get severity fails for 1.1.12 splunk images

[jhuan4]

• we are scanning these images (had no issue with older versions):

  splunk/fluentd-hec: (Docker Hub ) 1.2.12 (fails scan)

splunk/k8s-metrics: (Docker Hub ) 1.1.12 (fails scan)

splunk/kube-objects: (Docker Hub ) 1.1.12 (fails scan)

• when getting report, it fails with: INFO Authenticating with CrowdStrike Falcon API INFO Downloading Image Scan Report INFO Searching for vulnerabilities in scan report... WARNING MEDIUM CVE-2022-1586 Vulnerability detected affecting pcre2-10.32-2.el8.src.rpm WARNING MEDIUM CVE-2022-25313 Vulnerability detected affecting expat-2.2.5-4.el8_5.3.src.rpm ERROR Unknown error Traceback (most recent call last): File "/home/vmadmin/agent/_work/228/blueprints/templates/steps/script/cs_scanimage.py", line 368, in main f_vuln_score = int(scan_report.get_alerts_vuln()) File "/home/vmadmin/agent/_work/228/blueprints/templates/steps/script/cs_scanimage.py", line 181, in get_alerts_vuln cvss_v3 = details.get('cvss_v3_score', {}) AttributeError: 'NoneType' object has no attribute 'get'

  [error]Bash exited with code '10'.

• seems details returned as None, was able to get working by adding condition:

λ git diff -r main diff --git a/cs_scanimage.py b/cs_scanimage.py index d97017e..c7a7172 100644 --- a/cs_scanimage.py +++ b/cs_scanimage.py @@ -181,11 +181,12 @@ class ScanReport(dict): vuln = vulnerability['Vulnerability'] cve = vuln.get('CVEID', 'CVE-unknown') details = vuln.get('Details', {}) - cvss_v3 = details.get('cvss_v3_score', {}) - severity = cvss_v3.get('severity') - if severity is None: - cvss_v2 = details.get('cvss_v2_score', {}) - severity = cvss_v2.get('severity') + if details is not None: + cvss_v3 = details.get('cvss_v3_score', {}) + severity = cvss_v3.get('severity') + if severity is None: + cvss_v2 = details.get('cvss_v2_score', {}) + severity = cvss_v2.get('severity') if severity is None: severity = details.get('severity', 'UNKNOWN') product = vuln.get('Product', {})

• was able to get get pass and get severity:

  WARNING MEDIUM CVE-2020-26137 Vulnerability detected affecting urllib3 1.24.2 WARNING MEDIUM CVE-2021-33503 Vulnerability detected affecting urllib3 1.24.2 INFO Searching for leaked secrets in scan report... INFO Searching for malware in scan report... INFO Searching for misconfigurations in scan report... WARNING Alert: Misconfiguration found ERROR Exiting: Vulnerability score threshold exceeded: '18700' out of '500'

  [error]Bash exited with code '1'.

  Finishing: Crowdstrike image scanning

[ffalor]

@jhuan4 thanks for reporting this it looks like CVE-2022-2153 is returning a hash with a details key, but the value of the key is None

https://github.com/CrowdStrike/container-image-scan/blob/5258ea8b242173e47954bd723d6f7d1b71bda949/cs_scanimage.py#L183

Is checking if the Details key exists, but doesn't check if the value is None

I'll create a pr soon to address this issue

[jhuan4]

awesome, thanks