-
Bug
-
Resolution: Done
-
Normal
-
None
-
Improvement
-
False
-
-
False
-
-
-
Rox Sprint 4.8A - Global
-
0
USER PROBLEM
It seems that specifying table headers does not affect output rows:
→ roxctl image scan --image registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 -o table --headers COMPONENT,VERSION,CVE Scan results for image: registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 (TOTAL-COMPONENTS: 15, TOTAL-VULNERABILITIES: 42, LOW: 16, MODERATE: 11, IMPORTANT: 14, CRITICAL: 1) +-------------------------------------+------------------------------------------------------+----------------+-----------+----------------------------------------------------------------------------------+------------------------------------------------------+ | COMPONENT | VERSION | CVE | | | | +-------------------------------------+------------------------------------------------------+----------------+-----------+----------------------------------------------------------------------------------+------------------------------------------------------+ | github.com/gogo/protobuf | v1.3.1 | CVE-2021-3121 | IMPORTANT | https://osv.dev/vulnerability/GHSA-c3h9-896r-86jm | 1.3.2 | + + +----------------+-----------+----------------------------------------------------------------------------------+------------------------------------------------------+ | | | GO-2021-0053 | LOW | https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc | 1.3.2 | +-------------------------------------+------------------------------------------------------+----------------+-----------+----------------------------------------------------------------------------------+------------------------------------------------------+
Help text for --headers says "Headers to print in tabular output (default [COMPONENT,VERSION,CVE,SEVERITY,LINK,FIXED_VERSION])". Empirically, I thought what is meant there is that one can change the name of headers instead of changing what's actually printed, so saying something like this is possible, though nonsensical:
→ roxctl image scan --image registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 -o table --headers COMPONENT,FIXED_VERSION,CVE,LULZ,VERSION,SCORE --severity CRITICAL Scan results for image: registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 (TOTAL-COMPONENTS: 1, TOTAL-VULNERABILITIES: 1, LOW: 0, MODERATE: 0, IMPORTANT: 0, CRITICAL: 1) +---------------------+------------------------------------+----------------+----------+---------------------------------------------------+--------+ | COMPONENT | FIXED VERSION | CVE | LULZ | VERSION | SCORE | +---------------------+------------------------------------+----------------+----------+---------------------------------------------------+--------+ | golang.org/x/crypto | v0.0.0-20200622213623-75b288015ac9 | CVE-2024-45337 | CRITICAL | https://osv.dev/vulnerability/GHSA-v778-237x-gjrc | 0.31.0 | +---------------------+------------------------------------+----------------+----------+---------------------------------------------------+--------+
However, there are some sanity checks:
→ roxctl image scan --image registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 -o table --headers COMPONENT,FIXED_VERSION,CVE,LULZ,LINK --severity CRITICAL ERROR: could not create printer for image scan result: could not create printer: "table": undefined columns to merge: VERSION
At the very least, we shall clarify what this parameter does. At most, I think choosing (and ordering) the columns has much higher value than renaming them.
CONDITIONS
Tested with roxctl 4.6.2.
ROOT CAUSE
What is the root cause of the bug?
- pending
FIX
How was the bug fixed (this is more important if a workaround was implemented rather than an actual fix)?
- pending
