Normalizd image tag correction (#138)

* add normalized image tag to the registry as well Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * add test case for registry that run on our system test Signed-off-by: rcohencyberarmor <rcohen@armosec.io> --------- Signed-off-by: rcohencyberarmor <rcohen@armosec.io> Co-authored-by: rcohencyberarmor <rcohen@armosec.io>
kubescape · Aug 14, 2023 · c086e93 · c086e93
1 parent e7b8d3d
commit c086e93
Show file tree

Hide file tree

Showing 3 changed files with 82 additions and 6 deletions.
diff --git a/controllers/http.go b/controllers/http.go
@@ -194,12 +194,13 @@ func (h HTTPController) ScanRegistry(c *gin.Context) {
 
 func registryScanCommandToScanCommand(c wssc.RegistryScanCommand) domain.ScanCommand {
 	command := domain.ScanCommand{
-		Credentialslist: c.Credentialslist,
-		ImageTag:        c.ImageTag,
-		JobID:           c.JobID,
-		ParentJobID:     c.ParentJobID,
-		Args:            c.Args,
-		Session:         sessionChainToSession(c.Session),
+		Credentialslist:    c.Credentialslist,
+		ImageTag:           c.ImageTag,
+		ImageTagNormalized: tools.NormalizeReference(c.ImageTag),
+		JobID:              c.JobID,
+		ParentJobID:        c.ParentJobID,
+		Args:               c.Args,
+		Session:            sessionChainToSession(c.Session),
 	}
 	if slug, err := names.ImageInfoToSlug(c.ImageTag, "nohash"); err == nil {
 		command.ImageSlug = slug

diff --git a/controllers/http_test.go b/controllers/http_test.go
@@ -6,6 +6,8 @@ import (
 	"os"
 	"testing"
 
+	wssc "github.com/armosec/armoapi-go/apis"
+	"github.com/docker/docker/api/types"
 	"github.com/gammazero/workerpool"
 	"github.com/gin-gonic/gin"
 	"github.com/kubescape/kubevuln/core/ports"
@@ -210,3 +212,69 @@ func TestHTTPController_ScanRegistry(t *testing.T) {
 		})
 	}
 }
+
+func Test_registryScanCommandToScanCommand(t *testing.T) {
+
+	tests := []struct {
+		wssc.RegistryScanCommand
+	}{
+		{
+			wssc.RegistryScanCommand{
+				ImageScanParams: wssc.ImageScanParams{
+					Credentialslist: []types.AuthConfig{},
+					ImageTag:        "docker.io/library/nginx:1.14.1",
+					JobID:           "some Job ID for nginx",
+					ParentJobID:     "some Parent Job ID for nginx",
+				},
+			},
+		},
+		{
+			wssc.RegistryScanCommand{
+				ImageScanParams: wssc.ImageScanParams{
+					Credentialslist: []types.AuthConfig{},
+					ImageTag:        "nginx@sha256:73e957703f1266530db0aeac1fd6a3f87c1e59943f4c13eb340bb8521c6041d7",
+					JobID:           "some Job ID for nginx sha",
+					ParentJobID:     "some Parent Job ID for nginx sha",
+				},
+			},
+		},
+		{
+			wssc.RegistryScanCommand{
+				ImageScanParams: wssc.ImageScanParams{
+					Credentialslist: []types.AuthConfig{},
+					ImageTag:        "nginx:latest",
+					JobID:           "some Job ID for nginx latest",
+					ParentJobID:     "some Parent Job ID for nginx latest",
+				},
+			},
+		},
+		{
+			wssc.RegistryScanCommand{
+				ImageScanParams: wssc.ImageScanParams{
+					Credentialslist: []types.AuthConfig{},
+					ImageTag:        "docker.io/library/nginx:latest",
+					JobID:           "some Job ID for nginx latest with docker hub",
+					ParentJobID:     "some Parent Job ID for nginx latest with docker hub",
+				},
+			},
+		},
+		{
+			wssc.RegistryScanCommand{
+				ImageScanParams: wssc.ImageScanParams{
+					Credentialslist: []types.AuthConfig{},
+					ImageTag:        "docker.io/library/nginx:latest@sha256:73e957703f1266530db0aeac1fd6a3f87c1e59943f4c13eb340bb8521c6041d7",
+					JobID:           "some Job ID for nginx latest with docker hub library",
+					ParentJobID:     "some Parent Job ID for nginx latest with docker hub library",
+				},
+			},
+		},
+	}
+	for i := range tests {
+		scanComm := registryScanCommandToScanCommand(tests[i].RegistryScanCommand)
+		assert.Equal(t, tests[i].Credentialslist, scanComm.Credentialslist)
+		assert.Equal(t, tests[i].ImageTag, scanComm.ImageTag)
+		assert.Equal(t, tools.NormalizeReference(tests[i].ImageTag), scanComm.ImageTagNormalized)
+		assert.Equal(t, tests[i].JobID, scanComm.JobID)
+		assert.Equal(t, tests[i].ParentJobID, scanComm.ParentJobID)
+	}
+}
diff --git a/internal/tools/tools_test.go b/internal/tools/tools_test.go
@@ -133,6 +133,13 @@ func TestNormalizeReference(t *testing.T) {
 			},
 			want: "quay.io/kubescape/kubevuln:latest@sha256:616d1d4312551b94088deb6ddab232ecabbbff0c289949a0d5f12d4b527c3f8a",
 		},
+		{
+			name: "some image other registry",
+			args: args{
+				ref: "public-registry.systest-ns-na6n:5000/nginx:test",
+			},
+			want: "public-registry.systest-ns-na6n:5000/nginx:test",
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {