From f01f9981ab0676323ed4497c385c46e85ec7bc22 Mon Sep 17 00:00:00 2001 From: Matthias Bertschy Date: Tue, 23 May 2023 16:15:20 +0200 Subject: [PATCH 1/4] use stretchr/testify instead of gotest Signed-off-by: Matthias Bertschy --- adapters/mockcve_test.go | 10 +++++----- adapters/mockplatform_test.go | 8 ++++---- adapters/mocksbom_test.go | 10 +++++----- adapters/v1/grype_test.go | 6 +++--- adapters/v1/syft_test.go | 4 ++-- cmd/http/main_test.go | 6 +++--- config/config_test.go | 6 +++--- controllers/http_test.go | 22 +++++++++++----------- core/services/scan_test.go | 10 +++++----- go.mod | 3 ++- go.sum | 2 +- internal/tools/tools.go | 4 ++-- internal/tools/tools_test.go | 4 ++-- repositories/apiserver_test.go | 6 +++--- repositories/broken_test.go | 12 ++++++------ repositories/memory_test.go | 14 +++++++------- 16 files changed, 64 insertions(+), 63 deletions(-) diff --git a/adapters/mockcve_test.go b/adapters/mockcve_test.go index 31fb5e6..b1769e2 100644 --- a/adapters/mockcve_test.go +++ b/adapters/mockcve_test.go @@ -5,26 +5,26 @@ import ( "testing" "github.com/kubescape/kubevuln/core/domain" - "gotest.tools/v3/assert" + "github.com/stretchr/testify/assert" ) func TestMockCVEAdapter_DBVersion(t *testing.T) { m := NewMockCVEAdapter() - assert.Assert(t, m.DBVersion(context.TODO()) == "v1.0.0") + assert.Equal(t, m.DBVersion(context.TODO()), "v1.0.0") } func TestMockCVEAdapter_Ready(t *testing.T) { m := NewMockCVEAdapter() - assert.Assert(t, m.Ready(context.TODO()) == true) + assert.True(t, m.Ready(context.TODO())) } func TestMockCVEAdapter_ScanSBOM(t *testing.T) { m := NewMockCVEAdapter() _, err := m.ScanSBOM(context.TODO(), domain.SBOM{}) - assert.Assert(t, err == nil) + assert.NoError(t, err) } func TestMockCVEAdapter_Version(t *testing.T) { m := NewMockCVEAdapter() - assert.Assert(t, m.Version(context.TODO()) == "Mock CVE 1.0") + assert.Equal(t, m.Version(context.TODO()), "Mock CVE 1.0") } diff --git a/adapters/mockplatform_test.go b/adapters/mockplatform_test.go index 90ece01..377a976 100644 --- a/adapters/mockplatform_test.go +++ b/adapters/mockplatform_test.go @@ -5,13 +5,13 @@ import ( "testing" "github.com/kubescape/kubevuln/core/domain" - "gotest.tools/v3/assert" + "github.com/stretchr/testify/assert" ) func TestMockPlatform_GetCVEExceptions(t *testing.T) { m := NewMockPlatform() _, err := m.GetCVEExceptions(context.Background()) - assert.Assert(t, err == nil) + assert.NoError(t, err) } func TestMockPlatform_SendStatus(t *testing.T) { @@ -19,12 +19,12 @@ func TestMockPlatform_SendStatus(t *testing.T) { ctx := context.TODO() ctx = context.WithValue(ctx, domain.WorkloadKey{}, domain.ScanCommand{}) err := m.SendStatus(ctx, domain.Done) - assert.Assert(t, err == nil) + assert.NoError(t, err) } func TestMockPlatform_SubmitCVE(t *testing.T) { m := NewMockPlatform() ctx := context.TODO() err := m.SubmitCVE(ctx, domain.CVEManifest{}, domain.CVEManifest{}) - assert.Assert(t, err == nil) + assert.NoError(t, err) } diff --git a/adapters/mocksbom_test.go b/adapters/mocksbom_test.go index 388f710..445f499 100644 --- a/adapters/mocksbom_test.go +++ b/adapters/mocksbom_test.go @@ -6,28 +6,28 @@ import ( "github.com/kubescape/k8s-interface/instanceidhandler/v1" "github.com/kubescape/kubevuln/core/domain" - "gotest.tools/v3/assert" + "github.com/stretchr/testify/assert" ) func TestMockSBOMAdapter_CreateSBOM(t *testing.T) { m := NewMockSBOMAdapter(false, false) sbom, _ := m.CreateSBOM(context.TODO(), "image", domain.RegistryOptions{}) - assert.Assert(t, sbom.Content != nil) + assert.NotNil(t, sbom.Content) } func TestMockSBOMAdapter_CreateSBOM_Error(t *testing.T) { m := NewMockSBOMAdapter(true, false) _, err := m.CreateSBOM(context.TODO(), "image", domain.RegistryOptions{}) - assert.Assert(t, err != nil) + assert.Error(t, err) } func TestMockSBOMAdapter_CreateSBOM_Timeout(t *testing.T) { m := NewMockSBOMAdapter(false, true) sbom, _ := m.CreateSBOM(context.TODO(), "image", domain.RegistryOptions{}) - assert.Assert(t, sbom.Status == instanceidhandler.Incomplete) + assert.Equal(t, sbom.Status, instanceidhandler.Incomplete) } func TestMockSBOMAdapter_Version(t *testing.T) { m := NewMockSBOMAdapter(false, false) - assert.Assert(t, m.Version() == "Mock SBOM 1.0") + assert.Equal(t, m.Version(), "Mock SBOM 1.0") } diff --git