Skip to content

Commit

Permalink
rename crd
Browse files Browse the repository at this point in the history 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
  • Loading branch information
@matthyx
matthyx committed Jun 6, 2023
1 parent 08e956e commit 50e3ed1
Show file tree
Hide file tree
Showing 13 changed files with 94 additions and 164 deletions.
4 changes: 2 additions & 2 deletions adapters/mocksbom.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ func NewMockSBOMAdapter(error, timeout, toomanyrequests bool) *MockSBOMAdapter {
}

// CreateSBOM returns a dummy SBOM for the given imageID
func (m MockSBOMAdapter) CreateSBOM(_ context.Context, imageID string, _ domain.RegistryOptions) (domain.SBOM, error) {
func (m MockSBOMAdapter) CreateSBOM(_ context.Context, name, imageID string, _ domain.RegistryOptions) (domain.SBOM, error) {
logger.L().Info("CreateSBOM")
if m.error {
return domain.SBOM{}, domain.ErrMockError
Expand All @@ -48,7 +48,7 @@ func (m MockSBOMAdapter) CreateSBOM(_ context.Context, imageID string, _ domain.
)
}
sbom := domain.SBOM{
ID: imageID,
ID: name,
SBOMCreatorVersion: m.Version(),
Annotations: map[string]string{
instanceidhandler.ImageIDMetadataKey: imageID,
Expand Down
6 changes: 3 additions & 3 deletions adapters/mocksbom_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,19 +11,19 @@ import (

func TestMockSBOMAdapter_CreateSBOM(t *testing.T) {
m := NewMockSBOMAdapter(false, false, false)
sbom, _ := m.CreateSBOM(context.TODO(), "image", domain.RegistryOptions{})
sbom, _ := m.CreateSBOM(context.TODO(), "name", "image", domain.RegistryOptions{})
assert.NotNil(t, sbom.Content)
}

func TestMockSBOMAdapter_CreateSBOM_Error(t *testing.T) {
m := NewMockSBOMAdapter(true, false, false)
_, err := m.CreateSBOM(context.TODO(), "image", domain.RegistryOptions{})
_, err := m.CreateSBOM(context.TODO(), "name", "image", domain.RegistryOptions{})
assert.Error(t, err)
}

func TestMockSBOMAdapter_CreateSBOM_Timeout(t *testing.T) {
m := NewMockSBOMAdapter(false, true, false)
sbom, _ := m.CreateSBOM(context.TODO(), "image", domain.RegistryOptions{})
sbom, _ := m.CreateSBOM(context.TODO(), "name", "image", domain.RegistryOptions{})
assert.Equal(t, sbom.Status, instanceidhandler.Incomplete)
}

Expand Down
4 changes: 2 additions & 2 deletions adapters/v1/syft.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,12 +54,12 @@ func NewSyftAdapter(scanTimeout time.Duration, maxImageSize int64) *SyftAdapter
// CreateSBOM creates an SBOM for a given imageID, restrict parallelism to prevent disk space issues,
// a timeout prevents the process from hanging for too long.
// Format is SPDX JSON and the resulting SBOM is tagged with the Syft version.
func (s *SyftAdapter) CreateSBOM(ctx context.Context, imageID string, options domain.RegistryOptions) (domain.SBOM, error) {
func (s *SyftAdapter) CreateSBOM(ctx context.Context, name, imageID string, options domain.RegistryOptions) (domain.SBOM, error) {
ctx, span := otel.Tracer("").Start(ctx, "SyftAdapter.CreateSBOM")
defer span.End()
// prepare an SBOM and fill it progressively
domainSBOM := domain.SBOM{
ID: imageID,
ID: name,
SBOMCreatorVersion: s.Version(),
Annotations: map[string]string{
instanceidhandler.ImageIDMetadataKey: imageID,
Expand Down
2 changes: 1 addition & 1 deletion adapters/v1/syft_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ func Test_syftAdapter_CreateSBOM(t *testing.T) {
maxImageSize = tt.maxImageSize
}
s := NewSyftAdapter(5*time.Minute, maxImageSize)
got, err := s.CreateSBOM(context.TODO(), tt.imageID, tt.options)
got, err := s.CreateSBOM(context.TODO(), "name", tt.imageID, tt.options)
if (err != nil) != tt.wantErr {
t.Errorf("CreateSBOM() error = %v, wantErr %v", err, tt.wantErr)
return
Expand Down
38 changes: 32 additions & 6 deletions controllers/http.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"github.com/gin-gonic/gin"
"github.com/kubescape/go-logger"
"github.com/kubescape/go-logger/helpers"
"github.com/kubescape/k8s-interface/names"
"github.com/kubescape/kubevuln/core/domain"
"github.com/kubescape/kubevuln/core/ports"
"schneider.vip/problem"
Expand Down Expand Up @@ -47,7 +48,10 @@ func (h HTTPController) GenerateSBOM(c *gin.Context) {

ctx, err = h.scanService.ValidateGenerateSBOM(ctx, newScan)
if err != nil {
logger.L().Ctx(ctx).Error("validation error", helpers.Error(err), helpers.String("imageID", newScan.ImageHash))
logger.L().Ctx(ctx).Error("validation error", helpers.Error(err),
helpers.String("imageID", newScan.ImageID),
helpers.String("imageTag", newScan.ImageTag),
helpers.String("imageHash", newScan.ImageHash))
_, _ = problem.Of(http.StatusInternalServerError).Append(details).WriteTo(c.Writer)
return
}
Expand All @@ -57,7 +61,10 @@ func (h HTTPController) GenerateSBOM(c *gin.Context) {
h.workerPool.Submit(func() {
err = h.scanService.GenerateSBOM(ctx)
if err != nil {
logger.L().Ctx(ctx).Error("service error", helpers.Error(err), helpers.String("imageID", newScan.ImageHash))
logger.L().Ctx(ctx).Error("service error", helpers.Error(err),
helpers.String("imageID", newScan.ImageID),
helpers.String("imageTag", newScan.ImageTag),
helpers.String("imageHash", newScan.ImageHash))
}
})
}
Expand Down Expand Up @@ -95,7 +102,10 @@ func (h HTTPController) ScanCVE(c *gin.Context) {

ctx, err = h.scanService.ValidateScanCVE(ctx, newScan)
if err != nil {
logger.L().Ctx(ctx).Error("validation error", helpers.Error(err), helpers.String("wlid", newScan.Wlid), helpers.String("imageID", newScan.ImageHash))
logger.L().Ctx(ctx).Error("validation error", helpers.Error(err),
helpers.String("imageID", newScan.ImageID),
helpers.String("imageTag", newScan.ImageTag),
helpers.String("imageHash", newScan.ImageHash))
_, _ = problem.Of(http.StatusInternalServerError).Append(details).WriteTo(c.Writer)
return
}
Expand All @@ -105,7 +115,11 @@ func (h HTTPController) ScanCVE(c *gin.Context) {
h.workerPool.Submit(func() {
err = h.scanService.ScanCVE(ctx)
if err != nil {
logger.L().Ctx(ctx).Error("service error", helpers.Error(err), helpers.String("wlid", newScan.Wlid), helpers.String("imageID", newScan.ImageHash))
logger.L().Ctx(ctx).Error("service error", helpers.Error(err),
helpers.String("wlid", newScan.Wlid),
helpers.String("imageID", newScan.ImageID),
helpers.String("imageTag", newScan.ImageTag),
helpers.String("imageHash", newScan.ImageHash))
}
})
}
Expand All @@ -123,6 +137,9 @@ func websocketScanCommandToScanCommand(c wssc.WebsocketScanCommand) domain.ScanC
Args: c.Args,
Session: sessionChainToSession(c.Session),
}
if slug, err := names.ImageInfoToSlug(c.ImageTag, c.ImageHash); err == nil {
command.ImageID = slug
}
if c.InstanceID != nil {
command.InstanceID = *c.InstanceID
}
Expand Down Expand Up @@ -152,7 +169,10 @@ func (h HTTPController) ScanRegistry(c *gin.Context) {

ctx, err = h.scanService.ValidateScanRegistry(ctx, newScan)
if err != nil {
logger.L().Ctx(ctx).Error("validation error", helpers.Error(err), helpers.String("imageID", newScan.ImageTag))
logger.L().Ctx(ctx).Error("validation error", helpers.Error(err),
helpers.String("imageID", newScan.ImageID),
helpers.String("imageTag", newScan.ImageTag),
helpers.String("imageHash", newScan.ImageHash))
_, _ = problem.Of(http.StatusInternalServerError).Append(details).WriteTo(c.Writer)
return
}
Expand All @@ -162,7 +182,10 @@ func (h HTTPController) ScanRegistry(c *gin.Context) {
h.workerPool.Submit(func() {
err = h.scanService.ScanRegistry(ctx)
if err != nil {
logger.L().Ctx(ctx).Error("service error", helpers.Error(err), helpers.String("imageID", newScan.ImageTag))
logger.L().Ctx(ctx).Error("service error", helpers.Error(err),
helpers.String("imageID", newScan.ImageID),
helpers.String("imageTag", newScan.ImageTag),
helpers.String("imageHash", newScan.ImageHash))
}
})
}
Expand All @@ -176,6 +199,9 @@ func registryScanCommandToScanCommand(c wssc.RegistryScanCommand) domain.ScanCom
Args: c.Args,
Session: sessionChainToSession(c.Session),
}
if slug, err := names.ImageInfoToSlug(c.ImageTag, "nohash"); err == nil {
command.ImageID = slug
}
return command
}

Expand Down
3 changes: 2 additions & 1 deletion core/domain/scan.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ var (
ErrExpectedError = errors.New("expected error")
ErrInitVulnDB = errors.New("vulnerability DB is not initialized, run readiness probe")
ErrIncompleteSBOM = errors.New("incomplete SBOM, skipping CVE scan")
ErrMissingImageID = errors.New("missing imageID")
ErrMissingImageInfo = errors.New("missing image information")
ErrMissingScanID = errors.New("missing scanID")
ErrMissingTimestamp = errors.New("missing timestamp")
ErrMissingWorkload = errors.New("missing workload")
Expand All @@ -31,6 +31,7 @@ type WorkloadKey struct{}
type ScanCommand struct {
Credentialslist []types.AuthConfig
ImageHash string
ImageID string
InstanceID string
Wlid string
ImageTag string
Expand Down
2 changes: 1 addition & 1 deletion core/ports/providers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ type CVEScanner interface {

// SBOMCreator is the port implemented by adapters to be used in ScanService to generate SBOM
type SBOMCreator interface {
CreateSBOM(ctx context.Context, imageID string, options domain.RegistryOptions) (domain.SBOM, error)
CreateSBOM(ctx context.Context, name, imageID string, options domain.RegistryOptions) (domain.SBOM, error)
Version() string
}

Expand Down
60 changes: 30 additions & 30 deletions core/services/scan.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,16 +80,16 @@ func (s *ScanService) GenerateSBOM(ctx context.Context) error {
sbom := domain.SBOM{}
var err error
if s.storage {
sbom, err = s.sbomRepository.GetSBOM(ctx, workload.ImageHash, s.sbomCreator.Version())
sbom, err = s.sbomRepository.GetSBOM(ctx, workload.ImageID, s.sbomCreator.Version())
if err != nil {
logger.L().Ctx(ctx).Warning("error getting SBOM", helpers.Error(err), helpers.String("imageID", workload.ImageHash))
logger.L().Ctx(ctx).Warning("error getting SBOM", helpers.Error(err), helpers.String("imageID", workload.ImageID))
}
}

// if SBOM is not available, create it
if sbom.Content == nil {
// create SBOM
sbom, err = s.sbomCreator.CreateSBOM(ctx, workload.ImageHash, optionsFromWorkload(workload))
sbom, err = s.sbomCreator.CreateSBOM(ctx, workload.ImageID, workload.ImageHash, optionsFromWorkload(workload))
s.checkCreateSBOM(err, workload.ImageHash)
if err != nil {
return err
Expand Down Expand Up @@ -124,20 +124,20 @@ func (s *ScanService) ScanCVE(ctx context.Context) error {
if !ok {
return domain.ErrMissingWorkload
}
logger.L().Info("scan started", helpers.String("imageID", workload.ImageHash), helpers.String("jobID", workload.JobID))
logger.L().Info("scan started", helpers.String("imageID", workload.ImageID), helpers.String("jobID", workload.JobID))

// report to platform
err := s.platform.SendStatus(ctx, domain.Started)
if err != nil {
logger.L().Ctx(ctx).Warning("telemetry error", helpers.Error(err), helpers.String("imageID", workload.ImageHash))
logger.L().Ctx(ctx).Warning("telemetry error", helpers.Error(err), helpers.String("imageID", workload.ImageID))
}

// check if CVE manifest is already available
cve := domain.CVEManifest{}
if s.storage {
cve, err = s.cveRepository.GetCVE(ctx, workload.ImageHash, s.sbomCreator.Version(), s.cveScanner.Version(ctx), s.cveScanner.DBVersion(ctx))
cve, err = s.cveRepository.GetCVE(ctx, workload.ImageID, s.sbomCreator.Version(), s.cveScanner.Version(ctx), s.cveScanner.DBVersion(ctx))
if err != nil {
logger.L().Ctx(ctx).Warning("error getting CVE", helpers.Error(err), helpers.String("imageID", workload.ImageHash))
logger.L().Ctx(ctx).Warning("error getting CVE", helpers.Error(err), helpers.String("imageID", workload.ImageID))
}
}

