mirror of
https://github.com/SAP/jenkins-library.git
synced 2025-03-03 15:02:35 +02:00
fix(detectExecuteScan): sanitize container image name before saving (#4834)
* fix(detectExecuteScan): sanitize container image name before saving Co-authored-by: Philipp Stehle <philipp.stehle@sap.com> * mock docker client during unit tests Co-authored-by: Pavel Busko <pavel.busko@sap.com> Co-authored-by: Philipp Stehle <philipp.stehle@sap.com> --------- Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
This commit is contained in:
Pavel Busko
GitHub
parent
b644bf7e15
commit
38fa25795a
@ -14,6 +14,7 @@ import (
|
|||||||
|
|
||||||
bd "github.com/SAP/jenkins-library/pkg/blackduck"
|
bd "github.com/SAP/jenkins-library/pkg/blackduck"
|
||||||
"github.com/SAP/jenkins-library/pkg/command"
|
"github.com/SAP/jenkins-library/pkg/command"
|
||||||
|
piperDocker "github.com/SAP/jenkins-library/pkg/docker"
|
||||||
piperGithub "github.com/SAP/jenkins-library/pkg/github"
|
piperGithub "github.com/SAP/jenkins-library/pkg/github"
|
||||||
"github.com/SAP/jenkins-library/pkg/golang"
|
"github.com/SAP/jenkins-library/pkg/golang"
|
||||||
piperhttp "github.com/SAP/jenkins-library/pkg/http"
|
piperhttp "github.com/SAP/jenkins-library/pkg/http"
|
||||||
@ -49,6 +50,7 @@ type detectUtils interface {
|
|||||||
GetIssueService() *github.IssuesService
|
GetIssueService() *github.IssuesService
|
||||||
GetSearchService() *github.SearchService
|
GetSearchService() *github.SearchService
|
||||||
GetProvider() orchestrator.ConfigProvider
|
GetProvider() orchestrator.ConfigProvider
|
||||||
|
GetDockerClient(options piperDocker.ClientOptions) piperDocker.Download
|
||||||
}
|
}
|
||||||
|
|
||||||
type detectUtilsBundle struct {
|
type detectUtilsBundle struct {
|
||||||
@ -72,6 +74,13 @@ func (d *detectUtilsBundle) GetProvider() orchestrator.ConfigProvider {
|
|||||||
return d.provider
|
return d.provider
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (d *detectUtilsBundle) GetDockerClient(options piperDocker.ClientOptions) piperDocker.Download {
|
||||||
|
client := &piperDocker.Client{}
|
||||||
|
client.SetOptions(options)
|
||||||
|
|
||||||
|
return client
|
||||||
|
}
|
||||||
|
|
||||||
type blackduckSystem struct {
|
type blackduckSystem struct {
|
||||||
Client bd.Client
|
Client bd.Client
|
||||||
}
|
}
|
||||||
@ -266,22 +275,26 @@ func mapDetectError(err error, config detectExecuteScanOptions, utils detectUtil
|
|||||||
}
|
}
|
||||||
|
|
||||||
func runDetectImages(ctx context.Context, config detectExecuteScanOptions, utils detectUtils, sys *blackduckSystem, influx *detectExecuteScanInflux, blackduckSystem *blackduckSystem) error {
|
func runDetectImages(ctx context.Context, config detectExecuteScanOptions, utils detectUtils, sys *blackduckSystem, influx *detectExecuteScanInflux, blackduckSystem *blackduckSystem) error {
|
||||||
var err error
|
|
||||||
log.Entry().Infof("Scanning %d images", len(config.ImageNameTags))
|
log.Entry().Infof("Scanning %d images", len(config.ImageNameTags))
|
||||||
for _, image := range config.ImageNameTags {
|
for _, image := range config.ImageNameTags {
|
||||||
// Download image to be scanned
|
// Download image to be scanned
|
||||||
log.Entry().Debugf("Scanning image: %q", image)
|
log.Entry().Debugf("Scanning image: %q", image)
|
||||||