a/adapters/v1/grype_test.go b/adapters/v1/grype_test.go index 80429f0..dae1676 100644 --- a/adapters/v1/grype_test.go +++ b/adapters/v1/grype_test.go @@ -12,7 +12,7 @@ import ( "github.com/kubescape/kubevuln/core/domain" "github.com/kubescape/kubevuln/internal/tools" "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" - "gotest.tools/v3/assert" + "github.com/stretchr/testify/assert" ) func Test_grypeAdapter_DBVersion(t *testing.T) { @@ -23,7 +23,7 @@ func Test_grypeAdapter_DBVersion(t *testing.T) { g := NewGrypeAdapterFixedDB() g.Ready(ctx) // need to call ready to load the DB version := g.DBVersion(ctx) - assert.Assert(t, version == "sha256:9be2df3d7d657bfb40ddcc68c9d00520ee7f5a34c7a26333f90cf89cefd5668a") + assert.Equal(t, version, "sha256:9be2df3d7d657bfb40ddcc68c9d00520ee7f5a34c7a26333f90cf89cefd5668a") } func fileToSBOM(path string) *v1beta1.Document { @@ -86,5 +86,5 @@ func Test_grypeAdapter_Version(t *testing.T) { ctx := context.TODO() g := NewGrypeAdapter() version := g.Version(ctx) - assert.Assert(t, version != "") + assert.NotEqual(t, version, "") } diff --git a/adapters/v1/syft_test.go b/adapters/v1/syft_test.go index 7e8bbbb..51b75a2 100644 --- a/adapters/v1/syft_test.go +++ b/adapters/v1/syft_test.go @@ -12,7 +12,7 @@ import ( "github.com/kubescape/k8s-interface/instanceidhandler/v1" "github.com/kubescape/kubevuln/core/domain" "github.com/kubescape/kubevuln/internal/tools" - "gotest.tools/v3/assert" + "github.com/stretchr/testify/assert" ) func fileContent(path string) []byte { @@ -96,7 +96,7 @@ func Test_syftAdapter_CreateSBOM(t *testing.T) { func Test_syftAdapter_Version(t *testing.T) { s := NewSyftAdapter(5*time.Minute, 512*1024*1024) version := s.Version() - assert.Assert(t, version != "") + assert.NotEqual(t, version, "") } func Test_syftAdapter_transformations(t *testing.T) { diff --git a/cmd/http/main_test.go b/cmd/http/main_test.go index bbf42f7..6aee08e 100644 --- a/cmd/http/main_test.go +++ b/cmd/http/main_test.go @@ -13,7 +13,7 @@ import ( "github.com/kubescape/kubevuln/core/services" "github.com/kubescape/kubevuln/internal/tools" "github.com/kubescape/kubevuln/repositories" - "gotest.tools/v3/assert" + "github.com/stretchr/testify/assert" ) func TestScan(t *testing.T) { @@ -117,8 +117,8 @@ func TestScan(t *testing.T) { w = httptest.NewRecorder() router.ServeHTTP(w, req) - assert.Assert(t, test.expectedCode == w.Code) - assert.Assert(t, test.expectedBody == w.Body.String(), w.Body.String()) + assert.Equal(t, test.expectedCode, w.Code, w.Code) + assert.Equal(t, test.expectedBody, w.Body.String(), w.Body.String()) controller.Shutdown() }) diff --git a/config/config_test.go b/config/config_test.go index f3c2d70..ff827be 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -4,17 +4,17 @@ import ( "testing" "github.com/spf13/viper" - "gotest.tools/v3/assert" + "github.com/stretchr/testify/assert" ) func TestLoadConfig(t *testing.T) { viper.Reset() _, err := LoadConfig("testdata") - assert.Assert(t, err == nil) + assert.NoError(t, err) } func TestLoadConfigNotFound(t *testing.T) { viper.Reset() _, err := LoadConfig("testdataInvalid") - assert.Assert(t, err != nil) + assert.Error(t, err) } diff --git a/controllers/http_test.go b/controllers/http_test.go index c738dbf..18f9a23 100644 --- a/controllers/http_test.go +++ b/controllers/http_test.go @@ -11,7 +11,7 @@ import ( "github.com/kubescape/kubevuln/core/ports" "github.com/kubescape/kubevuln/core/services" "github.com/kubescape/kubevuln/internal/tools" - "gotest.tools/v3/assert" + "github.com/stretchr/testify/assert" ) func TestHTTPController_Alive(t *testing.T) { @@ -22,8 +22,8 @@ func TestHTTPController_Alive(t *testing.T) { req, _ := http.NewRequest("GET", path, nil) w := httptest.NewRecorder() router.ServeHTTP(w, req) - assert.Assert(t, http.StatusOK == w.Code, w.Code) - assert.Assert(t, w.Body.String() == "{\"status\":200,\"title\":\"OK\"}", w.Body.String()) + assert.Equal(t, http.StatusOK, w.Code, w.Code) + assert.Equal(t, w.Body.String(), "{\"status\":200,\"title\":\"OK\"}", w.Body.String()) } func TestHTTPController_GenerateSBOM(t *testing.T) { @@ -70,8 +70,8 @@ func TestHTTPController_GenerateSBOM(t *testing.T) { req, _ := http.NewRequest("POST", path, file) w := httptest.NewRecorder() router.ServeHTTP(w, req) - assert.Assert(t, tt.expectedCode == w.Code, w.Code) - assert.Assert(t, tt.expectedBody == w.Body.String(), w.Body.String()) + assert.Equal(t, tt.expectedCode, w.Code, w.Code) + assert.Equal(t, tt.expectedBody, w.Body.String(), w.Body.String()) }) } } @@ -105,8 +105,8 @@ func TestHTTPController_Ready(t *testing.T) { req, _ := http.NewRequest("GET", path, nil) w := httptest.NewRecorder() router.ServeHTTP(w, req) - assert.Assert(t, tt.expectedCode == w.Code, w.Code) - assert.Assert(t, tt.expectedBody == w.Body.String(), w.Body.String()) + assert.Equal(t, tt.expectedCode, w.Code, w.Code) + assert.Equal(t, tt.expectedBody, w.Body.String(), w.Body.String()) }) } } @@ -155,8 +155,8 @@ func TestHTTPController_ScanCVE(t *testing.T) { req, _ := http.NewRequest("POST", path, file) w := httptest.NewRecorder() router.ServeHTTP(w, req) - assert.Assert(t, tt.expectedCode == w.Code, w.Code) - assert.Assert(t, tt.expectedBody == w.Body.String(), w.Body.String()) + assert.Equal(t, tt.expectedCode, w.Code, w.Code) + assert.Equal(t, tt.expectedBody, w.Body.String(), w.Body.String()) }) } } @@ -205,8 +205,8 @@ func TestHTTPController_ScanRegistry(t *testing.T) { req, _ := http.NewRequest("POST", path, file) w := httptest.NewRecorder() router.ServeHTTP(w, req) - assert.Assert(t, tt.expectedCode == w.Code, w.Code) - assert.Assert(t, tt.expectedBody == w.Body.String(), w.Body.String()) + assert.Equal(t, tt.expectedCode, w.Code, w.Code) + assert.Equal(t, tt.expectedBody, w.Body.String(), w.Body.String()) }) } } diff --git a/core/services/scan_test.go b/core/services/scan_test.go index 16dca5c..1ae9f05 100644 --- a/core/services/scan_test.go +++ b/core/services/scan_test.go @@ -14,7 +14,7 @@ import ( "github.com/kubescape/kubevuln/internal/tools" "github.com/kubescape/kubevuln/repositories" "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" - "gotest.tools/v3/assert" + "github.com/stretchr/testify/assert" ) func TestScanService_GenerateSBOM(t *testing.T) { @@ -256,7 +256,7 @@ func TestScanService_ScanCVE(t *testing.T) { if tt.wantCvep { cvep, err := storageCVE.GetCVE(ctx, sbomp.ID, sbomAdapter.Version(), cveAdapter.Version(ctx), cveAdapter.DBVersion(ctx)) tools.EnsureSetup(t, err == nil) - assert.Assert(t, cvep.Labels != nil) + assert.NotNil(t, cvep.Labels) } }) } @@ -313,7 +313,7 @@ func TestScanService_NginxTest(t *testing.T) { tools.EnsureSetup(t, err == nil) cvep, err := storageCVE.GetCVE(ctx, sbomp.ID, sbomAdapter.Version(), cveAdapter.Version(ctx), cveAdapter.DBVersion(ctx)) tools.EnsureSetup(t, err == nil) - assert.Assert(t, cvep.Content != nil) + assert.NotNil(t, cvep.Content) } func TestScanService_ValidateGenerateSBOM(t *testing.T) { @@ -459,7 +459,7 @@ func TestScanService_ScanRegistry(t *testing.T) { tools.EnsureSetup(t, err == nil) } if err := s.ScanRegistry(ctx); (err != nil) != tt.wantErr { - t.Errorf("GenerateSBOM() error = %v, wantErr %v", err, tt.wantErr) + t.Errorf("ScanRegistry() error = %v, wantErr %v", err, tt.wantErr) } }) } @@ -494,7 +494,7 @@ func TestScanService_ValidateScanRegistry(t *testing.T) { false) _, err := s.ValidateScanRegistry(context.TODO(), tt.workload) if (err != nil) != tt.wantErr { - t.Errorf("ValidateScanCVE() error = %v, wantErr %v", err, tt.wantErr) + t.Errorf("ValidateScanRegistry() error = %v, wantErr %v", err, tt.wantErr) return } }) diff --git a/go.mod b/go.mod index 5353199..1b89a48 100644 --- a/go.mod +++ b/go.mod @@ -28,10 +28,10 @@ require ( github.com/kubescape/storage v0.2.0 github.com/spdx/tools-golang v0.5.0-rc1 github.com/spf13/viper v1.15.0 + github.com/stretchr/testify v1.8.2 go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin v0.40.0 go.opentelemetry.io/otel v1.14.0 go.opentelemetry.io/otel/trace v1.14.0 - gotest.tools/v3 v3.4.0 k8s.io/apimachinery v0.26.3 k8s.io/client-go v0.26.3 k8s.io/utils v0.0.0-20230202215443-34013725500c @@ -156,6 +156,7 @@ require ( github.com/pelletier/go-toml/v2 v2.0.6 // indirect github.com/pierrec/lz4/v4 v4.1.15 // indirect github.com/pkg/errors v0.9.1 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect github.com/pquerna/cachecontrol v0.1.0 // indirect github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 // indirect github.com/rivo/uniseg v0.2.0 // indirect diff --git a/go.sum b/go.sum index 5300168..265d94e 100644 --- a/go.sum +++ b/go.sum @@ -898,6 +898,7 