Expand All @@ -146,16 +146,16 @@ func (s *ScanService) ScanCVE(ctx context.Context) error {
// check if SBOM is already available
sbom := domain.SBOM{}
if s.storage {
sbom, err = s.sbomRepository.GetSBOM(ctx, workload.ImageHash, s.sbomCreator.Version())
sbom, err = s.sbomRepository.GetSBOM(ctx, workload.ImageID, s.sbomCreator.Version())
if err != nil {
logger.L().Ctx(ctx).Warning("error getting SBOM", helpers.Error(err), helpers.String("imageID", workload.ImageHash))
logger.L().Ctx(ctx).Warning("error getting SBOM", helpers.Error(err), helpers.String("imageID", workload.ImageID))
}
}

// if SBOM is not available, create it
if sbom.Content == nil {
// create SBOM
sbom, err = s.sbomCreator.CreateSBOM(ctx, workload.ImageHash, optionsFromWorkload(workload))
sbom, err = s.sbomCreator.CreateSBOM(ctx, workload.ImageID, workload.ImageHash, optionsFromWorkload(workload))
s.checkCreateSBOM(err, workload.ImageHash)
if err != nil {
return err
Expand All @@ -164,7 +164,7 @@ func (s *ScanService) ScanCVE(ctx context.Context) error {
if s.storage {
err = s.sbomRepository.StoreSBOM(ctx, sbom)
if err != nil {
logger.L().Ctx(ctx).Warning("error storing SBOM", helpers.Error(err), helpers.String("imageID", workload.ImageHash))
logger.L().Ctx(ctx).Warning("error storing SBOM", helpers.Error(err), helpers.String("imageID", workload.ImageID))
}
}
}
Expand All @@ -184,7 +184,7 @@ func (s *ScanService) ScanCVE(ctx context.Context) error {
if s.storage {
err = s.cveRepository.StoreCVE(ctx, cve, false)
if err != nil {
logger.L().Ctx(ctx).Warning("error storing CVE", helpers.Error(err), helpers.String("imageID", workload.ImageHash))
logger.L().Ctx(ctx).Warning("error storing CVE", helpers.Error(err), helpers.String("imageID", workload.ImageID))
}
}
}
Expand Down Expand Up @@ -219,7 +219,7 @@ func (s *ScanService) ScanCVE(ctx context.Context) error {
// report scan success to platform
err = s.platform.SendStatus(ctx, domain.Success)
if err != nil {
logger.L().Ctx(ctx).Warning("telemetry error", helpers.Error(err), helpers.String("imageID", workload.ImageHash))
logger.L().Ctx(ctx).Warning("telemetry error", helpers.Error(err), helpers.String("imageID", workload.ImageID))
}
// submit CVE manifest to platform
err = s.platform.SubmitCVE(ctx, cve, cvep)
Expand All @@ -229,10 +229,10 @@ func (s *ScanService) ScanCVE(ctx context.Context) error {
// report submit success to platform
err = s.platform.SendStatus(ctx, domain.Done)
if err != nil {
logger.L().Ctx(ctx).Warning("telemetry error", helpers.Error(err), helpers.String("imageID", workload.ImageHash))
logger.L().Ctx(ctx).Warning("telemetry error", helpers.Error(err), helpers.String("imageID", workload.ImageID))
}

logger.L().Info("scan complete", helpers.String("imageID", workload.ImageHash), helpers.String("jobID", workload.JobID))
logger.L().Info("scan complete", helpers.String("imageID", workload.ImageID), helpers.String("jobID", workload.JobID))
return nil
}

Expand All @@ -247,16 +247,16 @@ func (s *ScanService) ScanRegistry(ctx context.Context) error {
if !ok {
return domain.ErrMissingWorkload
}
logger.L().Info("registry scan started", helpers.String("imageID", workload.ImageTag), helpers.String("jobID", workload.JobID))
logger.L().Info("registry scan started", helpers.String("imageID", workload.ImageID), helpers.String("jobID", workload.JobID))

// report to platform
err := s.platform.SendStatus(ctx, domain.Started)
if err != nil {
logger.L().Ctx(ctx).Warning("telemetry error", helpers.Error(err), helpers.String("imageID", workload.ImageTag))
logger.L().Ctx(ctx).Warning("telemetry error", helpers.Error(err), helpers.String("imageID", workload.ImageID))
}

