Unique sort ignore files (#683)

astronomer · Jan 30, 2024 · 9a8fe0e · 9a8fe0e
1 parent ae8ac35
commit 9a8fe0e
Show file tree

Hide file tree

Showing 45 changed files with 159 additions and 171 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -70,6 +70,9 @@ repos:
       - id: check-xml
       - id: check-yaml
         args: ["--allow-multiple-documents"]
+      - id: file-contents-sorter
+        args: ["--ignore-case", "--unique"]
+        files: "^.*ignore$"
       - id: file-contents-sorter
         args: ["--ignore-case", "--unique"]
         files: "^.gitignore$"

diff --git a/.prettierignore b/.prettierignore
@@ -1 +1 @@
-statsd-exporter/test/statsd-test-config.js
+statsd-exporter/test/statsd-test-config.js
diff --git a/alertmanager/trivyignore b/alertmanager/trivyignore
@@ -1,3 +1,2 @@
 # Upstream alertmanager images include several CVEs.
 # We should try to remove these each time we update.
-
diff --git a/awsesproxy/trivyignore b/awsesproxy/trivyignore
@@ -1,3 +1,3 @@
 # Upstream awsesproxy images include several CVEs.
 # We should try to remove these each time we update.
-CVE-2023-39325
+CVE-2023-39325
diff --git a/awsesproxy/twistcliignore b/awsesproxy/twistcliignore
@@ -1,7 +1,7 @@
-CVE-2023-45285
+CVE-2023-39326
 CVE-2023-45283
-CVE-2023-48795
 CVE-2023-45284
-CVE-2023-39326
-CVE-2023-6237
+CVE-2023-45285
+CVE-2023-48795
 CVE-2023-6129
+CVE-2023-6237
diff --git a/bin/twistcli_validator.py b/bin/twistcli_validator.py
@@ -14,9 +14,11 @@
 ]
 
 
-def cve_list_to_string(list):
-    if list:
-        return "\n" + "\n".join([f"  - {item}" for item in list if item]) + "\n"
+def cve_list_to_string(items: list):
+    sorted_items = sorted(items, key=lambda x: x.lower() if x else "")
+
+    if sorted_items:
+        return "\n" + "\n".join([f"  - {item}" for item in sorted_items]) + "\n"
     return "none\n"
 
 

diff --git a/blackbox-exporter/trivyignore b/blackbox-exporter/trivyignore
@@ -1,4 +1,4 @@
 # Upstream blackbox exporter service images include several CVEs.
 # We should try to remove these each time we update.
+CVE-2023-39325
 GHSA-m425-mq94-257g
-CVE-2023-39325
diff --git a/blackbox-exporter/twistcliignore b/blackbox-exporter/twistcliignore
@@ -1,21 +1,15 @@
-CVE-2023-6237
+CVE-2023-39318
+CVE-2023-39319
 CVE-2023-39323
-GHSA-m425-mq94-257g
-CVE-2023-45287
-CVE-2023-45285
-CVE-2023-45285
-CVE-2023-45283
-CVE-2023-45283
 CVE-2023-39325
+CVE-2023-39326
 CVE-2023-3978
-CVE-2023-39319
-CVE-2023-39318
-CVE-2023-48795
-CVE-2023-48795
-CVE-2023-45284
-CVE-2023-45284
-CVE-2023-44487
 CVE-2023-44487
-CVE-2023-39326
-CVE-2023-39326
+CVE-2023-45283
+CVE-2023-45284
+CVE-2023-45285
+CVE-2023-45287
+CVE-2023-48795
 CVE-2023-6129
+CVE-2023-6237
+GHSA-m425-mq94-257g
diff --git a/curator/twistcliignore b/curator/twistcliignore
@@ -1,10 +1,10 @@
-GHSA-v8gr-m533-ghj9
-CVE-2023-5752
-CVE-2023-49083
-CVE-2023-45285
+CVE-2023-39326
 CVE-2023-45283
-CVE-2023-48795
 CVE-2023-45284
-CVE-2023-39326
+CVE-2023-45285
+CVE-2023-48795
+CVE-2023-49083
+CVE-2023-5752
 CVE-2023-6129
 CVE-2023-6237
+GHSA-v8gr-m533-ghj9
diff --git a/dind-golang/trivyignore b/dind-golang/trivyignore
@@ -1,3 +1,2 @@
 # Upstream dind-golang images include several CVEs.
 # We should try to remove these each time we update.
-
diff --git a/dogstatsd/trivyignore b/dogstatsd/trivyignore
@@ -1,3 +1,3 @@
 # Upstream dogstatsd service images include several CVEs.
 # We should try to remove these each time we update.
-CVE-2022-37434
+CVE-2022-37434
diff --git a/elasticsearch/trivyignore b/elasticsearch/trivyignore
@@ -1,3 +1,3 @@
 # Upstream elasticsearch images include several CVEs.
-GHSA-xpw8-rcwv-8f8p
 CVE-2023-1370
+GHSA-xpw8-rcwv-8f8p
diff --git a/elasticsearch/twistcliignore b/elasticsearch/twistcliignore
@@ -1,10 +1,8 @@
-PRISMA-2023-0067
-GHSA-xpw8-rcwv-8f8p
-CVE-2023-44487
-CVE-2023-44487
-CVE-2023-1370
 CVE-2020-15522
-CVE-2023-35116
-CVE-2023-35116
 CVE-2020-9488
-CVE-2022-45146
+CVE-2022-45146
+CVE-2023-1370
+CVE-2023-35116
+CVE-2023-44487
+GHSA-xpw8-rcwv-8f8p
+PRISMA-2023-0067
diff --git a/fluentd/twistcliignore b/fluentd/twistcliignore
@@ -1,2 +1,2 @@
 CVE-2021-33621
-CVE-2023-22795
+CVE-2023-22795
diff --git a/git-daemon/twistcliignore b/git-daemon/twistcliignore
@@ -1,7 +1,7 @@
-CVE-2023-45285
+CVE-2023-39326
 CVE-2023-45283
-CVE-2023-48795
 CVE-2023-45284
-CVE-2023-39326
+CVE-2023-45285
+CVE-2023-48795
 CVE-2023-6129
 CVE-2023-6237
diff --git a/git-sync-relay/twistcliignore b/git-sync-relay/twistcliignore
@@ -1,5 +1,5 @@
-CVE-2023-45285
+CVE-2023-39326
 CVE-2023-45283
-CVE-2023-48795
 CVE-2023-45284
-CVE-2023-39326
+CVE-2023-45285
+CVE-2023-48795
diff --git a/git-sync/trivyignore b/git-sync/trivyignore
@@ -1,12 +1,11 @@
 # Upstream git-sync images include several CVEs.
 # We should try to remove these each time we update.
-CVE-2022-1304
-CVE-2022-42916
-CVE-2022-43551
 CVE-2019-8457
-CVE-2021-33560
 CVE-2020-16156
-CVE-2022-29458
+CVE-2021-33560
 CVE-2021-41617
-CVE-2020-16156
+CVE-2022-1304
 CVE-2022-21698
+CVE-2022-29458
+CVE-2022-42916
+CVE-2022-43551