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stripe/stripe-go/v74 v74.8.0 h1:0+3EfQSBhMg8SQ1+w+AP6Gxyko2crWbUG2uXbzYs8SU= github.com/stripe/stripe-go/v74 v74.8.0/go.mod h1:5PoXNp30AJ3tGq57ZcFuaMylzNi8KpwlrYAFmO1fHZw= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= @@ -1639,7 +1640,6 @@ gorm.io/gorm v1.23.10 h1:4Ne9ZbzID9GUxRkllxN4WjJKpsHx8YbKvekVdgyWh24= gorm.io/gorm v1.23.10/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= -gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/internal/tools/tools.go b/internal/tools/tools.go index bcadd2a..f117d5b 100644 --- a/internal/tools/tools.go +++ b/internal/tools/tools.go @@ -8,12 +8,12 @@ import ( "github.com/aquilax/truncate" "github.com/distribution/distribution/reference" "github.com/kubescape/k8s-interface/instanceidhandler/v1" - "gotest.tools/v3/assert" + "github.com/stretchr/testify/assert" "k8s.io/apimachinery/pkg/util/validation" ) func EnsureSetup(t *testing.T, errored bool) { - assert.Assert(t, errored, "Error during test setup") + assert.True(t, errored, "Error during test setup") } func PackageVersion(name string) string { diff --git a/internal/tools/tools_test.go b/internal/tools/tools_test.go index 2b0f302..ea196b8 100644 --- a/internal/tools/tools_test.go +++ b/internal/tools/tools_test.go @@ -5,7 +5,7 @@ import ( "github.com/go-test/deep" "github.com/kubescape/k8s-interface/instanceidhandler/v1" - "gotest.tools/v3/assert" + "github.com/stretchr/testify/assert" ) func TestEnsureSetup(t *testing.T) { @@ -13,7 +13,7 @@ func TestEnsureSetup(t *testing.T) { } func TestPackageVersion(t *testing.T) { - assert.Assert(t, PackageVersion("github.com/anchore/syft") == "unknown") // only works on compiled binaries + assert.True(t, PackageVersion("github.com/anchore/syft") == "unknown") // only works on compiled binaries } func TestLabelsFromImageID(t *testing.T) { diff --git a/repositories/apiserver_test.go b/repositories/apiserver_test.go index 7cccf56..8783817 100644 --- a/repositories/apiserver_test.go +++ b/repositories/apiserver_test.go @@ -9,7 +9,7 @@ import ( "github.com/kubescape/kubevuln/core/domain" "github.com/kubescape/kubevuln/internal/tools" "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" - "gotest.tools/v3/assert" + "github.com/stretchr/testify/assert" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -136,10 +136,10 @@ func TestAPIServerStore_UpdateCVE(t *testing.T) { tools.EnsureSetup(t, err == nil) cvep.Content.Descriptor.Version = "v1.1.0" err = a.StoreCVE(ctx, cvep, true) - assert.Assert(t, err == nil) + assert.NoError(t, err) got, err := a.GetCVE(ctx, instanceID, "", "", "") tools.EnsureSetup(t, err == nil) - assert.Assert(t, got.Content.Descriptor.Version == "v1.1.0") + assert.Equal(t, got.Content.Descriptor.Version, "v1.1.0") } func TestAPIServerStore_GetSBOM(t *testing.T) { diff --git a/repositories/broken_test.go b/repositories/broken_test.go index 33ba865..35bfd93 100644 --- a/repositories/broken_test.go +++ b/repositories/broken_test.go @@ -5,35 +5,35 @@ import ( "testing" "github.com/kubescape/kubevuln/core/domain" - "gotest.tools/v3/assert" + "github.com/stretchr/testify/assert" ) func TestBrokenStore_GetCVE(t *testing.T) { b := NewBrokenStorage() _, err := b.GetCVE(context.TODO(), "", "", "", "") - assert.Assert(t, err != nil) + assert.Error(t, err) } func TestBrokenStore_GetSBOM(t *testing.T) { b := NewBrokenStorage() _, err := b.GetSBOM(context.TODO(), "", "") - assert.Assert(t, err != nil) + assert.Error(t, err) } func TestBrokenStore_GetSBOMp(t *testing.T) { b := NewBrokenStorage() _, err := b.GetSBOMp(context.TODO(), "", "") - assert.Assert(t, err != nil) + assert.Error(t, err) } func TestBrokenStore_StoreCVE(t *testing.T) { b := NewBrokenStorage() err := b.StoreCVE(context.TODO(), domain.CVEManifest{}, false) - assert.Assert(t, err != nil) + assert.Error(t, err) } func TestBrokenStore_StoreSBOM(t *testing.T) { b := NewBrokenStorage() err := b.StoreSBOM(context.TODO(), domain.SBOM{}) - assert.Assert(t, err != nil) + assert.Error(t, err) } diff --git a/repositories/memory_test.go b/repositories/memory_test.go index 301ecde..bee1b2d 100644 --- a/repositories/memory_test.go +++ b/repositories/memory_test.go @@ -6,14 +6,14 @@ import ( "github.com/kubescape/kubevuln/core/domain" "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" - "gotest.tools/v3/assert" + "github.com/stretchr/testify/assert" ) func TestMemoryStore_GetCVE(t *testing.T) { m := NewMemoryStorage(false, false) ctx := context.TODO() got, _ := m.GetCVE(ctx, "imageID", "", "", "") - assert.Assert(t, got.Content == nil) + assert.Nil(t, got.Content) cve := domain.CVEManifest{ ID: "imageID", SBOMCreatorVersion: "", @@ -23,16 +23,16 @@ func TestMemoryStore_GetCVE(t *testing.T) { } _ = m.StoreCVE(ctx, cve, false) got, _ = m.GetCVE(ctx, "imageID", "", "", "") - assert.Assert(t, got.Content != nil) + assert.NotNil(t, got.Content) } func TestMemoryStore_GetSBOM(t *testing.T) { m := NewMemoryStorage(false, false) ctx := context.TODO() got, _ := m.GetSBOM(ctx, "imageID", "") - assert.Assert(t, got.Content == nil) + assert.Nil(t, got.Content) got, _ = m.GetSBOMp(ctx, "imageID", "") - assert.Assert(t, got.Content == nil) + assert.Nil(t, got.Content) sbom := domain.SBOM{ ID: "imageID", SBOMCreatorVersion: "", @@ -41,7 +41,7 @@ func TestMemoryStore_GetSBOM(t *testing.T) { } _ = m.StoreSBOM(ctx, sbom) got, _ = m.GetSBOM(ctx, "imageID", "") - assert.Assert(t, got.Content != nil) + assert.NotNil(t, got.Content) got, _ = m.GetSBOMp(ctx, "imageID", "") - assert.Assert(t, got.Content != nil) + assert.NotNil(t, got.Content) } From cb453916efbc73ef191558143b7fe86b8dfa1225 Mon Sep 17 00:00:00 2001 From: Matthias Bertschy Date: Tue, 23 May 2023 16:29:13 +0200 Subject: [PATCH 2/4] replace deep with testify Signed-off-by: Matthias Bertschy --- adapters/v1/armo_test.go | 17 ++++------------- adapters/v1/armo_utils_test.go | 12 +++--------- adapters/v1/domain_to_armo_test.go | 12 +++--------- adapters/v1/domain_to_syft_test.go | 7 ++----- adapters/v1/grype_to_domain_test.go | 7 ++----- adapters/v1/syft_test.go | 6 +----- adapters/v1/syft_to_domain_test.go | 7 ++----- core/services/mockscan_test.go | 12 +++--------- go.mod | 2 +- internal/tools/tools_test.go | 6 +----- 10 files changed, 22 insertions(+), 66 deletions(-) diff --git a/adapters/v1/armo_test.go b/adapters/v1/armo_test.go index 690622d..b355d7d 100644 --- a/adapters/v1/armo_test.go +++ b/adapters/v1/armo_test.go @@ -17,10 +17,10 @@ import ( sysreport "github.com/armosec/logger-go/system-reports/datastructures" "github.com/armosec/utils-go/httputils" "github.com/armosec/utils-k8s-go/armometadata" - "github.com/go-test/deep" "github.com/google/uuid" "github.com/kinbiko/jsonassert" "github.com/kubescape/kubevuln/core/domain" + "github.com/stretchr/testify/assert" ) func TestArmoAdapter_GetCVEExceptions(t *testing.T) { @@ -76,10 +76,7 @@ func TestArmoAdapter_GetCVEExceptions(t *testing.T) { t.Errorf("GetCVEExceptions() error = %v, wantErr %v", err, tt.wantErr) return } - diff := deep.Equal(got, tt.want) - if diff != nil { - t.Errorf("compare failed: %v", diff) - } + assert.Equal(t, got, tt.want) }) } } @@ -221,10 +218,7 @@ func TestNewArmoAdapter(t *testing.T) { // need to nil functions to compare got.httpPostFunc = nil got.getCVEExceptionsFunc = nil - diff := deep.Equal(got, tt.want) - if diff != nil { - t.Errorf("compare failed: %v", diff) - } + assert.NotEqual(t, got, tt.want) }) } } @@ -254,10 +248,7 @@ func TestArmoAdapter_SendStatus(t *testing.T) { t.Run(tt.name, func(t *testing.T) { a := &ArmoAdapter{ sendStatusFunc: func(report *sysreport.BaseReport, s string, b bool, c chan<- error) { - diff := deep.Equal(*report, tt.report) //nolint:govet - if diff != nil { - t.Errorf("compare failed: %v", diff) - } + assert.NotEqual(t, *report, tt.report) //nolint:govet close(c) }, } diff --git a/adapters/v1/armo_utils_test.go b/adapters/v1/armo_utils_test.go index cd0abb6..1050817 100644 --- a/adapters/v1/armo_utils_test.go +++ b/adapters/v1/armo_utils_test.go @@ -8,8 +8,8 @@ import ( "github.com/armosec/armoapi-go/armotypes" "github.com/armosec/cluster-container-scanner-api/containerscan" v1 "github.com/armosec/cluster-container-scanner-api/containerscan/v1" - "github.com/go-test/deep" "github.com/kubescape/kubevuln/core/domain" + "github.com/stretchr/testify/assert" "k8s.io/utils/pointer" ) @@ -103,10 +103,7 @@ func TestGetCVEExceptionMatchCVENameFromList(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { actual := getCVEExceptionMatchCVENameFromList(tc.srcCVEList, tc.CVEName) - diff := deep.Equal(actual, tc.expected) - if diff != nil { - t.Errorf("compare failed: %v", diff) - } + assert.Equal(t, actual, tc.expected) }) } } @@ -449,10 +446,7 @@ func Test_summarize(t *testing.T) { sort.Slice(got.SeveritiesStats, func(i, j int) bool { return got.SeveritiesStats[i].Severity < got.SeveritiesStats[j].Severity }) - diff := deep.Equal(got, tt.want) - if diff != nil { - t.Errorf("compare failed: %v", diff) - } + assert.Equal(t, got, tt.want) }) } } diff --git a/adapters/v1/domain_to_armo_test.go b/adapters/v1/domain_to_armo_test.go index 30cb6f9..c9de3b5 100644 --- a/adapters/v1/domain_to_armo_test.go +++ b/adapters/v1/domain_to_armo_test.go @@ -10,11 +10,11 @@ import ( "github.com/anchore/syft/syft/source" "github.com/armosec/armoapi-go/armotypes" "github.com/armosec/cluster-container-scanner-api/containerscan" - "github.com/go-test/deep" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/uuid" "github.com/kubescape/kubevuln/core/domain" "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" + "github.com/stretchr/testify/assert" ) func Test_domainToArmo(t *testing.T) { @@ -73,10 +73,7 @@ func Test_domainToArmo(t *testing.T) { } got[0].ContainerScanID = "" got[0].Timestamp = 0 - diff := deep.Equal(got, tt.want) - if diff != nil { - t.Errorf("compare failed: %v", diff) - } + assert.Equal(t, got, tt.want) }) } } @@ -133,10 +130,7 @@ func Test_parseLayersPayload(t *testing.T) { t.Errorf("parseLayersPayload() error = %v, wantErr %v", err, tt.wantErr) return } - diff := deep.Equal(got, tt.want) - if diff != nil { - t.Errorf("compare failed: %v", diff) - } + assert.Equal(t, got, tt.want) }) } } diff --git a/adapters/v1/domain_to_syft_test.go b/adapters/v1/domain_to_syft_test.go index 82c0052..453c5dc 100644 --- a/adapters/v1/domain_to_syft_test.go +++ b/adapters/v1/domain_to_syft_test.go @@ -3,10 +3,10 @@ package v1 import ( "testing" - "github.com/go-test/deep" "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" "github.com/spdx/tools-golang/spdx/v2/common" "github.com/spdx/tools-golang/spdx/v2/v2_3" + "github.com/stretchr/testify/assert" ) func Test_domainToSpdx(t *testing.T) { @@ -77,10 +77,7 @@ func Test_domainToSpdx(t *testing.T) { t.Errorf("domainToSpdx() error = %v, wantErr %v", err, tt.wantErr) return } - diff := deep.Equal(got, tt.want) - if diff != nil { - t.Errorf("compare failed: %v", diff) - } + assert.Equal(t, got, tt.want) }) } } diff --git a/adapters/v1/grype_to_domain_test.go b/adapters/v1/grype_to_domain_test.go index 0d9afa7..c19c061 100644 --- a/adapters/v1/grype_to_domain_test.go +++ b/adapters/v1/grype_to_domain_test.go @@ -5,8 +5,8 @@ import ( "github.com/anchore/grype/grype/presenter/models" "github.com/anchore/syft/syft/source" - "github.com/go-test/deep" "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" + "github.com/stretchr/testify/assert" ) func Test_grypeToDomain(t *testing.T) { @@ -65,10 +65,7 @@ func Test_grypeToDomain(t *testing.T) { t.Errorf("grypeToDomain() error = %v, wantErr %v", err, tt.wantErr) return } - diff := deep.Equal(got, tt.want) - if diff != nil { - t.Errorf("compare failed: %v", diff) - } + assert.Equal(t, got, tt.want) }) } } diff --git a/adapters/v1/syft_test.go b/adapters/v1/syft_test.go index 51b75a2..040ad79 100644 --- a/adapters/v1/syft_test.go +++ b/adapters/v1/syft_test.go @@ -7,7 +7,6 @@ import ( "testing" "time" - "github.com/go-test/deep" "github.com/kinbiko/jsonassert" "github.com/kubescape/k8s-interface/instanceidhandler/v1" "github.com/kubescape/kubevuln/core/domain" @@ -108,8 +107,5 @@ func Test_syftAdapter_transformations(t *testing.T) { s := NewSyftAdapter(5*time.Minute, 512*1024*1024) domainSBOM, err := s.spdxToDomain(spdxSBOM) tools.EnsureSetup(t, err == nil) - diff := deep.Equal(sbom.Content, domainSBOM) - if diff != nil { - t.Errorf("compare failed: %v", diff) - } + assert.Equal(t, sbom.Content, domainSBOM) } diff --git a/adapters/v1/syft_to_domain_test.go b/adapters/v1/syft_to_domain_test.go index b1b284c..85ebcc1 100644 --- a/adapters/v1/syft_to_domain_test.go +++ b/adapters/v1/syft_to_domain_test.go @@ -4,10 +4,10 @@ import ( "testing" "time" - "github.com/go-test/deep" "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" "github.com/spdx/tools-golang/spdx/v2/common" "github.com/spdx/tools-golang/spdx/v2/v2_3" + "github.com/stretchr/testify/assert" ) func TestSyftAdapter_spdxToDomain(t *testing.T) { @@ -91,10 +91,7 @@ func TestSyftAdapter_spdxToDomain(t *testing.T) { t.Errorf("spdxToDomain() error = %v, wantErr %v", err, tt.wantErr) return } - diff := deep.Equal(got, tt.want) - if diff != nil { - t.Errorf("compare failed: %v", diff) - } + assert.Equal(t, got, tt.want) }) } } diff --git a/core/services/mockscan_test.go b/core/services/mockscan_test.go index 188e6d7..070ef03 100644 --- a/core/services/mockscan_test.go +++ b/core/services/mockscan_test.go @@ -4,8 +4,8 @@ import ( "context" "testing" - "github.com/go-test/deep" "github.com/kubescape/kubevuln/core/domain" + "github.com/stretchr/testify/assert" ) func TestMockScanService_GenerateSBOM(t *testing.T) { @@ -144,10 +144,7 @@ func TestMockScanService_ValidateGenerateSBOM(t *testing.T) { t.Errorf("ValidateGenerateSBOM() error = %v, wantErr %v", err, tt.wantErr) return } - diff := deep.Equal(got, tt.want) - if diff != nil { - t.Errorf("compare failed: %v", diff) - } + assert.Equal(t, got, tt.want) }) } } @@ -186,10 +183,7 @@ func TestMockScanService_ValidateScanCVE(t *testing.T) { t.Errorf("ValidateScanCVE() error = %v, wantErr %v", err, tt.wantErr) return } - diff := deep.Equal(got, tt.want) - if diff != nil { - t.Errorf("compare failed: %v", diff) - } + assert.Equal(t, got, tt.want) }) } } diff --git a/go.mod b/go.mod index 1b89a48..070ad73 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,6 @@ require ( github.com/eapache/go-resiliency v1.3.0 github.com/gammazero/workerpool v1.1.3 github.com/gin-gonic/gin v1.9.0 - github.com/go-test/deep v1.1.0 github.com/google/go-containerregistry v0.14.0 github.com/google/uuid v1.3.0 github.com/hashicorp/go-multierror v1.1.1 @@ -95,6 +94,7 @@ require ( github.com/go-playground/universal-translator v0.18.1 // indirect github.com/go-playground/validator/v10 v10.11.2 // indirect github.com/go-restruct/restruct v1.2.0-alpha // indirect + github.com/go-test/deep v1.1.0 // indirect github.com/goccy/go-json v0.10.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/glog v1.0.0 // indirect diff --git a/internal/tools/tools_test.go b/internal/tools/tools_test.go index ea196b8..47cad2f 100644 --- a/internal/tools/tools_test.go +++ b/internal/tools/tools_test.go @@ -3,7 +3,6 @@ package tools import ( "testing" - "github.com/go-test/deep" "github.com/kubescape/k8s-interface/instanceidhandler/v1" "github.com/stretchr/testify/assert" ) @@ -45,10 +44,7 @@ func TestLabelsFromImageID(t *testing.T) { for _, tt := range tests { t.Run(tt.imageID, func(t *testing.T) { got := LabelsFromImageID(tt.imageID) - diff := deep.Equal(got, tt.want) - if diff != nil { - t.Errorf("compare failed: %v", diff) - } + assert.Equal(t, got, tt.want) }) } } From ad91dd01b8662b0e8c1979b3eb8fb7bad07946e3 Mon Sep 17 00:00:00 2001 From: Matthias Bertschy Date: Thu, 25 May 2023 12:25:33 +0200 Subject: [PATCH 3/4] retry pulling image without credentials on 401 Signed-off-by: Matthias Bertschy --- adapters/v1/syft.go | 8 ++++++++ adapters/v1/syft_test.go | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/adapters/v1/syft.go b/adapters/v1/syft.go index cd3dd2f..25fbd8c 100644 --- a/adapters/v1/syft.go +++ b/adapters/v1/syft.go @@ -24,6 +24,7 @@ import ( "github.com/google/go-containerregistry/pkg/name" containerregistryV1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/remote" + "github.com/google/go-containerregistry/pkg/v1/remote/transport" "github.com/kubescape/go-logger" "github.com/kubescape/go-logger/helpers" "github.com/kubescape/k8s-interface/instanceidhandler/v1" @@ -99,6 +100,13 @@ func (s *SyftAdapter) CreateSBOM(ctx context.Context, imageID string, options do // download image logger.L().Debug("downloading image", helpers.String("imageID", imageID)) src, err := newFromRegistry(t, sourceInput, registryOptions, s.maxImageSize) + // check for 401 error and retry without credentials + var transportError *transport.Error + if errors.As(err, &transportError) && transportError.StatusCode == http.StatusUnauthorized { + logger.L().Debug("got 401, retrying without credentials", helpers.String("imageID", imageID)) + registryOptions.Credentials = nil + src, err = newFromRegistry(t, sourceInput, registryOptions, s.maxImageSize) + } switch { case errors.Is(err, ErrImageTooLarge): logger.L().Ctx(ctx).Warning("Image exceeds size