// create SBOM
sbom, err := s.sbomCreator.CreateSBOM(ctx, workload.ImageTag, optionsFromWorkload(workload))
sbom, err := s.sbomCreator.CreateSBOM(ctx, workload.ImageID, workload.ImageTag, optionsFromWorkload(workload))
s.checkCreateSBOM(err, workload.ImageTag)
if err != nil {
return err
Expand All @@ -276,7 +276,7 @@ func (s *ScanService) ScanRegistry(ctx context.Context) error {
// report scan success to platform
err = s.platform.SendStatus(ctx, domain.Success)
if err != nil {
logger.L().Ctx(ctx).Warning("telemetry error", helpers.Error(err), helpers.String("imageID", workload.ImageTag))
logger.L().Ctx(ctx).Warning("telemetry error", helpers.Error(err), helpers.String("imageID", workload.ImageID))
}
// submit CVE manifest to platform
err = s.platform.SubmitCVE(ctx, cve, domain.CVEManifest{})
Expand All @@ -286,10 +286,10 @@ func (s *ScanService) ScanRegistry(ctx context.Context) error {
// report submit success to platform
err = s.platform.SendStatus(ctx, domain.Done)
if err != nil {
logger.L().Ctx(ctx).Warning("telemetry error", helpers.Error(err), helpers.String("imageID", workload.ImageTag))
logger.L().Ctx(ctx).Warning("telemetry error", helpers.Error(err), helpers.String("imageID", workload.ImageID))
}

logger.L().Info("registry scan complete", helpers.String("imageID", workload.ImageTag), helpers.String("jobID", workload.JobID))
logger.L().Info("registry scan complete", helpers.String("imageID", workload.ImageID), helpers.String("jobID", workload.JobID))
return nil
}

Expand Down Expand Up @@ -345,12 +345,12 @@ func (s *ScanService) ValidateGenerateSBOM(ctx context.Context, workload domain.

ctx = enrichContext(ctx, workload)
// validate inputs
if workload.ImageHash == "" {
return ctx, domain.ErrMissingImageID
if workload.ImageHash == "" || workload.ImageID == "" {
return ctx, domain.ErrMissingImageInfo
}
// add imageID to parent span
if parentSpan := trace.SpanFromContext(ctx); parentSpan != nil {
parentSpan.SetAttributes(attribute.String("imageID", workload.ImageHash))
parentSpan.SetAttributes(attribute.String("imageID", workload.ImageID))
parentSpan.SetAttributes(attribute.String("version", os.Getenv("RELEASE")))
ctx = trace.ContextWithSpan(ctx, parentSpan)
}
Expand All @@ -367,15 +367,15 @@ func (s *ScanService) ValidateScanCVE(ctx context.Context, workload domain.ScanC

ctx = enrichContext(ctx, workload)
// validate inputs
if workload.ImageHash == "" {
return ctx, domain.ErrMissingImageID
if workload.ImageHash == "" || workload.ImageID == "" {
return ctx, domain.ErrMissingImageInfo
}
// add instanceID and imageID to parent span
if parentSpan := trace.SpanFromContext(ctx); parentSpan != nil {
if workload.InstanceID != "" {
parentSpan.SetAttributes(attribute.String("instanceID", workload.InstanceID))
}
parentSpan.SetAttributes(attribute.String("imageID", workload.ImageHash))
parentSpan.SetAttributes(attribute.String("imageID", workload.ImageID))
parentSpan.SetAttributes(attribute.String("version", os.Getenv("RELEASE")))
parentSpan.SetAttributes(attribute.String("wlid", workload.Wlid))
ctx = trace.ContextWithSpan(ctx, parentSpan)
Expand All @@ -398,12 +398,12 @@ func (s *ScanService) ValidateScanRegistry(ctx context.Context, workload domain.

ctx = enrichContext(ctx, workload)
// validate inputs
if workload.ImageTag == "" {
return ctx, domain.ErrMissingImageID
if workload.ImageTag == "" || workload.ImageID == "" {
return ctx, domain.ErrMissingImageInfo
}
// add imageID to parent span
if parentSpan := trace.SpanFromContext(ctx); parentSpan != nil {
parentSpan.SetAttributes(attribute.String("imageID", workload.ImageTag))
parentSpan.SetAttributes(attribute.String("imageID", workload.ImageID))
parentSpan.SetAttributes(attribute.String("version", os.Getenv("RELEASE")))
ctx = trace.ContextWithSpan(ctx, parentSpan)
}
Expand Down
Loading

0 comments on commit 50e3ed1

Please sign in to comment.