Skip to content

Commit

Permalink
normalizeImageID
Browse files Browse the repository at this point in the history 
Signed-off-by: David Wertenteil <dwertent@armosec.io>

update regex

Signed-off-by: David Wertenteil <dwertent@armosec.io>
  • Loading branch information
David Wertenteil committed Jun 3, 2024
1 parent 29d3345 commit d1c2ac4
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 9 deletions.
25 changes: 17 additions & 8 deletions adapters/v1/syft.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"errors"
"fmt"
"regexp"
"runtime"
"strings"
"time"
Expand Down Expand Up @@ -35,6 +36,10 @@ type SyftAdapter struct {
scanTimeout time.Duration
}

const digestDelim = "@"

var hashPattern = regexp.MustCompile(`^(.*@)?sha256:[a-f0-9]{64}$`)

var _ ports.SBOMCreator = (*SyftAdapter)(nil)

// NewSyftAdapter initializes the SyftAdapter struct
Expand All @@ -46,22 +51,25 @@ func NewSyftAdapter(scanTimeout time.Duration, maxImageSize int64, maxSBOMSize i
}
}

const digestDelim = "@"

func normalizeImageID(imageID, imageTag string) string {
// registry scanning doesn't provide imageID, so we use imageTag as a reference
if imageID == "" {
return imageTag
}

if !hashPattern.MatchString(imageID) {
return imageTag
}
// try to parse imageID as a full digest
if newDigest, err := name.NewDigest(imageID); err == nil {
if newDigest, err := name.NewDigest(imageTag); err == nil {
return newDigest.String()
}
// if it's not a full digest, we need to use imageTag as a reference
tag, err := name.ParseReference(imageTag)
if err != nil {
return ""
return imageTag
}

// and append imageID as a digest
parts := strings.Split(imageID, digestDelim)
// filter garbage
Expand All @@ -84,6 +92,9 @@ func (s *SyftAdapter) CreateSBOM(ctx context.Context, name, imageID, imageTag st
ctx, span := otel.Tracer("").Start(ctx, "SyftAdapter.CreateSBOM")
defer span.End()

if imageTag != "" {
imageID = normalizeImageID(imageID, imageTag)
}
// prepare an SBOM and fill it progressively
domainSBOM := domain.SBOM{
Name: name,
Expand All @@ -94,10 +105,8 @@ func (s *SyftAdapter) CreateSBOM(ctx context.Context, name, imageID, imageTag st
},
Labels: tools.LabelsFromImageID(imageID),
}
if imageTag != "" {
imageID = normalizeImageID(imageID, imageTag)
domainSBOM.Annotations[helpersv1.ImageTagMetadataKey] = imageTag
}
domainSBOM.Annotations[helpersv1.ImageTagMetadataKey] = imageTag

// translate business models into Syft models
if options.Platform == "" {
options.Platform = runtime.GOARCH
Expand Down
2 changes: 1 addition & 1 deletion adapters/v1/syft_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,7 +208,7 @@ func TestNormalizeImageID(t *testing.T) {
name: "quay.io-kubescape-kubescape-v3.0.3-88a469",
imageID: "86413975e2d0330176894e4f3f5987505ed27b1191f2537797fbbf345b88a469",
imageTag: "quay.io/kubescape/kubescape:v3.0.3",
want: "quay.io/kubescape/kubescape@sha256:86413975e2d0330176894e4f3f5987505ed27b1191f2537797fbbf345b88a469",
want: "quay.io/kubescape/kubescape:v3.0.3",
},
{
name: "registry.k8s.io-kube-scheduler-v1.28.4-3d2c54",
Expand Down

0 comments on commit d1c2ac4

Please sign in to comment.