Skip to content

Commit

Permalink
send normalized imageTag to backend
Browse files Browse the repository at this point in the history
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
  • Loading branch information
matthyx committed Aug 8, 2023
1 parent b854b27 commit 3730e6e
Show file tree
Hide file tree
Showing 7 changed files with 118 additions and 27 deletions.
2 changes: 1 addition & 1 deletion adapters/v1/armo.go
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ func (a *ArmoAdapter) SendStatus(ctx context.Context, step int) error {
)
report.Status = statuses[step]
report.Target = fmt.Sprintf("vuln scan:: scanning wlid: %v , container: %v imageTag: %v imageHash: %s",
workload.Wlid, workload.ContainerName, workload.ImageTag, workload.ImageHash)
workload.Wlid, workload.ContainerName, workload.ImageTagNormalized, workload.ImageHash)
report.ActionID = strconv.Itoa(lastAction)
report.ActionIDN = lastAction
report.ActionName = ActionName
Expand Down
4 changes: 2 additions & 2 deletions adapters/v1/armo_utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@ func summarize(report v1.ScanResultReport, vulnerabilities []containerscan.Commo
ContainerScanID: report.ContainerScanID,
WLID: workload.Wlid,
ImageID: workload.ImageHash,
ImageTag: workload.ImageTag,
ImageTag: workload.ImageTagNormalized,
ClusterName: report.Designators.Attributes[armotypes.AttributeCluster],
Namespace: report.Designators.Attributes[armotypes.AttributeNamespace],
ContainerName: report.Designators.Attributes[armotypes.AttributeContainerName],
Expand All @@ -161,7 +161,7 @@ func summarize(report v1.ScanResultReport, vulnerabilities []containerscan.Commo
HasRelevancyData: hasRelevancy,
}

imageInfo, err := armometadata.ImageTagToImageInfo(workload.ImageTag)
imageInfo, err := armometadata.ImageTagToImageInfo(workload.ImageTagNormalized)
if err == nil {
summary.Registry = imageInfo.Registry
summary.Version = imageInfo.VersionImage
Expand Down
4 changes: 2 additions & 2 deletions adapters/v1/domain_to_armo.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ func domainToArmo(ctx context.Context, grypeDocument v1beta1.GrypeDocument, vuln
Vulnerability: containerscan.Vulnerability{
Name: match.Vulnerability.ID,
ImageID: workload.ImageHash,
ImageTag: workload.ImageTag,
ImageTag: workload.ImageTagNormalized,
RelatedPackageName: match.Artifact.Name,
PackageVersion: match.Artifact.Version,
Link: link,
Expand All @@ -101,7 +101,7 @@ func domainToArmo(ctx context.Context, grypeDocument v1beta1.GrypeDocument, vuln
Fixes: []containerscan.FixedIn{
{
Name: match.Vulnerability.Fix.State,
ImgTag: workload.ImageTag,
ImgTag: workload.ImageTagNormalized,
Version: version,
},
},
Expand Down
22 changes: 12 additions & 10 deletions controllers/http.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"github.com/kubescape/k8s-interface/names"
"github.com/kubescape/kubevuln/core/domain"
"github.com/kubescape/kubevuln/core/ports"
"github.com/kubescape/kubevuln/internal/tools"
"schneider.vip/problem"
)

Expand Down Expand Up @@ -126,16 +127,17 @@ func (h HTTPController) ScanCVE(c *gin.Context) {

func websocketScanCommandToScanCommand(c wssc.WebsocketScanCommand) domain.ScanCommand {
command := domain.ScanCommand{
Credentialslist: c.Credentialslist,
ImageHash: c.ImageHash,
Wlid: c.Wlid,
ImageTag: c.ImageTag,
JobID: c.JobID,
ContainerName: c.ContainerName,
LastAction: c.LastAction,
ParentJobID: c.ParentJobID,
Args: c.Args,
Session: sessionChainToSession(c.Session),
Credentialslist: c.Credentialslist,
ImageHash: c.ImageHash,
Wlid: c.Wlid,
ImageTag: c.ImageTag,
ImageTagNormalized: tools.NormalizeReference(c.ImageTag),
JobID: c.JobID,
ContainerName: c.ContainerName,
LastAction: c.LastAction,
ParentJobID: c.ParentJobID,
Args: c.Args,
Session: sessionChainToSession(c.Session),
}
if slug, err := names.ImageInfoToSlug(c.ImageTag, c.ImageHash); err == nil {
command.ImageSlug = slug
Expand Down
25 changes: 13 additions & 12 deletions core/domain/scan.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,18 +30,19 @@ type TimestampKey struct{}
type WorkloadKey struct{}

