From b71845e0e2558893da1a5dc1b06f6f8aadba1d87 Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Thu, 22 Aug 2019 14:20:19 +0000
Subject: [PATCH] whitelist known vulnerabilities in clair scanner until next
 centos service release

---
 tests/centos7-clair-whitelist.yaml | 27 +++++++++++++++++++++++++++
 tests/clairscan.sh                 |  3 ++-
 2 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 tests/centos7-clair-whitelist.yaml

diff --git a/tests/centos7-clair-whitelist.yaml b/tests/centos7-clair-whitelist.yaml
new file mode 100644
index 0000000..d4d5544
--- /dev/null
+++ b/tests/centos7-clair-whitelist.yaml
@@ -0,0 +1,27 @@
+generalwhitelist:
+  RHSA-2019:2030: python
+  RHSA-2019:2237: nss-softokn
+  RHSA-2019:2237: nss-softokn-freebl
+  RHSA-2019:2118: glibc-common
+  RHSA-2019:2030: python-libs
+  RHSA-2019:2237: nspr
+  RHSA-2019:2075: binutils
+  RHSA-2019:2237: nss-sysinit
+  RHSA-2019:2118: glibc
+  RHSA-2019:2136: libssh2
+  RHSA-2019:2091: systemd
+  RHSA-2019:2189: procps-ng
+  RHSA-2019:2237: nss-util
+  RHSA-2019:2110: rsyslog
+  RHSA-2019:2057: bind-license
+  RHSA-2019:2091: systemd-libs
+  RHSA-2019:2304: openssl-libs
+  RHSA-2019:2237: nss
+  RHSA-2019:2237: nss-tools
+  RHSA-2019:2304: openssl-devel
+  RHSA-2019:2159: unzip
+  RHSA-2019:2181: libcurl
+  RHSA-2019:2197: elfutils-libs
+  RHSA-2019:2181: curl
+  RHSA-2019:2197: elfutils-libelf
+  RHSA-2019:2197: elfutils-default-yama-scope
diff --git a/tests/clairscan.sh b/tests/clairscan.sh
index 26c93bc..c80c285 100755
--- a/tests/clairscan.sh
+++ b/tests/clairscan.sh
@@ -46,7 +46,8 @@ echo 'sending ip addr' ${clairip} 'to clair-scan server...'
 
 #run scan
 echo 'running scan...'
-./clair-scanner --ip ${clairip} $1
+./clair-scanner -w centos7-clair-whitelist.yaml --ip ${clairip} $1
+#./clair-scanner --ip ${clairip} $1
 retcode=$?
 
 #eval results