Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images. - Added symbols.json detailing function entry and sink points in the WordPress code. - Included runtime traces for function calls in both reachable and unreachable scenarios. - Developed OpenVEX files indicating vulnerability status and justification for both cases. - Updated README for evaluator harness to guide integration with scanner output.
This commit is contained in:
master
@@ -1,5 +1,12 @@
|
||||
{{- $root := . -}}
|
||||
{{- range $name, $svc := .Values.services }}
|
||||
{{- $root := . -}}
|
||||
{{- $configMaps := default (dict) .Values.configMaps -}}
|
||||
{{- $hasPolicyActivationConfig := hasKey $configMaps "policy-engine-activation" -}}
|
||||
{{- $policyActivationConfigName := "" -}}
|
||||
{{- if $hasPolicyActivationConfig -}}
|
||||
{{- $policyActivationConfigName = include "stellaops.fullname" (dict "root" $root "name" "policy-engine-activation") -}}
|
||||
{{- end -}}
|
||||
{{- $policyActivationTargets := dict "policy-engine" true "policy-gateway" true -}}
|
||||
{{- range $name, $svc := .Values.services }}
|
||||
{{- $configMounts := (default (list) $svc.configMounts) }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
@@ -36,18 +43,31 @@ spec:
|
||||
- {{ $arg | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if $svc.env }}
|
||||
env:
|
||||
{{- range $envName, $envValue := $svc.env }}
|
||||
- name: {{ $envName }}
|
||||
value: {{ $envValue | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if $svc.envFrom }}
|
||||
envFrom:
|
||||
{{ toYaml $svc.envFrom | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if $svc.ports }}
|
||||
{{- if $svc.env }}
|
||||
env:
|
||||
{{- range $envName, $envValue := $svc.env }}
|
||||
- name: {{ $envName }}
|
||||
value: {{ $envValue | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- $needsPolicyActivation := and $hasPolicyActivationConfig (hasKey $policyActivationTargets $name) }}
|
||||
{{- $envFrom := default (list) $svc.envFrom }}
|
||||
{{- if and $needsPolicyActivation (ne $policyActivationConfigName "") }}
|
||||
{{- $hasActivationReference := false }}
|
||||
{{- range $envFromEntry := $envFrom }}
|
||||
{{- if and (hasKey $envFromEntry "configMapRef") (eq (index (index $envFromEntry "configMapRef") "name") $policyActivationConfigName) }}
|
||||
{{- $hasActivationReference = true }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if not $hasActivationReference }}
|
||||
{{- $envFrom = append $envFrom (dict "configMapRef" (dict "name" $policyActivationConfigName)) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if $envFrom }}
|
||||
envFrom:
|
||||
{{ toYaml $envFrom | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if $svc.ports }}
|
||||
ports:
|
||||
{{- range $port := $svc.ports }}
|
||||
- name: {{ default (printf "%s-%v" $name $port.containerPort) $port.name | trunc 63 | trimSuffix "-" }}
|
||||
|
||||
Reference in New Issue
Block a user