Skip to content

Commit

Permalink
Normalizd image tag correction (#138)
Browse files Browse the repository at this point in the history
* add normalized image tag to the registry as well

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>

* add test case for registry that run on our system test

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>

---------

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
Co-authored-by: rcohencyberarmor <rcohen@armosec.io>
  • Loading branch information
rcohencyberarmor and rcohencyberarmor authored Aug 14, 2023
1 parent e7b8d3d commit c086e93
Show file tree
Hide file tree
Showing 3 changed files with 82 additions and 6 deletions.
13 changes: 7 additions & 6 deletions controllers/http.go
Original file line number Diff line number Diff line change
Expand Up @@ -194,12 +194,13 @@ func (h HTTPController) ScanRegistry(c *gin.Context) {

func registryScanCommandToScanCommand(c wssc.RegistryScanCommand) domain.ScanCommand {
command := domain.ScanCommand{
Credentialslist: c.Credentialslist,
ImageTag: c.ImageTag,
JobID: c.JobID,
ParentJobID: c.ParentJobID,
Args: c.Args,
Session: sessionChainToSession(c.Session),
Credentialslist: c.Credentialslist,
ImageTag: c.ImageTag,
ImageTagNormalized: tools.NormalizeReference(c.ImageTag),
JobID: c.JobID,
ParentJobID: c.ParentJobID,
Args: c.Args,
Session: sessionChainToSession(c.Session),
}
if slug, err := names.ImageInfoToSlug(c.ImageTag, "nohash"); err == nil {
command.ImageSlug = slug
Expand Down
68 changes: 68 additions & 0 deletions controllers/http_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ import (
"os"
"testing"

wssc "github.com/armosec/armoapi-go/apis"
"github.com/docker/docker/api/types"
"github.com/gammazero/workerpool"
"github.com/gin-gonic/gin"
"github.com/kubescape/kubevuln/core/ports"
Expand Down Expand Up @@ -210,3 +212,69 @@ func TestHTTPController_ScanRegistry(t *testing.T) {
})
}
}

func Test_registryScanCommandToScanCommand(t *testing.T) {

tests := []struct {
wssc.RegistryScanCommand
}{
{
wssc.RegistryScanCommand{
ImageScanParams: wssc.ImageScanParams{
Credentialslist: []types.AuthConfig{},
ImageTag: "docker.io/library/nginx:1.14.1",
JobID: "some Job ID for nginx",
ParentJobID: "some Parent Job ID for nginx",
},
},
},
{
wssc.RegistryScanCommand{
ImageScanParams: wssc.ImageScanParams{
Credentialslist: []types.AuthConfig{},
ImageTag: "nginx@sha256:73e957703f1266530db0aeac1fd6a3f87c1e59943f4c13eb340bb8521c6041d7",
JobID: "some Job ID for nginx sha",
ParentJobID: "some Parent Job ID for nginx sha",
},
},
},
{
wssc.RegistryScanCommand{
ImageScanParams: wssc.ImageScanParams{
Credentialslist: []types.AuthConfig{},
ImageTag: "nginx:latest",
JobID: "some Job ID for nginx latest",
ParentJobID: "some Parent Job ID for nginx latest",
},
},
},
{
wssc.RegistryScanCommand{
ImageScanParams: wssc.ImageScanParams{
Credentialslist: []types.AuthConfig{},
ImageTag: "docker.io/library/nginx:latest",
JobID: "some Job ID for nginx latest with docker hub",
ParentJobID: "some Parent Job ID for nginx latest with docker hub",
},
},
},
{
wssc.RegistryScanCommand{
ImageScanParams: wssc.ImageScanParams{
Credentialslist: []types.AuthConfig{},
ImageTag: "docker.io/library/nginx:latest@sha256:73e957703f1266530db0aeac1fd6a3f87c1e59943f4c13eb340bb8521c6041d7",
JobID: "some Job ID for nginx latest with docker hub library",
ParentJobID: "some Parent Job ID for nginx latest with docker hub library",
},
},
},
}
for i := range tests {
scanComm := registryScanCommandToScanCommand(tests[i].RegistryScanCommand)
assert.Equal(t, tests[i].Credentialslist, scanComm.Credentialslist)
assert.Equal(t, tests[i].ImageTag, scanComm.ImageTag)
assert.Equal(t, tools.NormalizeReference(tests[i].ImageTag), scanComm.ImageTagNormalized)
assert.Equal(t, tests[i].JobID, scanComm.JobID)
assert.Equal(t, tests[i].ParentJobID, scanComm.ParentJobID)
}
}
7 changes: 7 additions & 0 deletions internal/tools/tools_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,13 @@ func TestNormalizeReference(t *testing.T) {
},
want: "quay.io/kubescape/kubevuln:latest@sha256:616d1d4312551b94088deb6ddab232ecabbbff0c289949a0d5f12d4b527c3f8a",
},
{
name: "some image other registry",
args: args{
ref: "public-registry.systest-ns-na6n:5000/nginx:test",
},
want: "public-registry.systest-ns-na6n:5000/nginx:test",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Expand Down

0 comments on commit c086e93

Please sign in to comment.