tarName := fmt.Sprintf("%s.tar", strings.Split(image, ":")[0])
|
|
||||||
|
|
||||||
options := containerSaveImageOptions{
|
options := &containerSaveImageOptions{
|
||||||
ContainerRegistryURL: config.RegistryURL,
|
ContainerRegistryURL: config.RegistryURL,
|
||||||
ContainerImage: image,
|
ContainerImage: image,
|
||||||
ContainerRegistryPassword: config.RepositoryPassword,
|
ContainerRegistryPassword: config.RepositoryPassword,
|
||||||
ContainerRegistryUser: config.RepositoryUsername,
|
ContainerRegistryUser: config.RepositoryUsername,
|
||||||
FilePath: tarName,
|
|
||||||
ImageFormat: "legacy",
|
ImageFormat: "legacy",
|
||||||
}
|
}
|
||||||
containerSaveImage(options, &telemetry.CustomData{})
|
|
||||||
|
dClientOptions := piperDocker.ClientOptions{ImageName: options.ContainerImage, RegistryURL: options.ContainerRegistryURL, ImageFormat: options.ImageFormat}
|
||||||
|
dClient := utils.GetDockerClient(dClientOptions)
|
||||||
|
|
||||||
|
tarName, err := runContainerSaveImage(options, &telemetry.CustomData{}, "./cache", "", dClient, utils)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
args := []string{"./detect.sh"}
|
args := []string{"./detect.sh"}
|
||||||
args, err = addDetectArgsImages(args, config, utils, sys, tarName)
|
args, err = addDetectArgsImages(args, config, utils, sys, tarName)
|
||||||
|
|||||||
@ -15,6 +15,7 @@ import (
|
|||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
bd "github.com/SAP/jenkins-library/pkg/blackduck"
|
bd "github.com/SAP/jenkins-library/pkg/blackduck"
|
||||||
|
piperDocker "github.com/SAP/jenkins-library/pkg/docker"
|
||||||
piperGithub "github.com/SAP/jenkins-library/pkg/github"
|
piperGithub "github.com/SAP/jenkins-library/pkg/github"
|
||||||
piperhttp "github.com/SAP/jenkins-library/pkg/http"
|
piperhttp "github.com/SAP/jenkins-library/pkg/http"
|
||||||
"github.com/SAP/jenkins-library/pkg/mock"
|
"github.com/SAP/jenkins-library/pkg/mock"
|
||||||
@ -22,6 +23,7 @@ import (
|
|||||||
|
|
||||||
"github.com/google/go-github/v45/github"
|
"github.com/google/go-github/v45/github"
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
type detectTestUtilsBundle struct {
|
type detectTestUtilsBundle struct {
|
||||||
@ -31,6 +33,7 @@ type detectTestUtilsBundle struct {
|
|||||||
*mock.FilesMock
|
*mock.FilesMock
|
||||||
customEnv []string
|
customEnv []string
|
||||||
orchestrator *orchestratorConfigProviderMock
|
orchestrator *orchestratorConfigProviderMock
|
||||||
|
dClient *mock.DownloadMock
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *detectTestUtilsBundle) GetProvider() orchestrator.ConfigProvider {
|
func (d *detectTestUtilsBundle) GetProvider() orchestrator.ConfigProvider {
|
||||||
@ -45,6 +48,10 @@ func (d *detectTestUtilsBundle) GetSearchService() *github.SearchService {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (d *detectTestUtilsBundle) GetDockerClient(options piperDocker.ClientOptions) piperDocker.Download {
|
||||||
|
return d.dClient
|
||||||
|
}
|
||||||
|
|
||||||
type orchestratorConfigProviderMock struct {
|
type orchestratorConfigProviderMock struct {
|
||||||
orchestrator.UnknownOrchestratorConfigProvider
|
orchestrator.UnknownOrchestratorConfigProvider
|
||||||
isPullRequest bool
|
isPullRequest bool
|
||||||
@ -289,6 +296,7 @@ func newDetectTestUtilsBundle(isPullRequest bool) *detectTestUtilsBundle {
|
|||||||
ShellMockRunner: &mock.ShellMockRunner{},
|
ShellMockRunner: &mock.ShellMockRunner{},
|
||||||
FilesMock: &mock.FilesMock{},
|
FilesMock: &mock.FilesMock{},
|
||||||
orchestrator: &orchestratorConfigProviderMock{isPullRequest: isPullRequest},
|
orchestrator: &orchestratorConfigProviderMock{isPullRequest: isPullRequest},
|
||||||
|
dClient: &mock.DownloadMock{},
|
||||||
}
|
}
|
||||||
return &utilsBundle
|
return &utilsBundle
|
||||||
}
|
}
|
||||||
@ -344,6 +352,28 @@ func TestRunDetect(t *testing.T) {
|
|||||||
expectedParam := "\"--detect.maven.build.command=--global-settings global-settings.xml --settings project-settings.xml -Dmaven.repo.local=" + absoluteLocalPath + "\""
|
expectedParam := "\"--detect.maven.build.command=--global-settings global-settings.xml --settings project-settings.xml -Dmaven.repo.local=" + absoluteLocalPath + "\""
|
||||||
assert.Contains(t, utilsMock.Calls[0], expectedParam)
|
assert.Contains(t, utilsMock.Calls[0], expectedParam)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
t.Run("images scan", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
ctx := context.Background()
|
||||||
|
utilsMock := newDetectTestUtilsBundle(false)
|
||||||
|
utilsMock.CurrentDir = "root_folder"
|
||||||
|
utilsMock.AddFile("detect.sh", []byte(""))
|
||||||
|
err := runDetect(ctx, detectExecuteScanOptions{
|
||||||
|
ScanContainerDistro: "ubuntu",
|
||||||
|
ImageNameTags: []string{"foo/bar:latest", "bar/bazz:latest"},
|
||||||
|
}, utilsMock, &detectExecuteScanInflux{})
|
||||||
|
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.Equal(t, ".", utilsMock.Dir, "Wrong execution directory used")
|
||||||
|
require.Equal(t, 3, len(utilsMock.Calls))
|
||||||
|
|
||||||
|
expectedParam1 := "--detect.docker.tar=./foo_bar_latest.tar --detect.target.type=IMAGE --detect.tools.excluded=DETECTOR --detect.docker.passthrough.shared.dir.path.local=/opt/blackduck/blackduck-imageinspector/shared/ --detect.docker.passthrough.shared.dir.path.imageinspector=/opt/blackduck/blackduck-imageinspector/shared --detect.docker.passthrough.imageinspector.service.distro.default=ubuntu --detect.docker.passthrough.imageinspector.service.start=false --detect.docker.passthrough.output.include.squashedimage=false --detect.docker.passthrough.imageinspector.service.url=http://localhost:8082"
|
||||||
|
assert.Contains(t, utilsMock.Calls[1], expectedParam1)
|
||||||
|
|
||||||
|
expectedParam2 := "--detect.docker.tar=./bar_bazz_latest.tar --detect.target.type=IMAGE --detect.tools.excluded=DETECTOR --detect.docker.passthrough.shared.dir.path.local=/opt/blackduck/blackduck-imageinspector/shared/ --detect.docker.passthrough.shared.dir.path.imageinspector=/opt/blackduck/blackduck-imageinspector/shared --detect.docker.passthrough.imageinspector.service.distro.default=ubuntu --detect.docker.passthrough.imageinspector.service.start=false --detect.docker.passthrough.output.include.squashedimage=false --detect.docker.passthrough.imageinspector.service.url=http://localhost:8082"
|
||||||
|
assert.Contains(t, utilsMock.Calls[2], expectedParam2)
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestAddDetectArgs(t *testing.T) {
|
func TestAddDetectArgs(t *testing.T) {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user