fix: Vulnerability scanning on hibernate/unhibernate api's (#5164)

adi6859 · iamayushm · vikramdevtron · web-flow · commit b3f4f78a7f51 · 2024-06-10T17:56:00.000+05:30
* wip

* check added

* renaming

---------

Co-authored-by: ayushmaheshwari &lt;ayush@devtron.ai&gt;
Co-authored-by: Vikram Singh &lt;vikram@devtron.ai&gt;
Co-authored-by: Shivam-nagar23 &lt;shivam@devtron.ai&gt;
diff --git a/pkg/deployment/trigger/devtronApps/TriggerService.go b/pkg/deployment/trigger/devtronApps/TriggerService.go
@@ -426,19 +426,21 @@ func (impl *TriggerServiceImpl) ManualCdTrigger(triggerContext bean.TriggerConte
 				impl.logger.Warnw("unable to migrate deprecated DataSource", "artifactId", artifact.Id)
 			}
 		}
-		vulnerabilityCheckRequest := adapter.GetVulnerabilityCheckRequest(cdPipeline, artifact.ImageDigest)
-		isVulnerable, err := impl.imageScanService.GetArtifactVulnerabilityStatus(ctx, vulnerabilityCheckRequest)
-		if err != nil {
-			impl.logger.Errorw("error in getting Artifact vulnerability status, ManualCdTrigger", "err", err)
-			return 0, err
-		}
+		if isNotHibernateRequest(overrideRequest.DeploymentType) {
+			vulnerabilityCheckRequest := adapter.GetVulnerabilityCheckRequest(cdPipeline, artifact.ImageDigest)
+			isVulnerable, err := impl.imageScanService.GetArtifactVulnerabilityStatus(ctx, vulnerabilityCheckRequest)
+			if err != nil {
+				impl.logger.Errorw("error in getting Artifact vulnerability status, ManualCdTrigger", "err", err)
+				return 0, err
+			}
 
-		if isVulnerable == true {
-			// if image vulnerable, update timeline status and return
-			if err = impl.cdWorkflowCommonService.MarkCurrentDeploymentFailed(runner, errors.New(pipelineConfig.FOUND_VULNERABILITY), overrideRequest.UserId); err != nil {
-				impl.logger.Errorw("error while updating current runner status to failed, TriggerDeployment", "wfrId", runner.Id, "err", err)
+			if isVulnerable == true {
+				// if image vulnerable, update timeline status and return
+				if err = impl.cdWorkflowCommonService.MarkCurrentDeploymentFailed(runner, errors.New(pipelineConfig.FOUND_VULNERABILITY), overrideRequest.UserId); err != nil {
+					impl.logger.Errorw("error while updating current runner status to failed, TriggerDeployment", "wfrId", runner.Id, "err", err)
+				}
+				return 0, fmt.Errorf("found vulnerability for image digest %s", artifact.ImageDigest)
 			}
-			return 0, fmt.Errorf("found vulnerability for image digest %s", artifact.ImageDigest)
 		}
 
 		// Deploy the release
@@ -537,6 +539,13 @@ func (impl *TriggerServiceImpl) ManualCdTrigger(triggerContext bean.TriggerConte
 	return releaseId, err
 }
 
+func isNotHibernateRequest(deploymentType models.DeploymentType) bool {
+	if deploymentType == models.DEPLOYMENTTYPE_STOP || deploymentType == models.DEPLOYMENTTYPE_START {
+		return false
+	}
+	return true
+}
+
 // TODO: write a wrapper to handle auto and manual trigger
 func (impl *TriggerServiceImpl) TriggerAutomaticDeployment(request bean.TriggerRequest) error {
 	//in case of manual trigger auth is already applied and for auto triggers there is no need for auth check here
