
@@ -3,6 +3,7 @@
 # SPDX-License-Identifier: MIT
 
 import datetime
+import json
 import os
 import tempfile
 from unittest import TestCase, mock, skipIf
@@ -934,7 +935,7 @@ def test_main_dso_dump_reports(
         mock_getDigestForImage.return_value = "valid-name@sha256:deadbeef"
         mock_fetchScanReport.return_value = (
             [],
-            '{"data": {"vulnerabilitiesByPackage": []}}',
+            '{"data": {"vulnerabilitiesByPackage": []}, "extensions": {"correlation_id": "81e2aee7-13d1-4097-93aa-90841e5bd43b"}}',
         )
 
         # create
@@ -960,6 +961,11 @@ def test_main_dso_dump_reports(
         relfn = os.path.relpath(fn, self.tmpdir + "/subdir")
         self.assertEqual("Created: %s" % relfn, output.getvalue().strip())
         self.assertEqual("", error.getvalue().strip())
+        self.assertTrue(os.path.exists(fn))
+        with open(fn, "r") as fh:
+            j = json.load(fh)
+            self.assertTrue("extensions" in j)
+            self.assertFalse("correlation_id" in j)
 
         # updated
         with open(fn, "w") as fh:
@@ -985,11 +991,15 @@ def test_main_dso_dump_reports(
         fn = self.tmpdir + "/subdir/YYYY/MM/DD/dso/valid-repo/deadbeef.json"
         os.makedirs(os.path.dirname(fn))
         with open(fn, "w") as fh:
-            fh.write('{\n  "data": {\n    "vulnerabilitiesByPackage": []\n  }\n}\n')
+            fh.write(
+                '{\n  "data": {\n    "vulnerabilitiesByPackage": []\n  },\n  "extensions": {}\n}\n'
+            )
         fn2 = self.tmpdir + "/subdir/YYYY/MM/dd/dso/valid-repo/deadbeef.json"
         os.makedirs(os.path.dirname(fn2))
         with open(fn2, "w") as fh:
-            fh.write('{\n  "data": {\n    "vulnerabilitiesByPackage": []\n  }\n}\n')
+            fh.write(
+                '{\n  "data": {\n    "vulnerabilitiesByPackage": []\n  },\n  "extensions": {}\n}\n'
+            )
 
         with mock.patch(
             "argparse._sys.argv",