fix: ensure valued dates are not overwritten on merge

Failed summaries will lack timestamps; only overwrite a timestamp if it's valued.
cultureamp · Mar 15, 2024 · 72064de · 72064de
1 parent 0e6dfed
commit 72064de
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 2 deletions.
diff --git a/src/finding/summary.go b/src/finding/summary.go
@@ -224,8 +224,12 @@ func mergeSingle(merged, other Summary) Summary {
 	merged.Platforms = append(merged.Platforms, other.Platforms...)
 	merged.FailedPlatforms = append(merged.FailedPlatforms, other.FailedPlatforms...)
 
-	merged.ImageScanCompletedAt = other.ImageScanCompletedAt
-	merged.VulnerabilitySourceUpdatedAt = other.VulnerabilitySourceUpdatedAt
+	if other.ImageScanCompletedAt != nil {
+		merged.ImageScanCompletedAt = other.ImageScanCompletedAt
+	}
+	if other.VulnerabilitySourceUpdatedAt != nil {
+		merged.VulnerabilitySourceUpdatedAt = other.VulnerabilitySourceUpdatedAt
+	}
 
 	return merged
 }

diff --git a/src/finding/summary_test.go b/src/finding/summary_test.go
@@ -2,6 +2,7 @@ package finding_test
 
 import (
 	"testing"
+	"time"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/ecr"
@@ -149,6 +150,8 @@ func TestMergeSummary(t *testing.T) {
 					Platforms: p("other1"),
 				},
 			},
+			ImageScanCompletedAt:         tm(2010, 1, 1),
+			VulnerabilitySourceUpdatedAt: tm(2010, 1, 2),
 		},
 		{
 			Platforms: p("other2"),
@@ -168,6 +171,9 @@ func TestMergeSummary(t *testing.T) {
 	// base.Merge(others...)
 	base := finding.MergeSummaries(others)
 
+	assert.NotNil(t, base.ImageScanCompletedAt)
+	assert.NotNil(t, base.VulnerabilitySourceUpdatedAt)
+
 	autogold.ExpectFile(t, base)
 }
 
@@ -215,3 +221,8 @@ func fscore3(name string, severity types.FindingSeverity, score string, vector s
 func i(id string) findingconfig.Ignore {
 	return findingconfig.Ignore{ID: id}
 }
+
+func tm(yyyy int, mm time.Month, dd int) *time.Time {
+	t := time.Date(yyyy, mm, dd, 0, 0, 0, 0, time.UTC)
+	return &t
+}
diff --git a/src/finding/testdata/TestMergeSummary.golden b/src/finding/testdata/TestMergeSummary.golden
@@ -31,6 +31,22 @@ finding.Summary{
 		},
 	},
 	Ignored: []finding.Detail{},
+	ImageScanCompletedAt: valast.Ptr(time.Date(2010,
+		1,
+		1,
+		0,
+		0,
+		0,
+		0,
+		time.UTC)),
+	VulnerabilitySourceUpdatedAt: valast.Ptr(time.Date(2010,
+		1,
+		2,
+		0,
+		0,
+		0,
+		0,
+		time.UTC)),
 	Platforms: []v1.Platform{
 		{OS: "base"},
 		{OS: "other1"},