diff --git a/grafana/trivyignore b/grafana/trivyignore
@@ -1,5 +1,4 @@
+# The following are all within grafana-server, grafana-cli
 # Upstream grafana images include several CVEs.
 # We should try to remove these each time we update.
-
-# The following are all within grafana-server, grafana-cli
 GHSA-9763-4f94-gfch
diff --git a/grafana/twistcliignore b/grafana/twistcliignore
@@ -1,11 +1,11 @@
+CVE-2016-10735
 CVE-2018-14041
 CVE-2018-14042
 CVE-2018-20676
 CVE-2018-20677
-CVE-2023-45285
+CVE-2023-39326
 CVE-2023-45283
-GHSA-9763-4f94-gfch
-CVE-2016-10735
-CVE-2023-48795
 CVE-2023-45284
-CVE-2023-39326
+CVE-2023-45285
+CVE-2023-48795
+GHSA-9763-4f94-gfch
diff --git a/init/twistcliignore b/init/twistcliignore
@@ -1,7 +1,7 @@
-CVE-2023-45285
+CVE-2023-39326
 CVE-2023-45283
-CVE-2023-48795
 CVE-2023-45284
-CVE-2023-39326
-CVE-2023-6237
+CVE-2023-45285
+CVE-2023-48795
 CVE-2023-6129
+CVE-2023-6237
diff --git a/keda-metrics-apiserver/trivyignore b/keda-metrics-apiserver/trivyignore
@@ -1,3 +1,3 @@
 # Upstream registry service include several CVEs.
 # We should try to remove these each time we update.
-CVE-2022-41723
+CVE-2022-41723
diff --git a/keda/trivyignore b/keda/trivyignore
@@ -1,3 +1,3 @@
 # Upstream registry service include several CVEs.
 # We should try to remove these each time we update.
-CVE-2022-41723
+CVE-2022-41723
diff --git a/kube-state/twistcliignore b/kube-state/twistcliignore
@@ -1,6 +1,6 @@
-PRISMA-2022-0227
-CVE-2023-45285
+CVE-2023-39326
 CVE-2023-45283
-CVE-2023-48795
 CVE-2023-45284
-CVE-2023-39326
+CVE-2023-45285
+CVE-2023-48795
+PRISMA-2022-0227
diff --git a/nats-exporter/twistcliignore b/nats-exporter/twistcliignore
@@ -1,7 +1,7 @@
-CVE-2023-45285
+CVE-2023-39326
 CVE-2023-45283
-CVE-2023-48795
 CVE-2023-45284
-CVE-2023-39326
-CVE-2023-6237
+CVE-2023-45285
+CVE-2023-48795
 CVE-2023-6129
+CVE-2023-6237
diff --git a/nats-server/trivyignore b/nats-server/trivyignore
@@ -1 +1 @@
-CVE-2023-46129
+CVE-2023-46129
diff --git a/nats-server/twistcliignore b/nats-server/twistcliignore
@@ -1,7 +1,7 @@
-CVE-2023-45285
+CVE-2023-39326
 CVE-2023-45283
-CVE-2023-48795
 CVE-2023-45284
-CVE-2023-39326
-CVE-2023-6237
+CVE-2023-45285
+CVE-2023-48795
 CVE-2023-6129
+CVE-2023-6237
diff --git a/nats-streaming/trivyignore b/nats-streaming/trivyignore
@@ -1,2 +1,2 @@
+CVE-2023-46129
 CVE-2023-47090
-CVE-2023-46129
diff --git a/nats-streaming/twistcliignore b/nats-streaming/twistcliignore
@@ -1,12 +1,12 @@
 CVE-2023-29406
-CVE-2023-39319
-CVE-2023-39318
 CVE-2023-29409
+CVE-2023-39318
+CVE-2023-39319
 CVE-2023-39323
+CVE-2023-39326
+CVE-2023-45283
+CVE-2023-45284
+CVE-2023-45285
 CVE-2023-46129
 CVE-2023-47090
-CVE-2023-45285
-CVE-2023-45283
 CVE-2023-48795
-CVE-2023-45284
-CVE-2023-39326
diff --git a/nginx/twistcliignore b/nginx/twistcliignore
@@ -1,2 +1,2 @@
+CVE-2023-39325
 PRISMA-2023-0056
-CVE-2023-39325
diff --git a/pgbouncer-exporter/twistcliignore b/pgbouncer-exporter/twistcliignore
@@ -1,7 +1,7 @@
-CVE-2023-45285
+CVE-2023-39326
 CVE-2023-45283
-CVE-2023-48795
 CVE-2023-45284
-CVE-2023-39326
-CVE-2023-6237
+CVE-2023-45285
+CVE-2023-48795
 CVE-2023-6129
+CVE-2023-6237
diff --git a/pgbouncer-krb/trivyignore b/pgbouncer-krb/trivyignore
@@ -1 +0,0 @@
-

diff --git a/pgbouncer/twistcliignore b/pgbouncer/twistcliignore
@@ -1,5 +1,5 @@
-CVE-2023-45285
+CVE-2023-39326
 CVE-2023-45283
-CVE-2023-48795
 CVE-2023-45284
-CVE-2023-39326
+CVE-2023-45285
+CVE-2023-48795
diff --git a/po-pgbouncer/trivyignore b/po-pgbouncer/trivyignore
@@ -1,3 +1,2 @@
 # Upstream prometheus images include several CVEs.
 # We should try to remove these each time we update.
-
diff --git a/po-spilo/trivyignore b/po-spilo/trivyignore
@@ -1,8 +1,7 @@
 # Upstream prometheus images include several CVEs.
 # We should try to remove these each time we update.
-CVE-2021-38561
+CVE-2020-29652
 CVE-2021-33194
+CVE-2021-38561
 CVE-2021-44716
-CVE-2021-33194
-CVE-2020-29652
-CVE-2022-27191
+CVE-2022-27191
diff --git a/postgres-exporter/twistcliignore b/postgres-exporter/twistcliignore
@@ -1,7 +1,7 @@
-CVE-2023-45285
+CVE-2023-39326
 CVE-2023-45283
-CVE-2023-48795
 CVE-2023-45284
-CVE-2023-39326
-CVE-2023-6237
+CVE-2023-45285
+CVE-2023-48795
 CVE-2023-6129
+CVE-2023-6237
diff --git a/postgres-operator/trivyignore b/postgres-operator/trivyignore
@@ -1,8 +1,8 @@
 # Upstream postgres-operator images include several CVEs.
 # We should try to remove these each time we update.
-CVE-2022-37434
-CVE-2022-27191
+CVE-2021-38561
 CVE-2021-44716
+CVE-2022-27191
 CVE-2022-27664
-CVE-2021-38561
-CVE-2022-32149
+CVE-2022-32149
+CVE-2022-37434
diff --git a/postgresql/trivyignore b/postgresql/trivyignore
@@ -1,4 +1,4 @@
 # Upstream postgres images include several CVEs.
 # We should try to remove these each time we update.
+CVE-2022-1941
 CVE-2022-29162
-CVE-2022-1941
diff --git a/prometheus/twistcliignore b/prometheus/twistcliignore
@@ -1,4 +1,4 @@
+CVE-2023-40577
+CVE-2023-45286
 CVE-2023-48795
 GHSA-jq35-85cj-fj4p
-CVE-2023-45286
-CVE-2023-40577
diff --git a/redis/trivyignore b/redis/trivyignore
@@ -1,4 +1,4 @@
 # Upstream redis service include several CVEs.
 # We should try to remove these each time we update.
 CVE-2022-29162
-CVE-2023-27561
+CVE-2023-27561
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		statsd-exporter/test/statsd-test-config.js
		statsd-exporter/test/statsd-test-config.js
Original file line number	Diff line number	Diff line change
		@@ -1,3 +1,2 @@
		# Upstream alertmanager images include several CVEs.
		# We should try to remove these each time we update.
Original file line number	Diff line number	Diff line change
		@@ -1,3 +1,2 @@
		# Upstream dind-golang images include several CVEs.
		# We should try to remove these each time we update.
Original file line number	Diff line number	Diff line change
		@@ -1,3 +1,2 @@
		# Upstream prometheus images include several CVEs.
		# We should try to remove these each time we update.