type ScanCommand struct {
Credentialslist []types.AuthConfig
ImageHash string
ImageSlug string
InstanceID string
Wlid string
ImageTag string
JobID string
ContainerName string
LastAction int
ParentJobID string
Args map[string]interface{}
Session Session
Credentialslist []types.AuthConfig
ImageHash string
ImageSlug string
InstanceID string
Wlid string
ImageTag string
ImageTagNormalized string
JobID string
ContainerName string
LastAction int
ParentJobID string
Args map[string]interface{}
Session Session
}

type Session struct {
Expand Down
8 changes: 8 additions & 0 deletions internal/tools/tools.go
Original file line number Diff line number Diff line change
Expand Up @@ -105,3 +105,11 @@ func DeleteContents(dir string) error {
}
return nil
}

func NormalizeReference(ref string) string {
n, err := reference.ParseNormalizedNamed(ref)
if err != nil {
return ref
}
return n.String()
}
80 changes: 80 additions & 0 deletions internal/tools/tools_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,3 +60,83 @@ func TestLabelsFromImageID(t *testing.T) {
})
}
}

func TestNormalizeReference(t *testing.T) {
type args struct {
ref string
}
tests := []struct {
name string
args args
want string
}{
{
name: "image tag",
args: args{
ref: "nginx:latest",
},
want: "docker.io/library/nginx:latest",
},
{
name: "image sha",
args: args{
ref: "nginx@sha256:73e957703f1266530db0aeac1fd6a3f87c1e59943f4c13eb340bb8521c6041d7",
},
want: "docker.io/library/nginx@sha256:73e957703f1266530db0aeac1fd6a3f87c1e59943f4c13eb340bb8521c6041d7",
},
{
name: "image tag sha",
args: args{
ref: "nginx:latest@sha256:73e957703f1266530db0aeac1fd6a3f87c1e59943f4c13eb340bb8521c6041d7",
},
want: "docker.io/library/nginx:latest@sha256:73e957703f1266530db0aeac1fd6a3f87c1e59943f4c13eb340bb8521c6041d7",
},
{
name: "repo image tag",
args: args{
ref: "docker.io/library/nginx:latest",
},
want: "docker.io/library/nginx:latest",
},
{
name: "repo image sha",
args: args{
ref: "docker.io/library/nginx@sha256:73e957703f1266530db0aeac1fd6a3f87c1e59943f4c13eb340bb8521c6041d7",
},
want: "docker.io/library/nginx@sha256:73e957703f1266530db0aeac1fd6a3f87c1e59943f4c13eb340bb8521c6041d7",
},
{
name: "repo image tag sha",
args: args{
ref: "docker.io/library/nginx:latest@sha256:73e957703f1266530db0aeac1fd6a3f87c1e59943f4c13eb340bb8521c6041d7",
},
want: "docker.io/library/nginx:latest@sha256:73e957703f1266530db0aeac1fd6a3f87c1e59943f4c13eb340bb8521c6041d7",
},
{
name: "quay image tag",
args: args{
ref: "quay.io/kubescape/kubevuln:latest",
},
want: "quay.io/kubescape/kubevuln:latest",
},
{
name: "quay image sha",
args: args{
ref: "quay.io/kubescape/kubevuln@sha256:616d1d4312551b94088deb6ddab232ecabbbff0c289949a0d5f12d4b527c3f8a",
},
want: "quay.io/kubescape/kubevuln@sha256:616d1d4312551b94088deb6ddab232ecabbbff0c289949a0d5f12d4b527c3f8a",
},
{
name: "quay image tag sha",
args: args{
ref: "quay.io/kubescape/kubevuln:latest@sha256:616d1d4312551b94088deb6ddab232ecabbbff0c289949a0d5f12d4b527c3f8a",
},
want: "quay.io/kubescape/kubevuln:latest@sha256:616d1d4312551b94088deb6ddab232ecabbbff0c289949a0d5f12d4b527c3f8a",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
assert.Equalf(t, tt.want, NormalizeReference(tt.args.ref), "NormalizeReference(%v)", tt.args.ref)
})
}
}

0 comments on commit 3730e6e

Please sign in to comment.