René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Trivy Parser Creates Malformed Location URL","articleBody":"## 🐞 Bug report\r\n\u003c!--\r\nThank you for reporting an issue in our project 🙌\r\n\r\nBefore opening a new issue, please make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead.\r\n--\u003e\r\n\r\n### Describe the bug\r\n\r\nWe do the following scan by Trivy:\r\n```\r\napiVersion: \"execution.securecodebox.io/v1\"\r\nkind: Scan\r\nmetadata:\r\n  name: \"trivy-k8s-1\"\r\n  annotations:\r\n    defectdojo.securecodebox.io/product-type-name: Infra\r\n    defectdojo.securecodebox.io/product-name: infra-cluster\r\n    defectdojo.securecodebox.io/engagement-name: \"Trivy k8s scan\"\r\n    defectdojo.securecodebox.io/test-title: \"Trivy k8s weekly scan\"\r\nspec:\r\n  scanType: \"trivy-k8s\"\r\n  parameters:\r\n    - \"-d\"\r\n    - \"--timeout\"\r\n    - \"30m\"\r\n    - \"--tolerations\"\r\n    - \"gitlab_runners=true:NoSchedule\"\r\n    - \"--components\"\r\n    - \"workload\"\r\n    - \"--scanners\"\r\n    - \"vuln\"\r\n    - \"-n\"\r\n    - \"gitlab\"\r\n    - \"pods\"\r\n  volumes:\r\n    - name: dockersocket\r\n      hostPath:\r\n        path: /run/containerd/containerd.sock\r\n    - name: db-cache\r\n      persistentVolumeClaim:\r\n        claimName: trivy-k8s-database\r\n  volumeMounts:\r\n    - name: dockersocket\r\n      mountPath: /run/containerd/containerd.sock\r\n    - name: db-cache\r\n      mountPath: /root/.cache/trivy\r\n```\r\n\r\nScan and parse stages go just fine. But in the `Persistence-defectdojo hook` we see a lot of warnings like this:\r\n\r\n```\r\n2024-02-29 17:17:26 WARN  SecureCodeBoxFindingsToDefectDojoMapper:89 - Couldn't parse the secureCodeBox location, because it: java.lang.IllegalArgumentException: Illegal character in opaque part at index 10: Namespace: 'gitlab' / Kind: 'Pod' / Name: 'runner--ykq-n2m-project-8-concurrent-0-na4oov1f' is not a vailid uri: Namespace: 'gitlab' / Kind: 'Pod' / Name: 'runner--ykq-n2m-project-8-concurrent-0-na4oov1f'\r\n2024-02-29 17:17:26 WARN  SecureCodeBoxFindingsToDefectDojoMapper:89 - Couldn't parse the secureCodeBox location, because it: java.lang.IllegalArgumentException: Illegal character in opaque part at index 10: Namespace: 'gitlab' / Kind: 'Pod' / Name: 'runner--ykq-n2m-project-8-concurrent-0-na4oov1f' is not a vailid uri: Namespace: 'gitlab' / Kind: 'Pod' / Name: 'runner--ykq-n2m-project-8-concurrent-0-na4oov1f'\r\n```\r\n\r\n### Steps To Reproduce\r\n\u003c!--\r\nSteps to reproduce the behavior:\r\n1. Go to '...'\r\n2. Click on '....'\r\n3. Scroll down to '....'\r\n4. See error\r\n--\u003e\r\n\r\n### Expected behavior\r\n\u003c!-- A clear and concise description of what you expected to happen. --\u003e\r\n\r\n### System (please complete the following information):\r\n\u003c!--\r\n - secureCodeBox Version/Release\r\n - OS: [e.g. iOS]\r\n - Kubernetes Version [command: `kubectl version`]\r\n - Docker Version [command: `docker -v`]\r\n - Browser [e.g. chrome, safari, firefox,...]\r\n--\u003e\r\n\r\n- operator-4.4.0\r\n- trivy-4.4.1\r\n- persistence-defectdojo-4.4.1\r\n\r\n### Screenshots / Logs\r\n\u003c!-- If applicable, add screenshots to help explain your problem. --\u003e\r\n\r\n### Additional context\r\n\u003c!-- Add any other context about the problem here. --\u003e\r\n","author":{"url":"https://github.com/danil-smirnov","@type":"Person","name":"danil-smirnov"},"datePublished":"2024-02-29T17:41:48.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":4},"url":"https://github.com/2324/secureCodeBox/issues/2324"}