limit", helpers.Int("maxImageSize", int(s.maxImageSize)), helpers.String("imageID", imageID)) diff --git a/adapters/v1/syft_test.go b/adapters/v1/syft_test.go index 040ad79..43a8060 100644 --- a/adapters/v1/syft_test.go +++ b/adapters/v1/syft_test.go @@ -40,13 +40,13 @@ func Test_syftAdapter_CreateSBOM(t *testing.T) { format: string(fileContent("testdata/alpine-sbom.format.json")), }, { - name: "valid image with registry credentials produces well-formed SBOM", + name: "public image with invalid registry credentials falls back to unauthenticated and produces well-formed SBOM", imageID: "library/alpine@sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501", format: string(fileContent("testdata/alpine-sbom.format.json")), options: domain.RegistryOptions{ Credentials: []domain.RegistryCredentials{ { - Authority: "docker.io", + Authority: "index.docker.io", Username: "username", Password: "password", Token: "token", From 62c0c5e178adb1e3c210d90473e871007157dfbf Mon Sep 17 00:00:00 2001 From: Matthias Bertschy Date: Thu, 25 May 2023 15:37:45 +0200 Subject: [PATCH 4/4] do not pull image for 10m after error 421 Signed-off-by: Matthias Bertschy --- adapters/mocksbom.go | 25 +++++-- adapters/mocksbom_test.go | 8 +- adapters/v1/armo.go | 11 ++- adapters/v1/armo_test.go | 4 +- adapters/v1/domain_to_armo.go | 7 +- adapters/v1/grype.go | 3 +- cmd/http/main_test.go | 2 +- core/domain/scan.go | 16 +++- core/services/mockscan.go | 13 ++-- core/services/scan.go | 74 ++++++++++++++----- core/services/scan_test.go | 133 +++++++++++++++++++++------------- go.mod | 1 + go.sum | 2 + repositories/apiserver.go | 3 +- repositories/broken.go | 11 ++- repositories/memory.go | 11 ++- 16 files changed, 206 insertions(+), 118 deletions(-) diff --git a/adapters/mocksbom.go b/adapters/mocksbom.go index 064839a..6bdfedd 100644 --- a/adapters/mocksbom.go +++ b/adapters/mocksbom.go @@ -2,9 +2,11 @@ package adapters import ( "context" - "errors" + "fmt" + "net/http" "time" + "github.com/google/go-containerregistry/pkg/v1/remote/transport" "github.com/kubescape/go-logger" "github.com/kubescape/k8s-interface/instanceidhandler/v1" "github.com/kubescape/kubevuln/core/domain" @@ -15,18 +17,20 @@ import ( // MockSBOMAdapter implements a mocked SBOMCreator to be used for tests type MockSBOMAdapter struct { - error bool - timeout bool + error bool + timeout bool + toomanyrequests bool } var _ ports.SBOMCreator = (*MockSBOMAdapter)(nil) // NewMockSBOMAdapter initializes the MockSBOMAdapter struct -func NewMockSBOMAdapter(error, timeout bool) *MockSBOMAdapter { +func NewMockSBOMAdapter(error, timeout, toomanyrequests bool) *MockSBOMAdapter { logger.L().Info("NewMockSBOMAdapter") return &MockSBOMAdapter{ - error: error, - timeout: timeout, + error: error, + timeout: timeout, + toomanyrequests: toomanyrequests, } } @@ -34,7 +38,14 @@ func NewMockSBOMAdapter(error, timeout bool) *MockSBOMAdapter { func (m MockSBOMAdapter) CreateSBOM(ctx context.Context, imageID string, _ domain.RegistryOptions) (domain.SBOM, error) { logger.L().Info("CreateSBOM") if m.error { - return domain.SBOM{}, errors.New("mock error") + return domain.SBOM{}, domain.ErrMockError + } + if m.toomanyrequests { + return domain.SBOM{}, fmt.Errorf("failed to get image descriptor from registry: %w", + &transport.Error{ + StatusCode: http.StatusTooManyRequests, + }, + ) } sbom := domain.SBOM{ ID: imageID, diff --git a/adapters/mocksbom_test.go b/adapters/mocksbom_test.go index 445f499..503552e 100644 --- a/adapters/mocksbom_test.go +++ b/adapters/mocksbom_test.go @@ -10,24 +10,24 @@ import ( ) func TestMockSBOMAdapter_CreateSBOM(t *testing.T) { - m := NewMockSBOMAdapter(false, false) + m := NewMockSBOMAdapter(false, false, false) sbom, _ := m.CreateSBOM(context.TODO(), "image", domain.RegistryOptions{}) assert.NotNil(t, sbom.Content) } func TestMockSBOMAdapter_CreateSBOM_Error(t *testing.T) { - m := NewMockSBOMAdapter(true, false) + m := NewMockSBOMAdapter(true, false, false) _, err := m.CreateSBOM(context.TODO(), "image", domain.RegistryOptions{}) assert.Error(t, err) } func TestMockSBOMAdapter_CreateSBOM_Timeout(t *testing.T) { - m := NewMockSBOMAdapter(false, true) + m := NewMockSBOMAdapter(false, true, false) sbom, _ := m.CreateSBOM(context.TODO(), "image", domain.RegistryOptions{}) assert.Equal(t, sbom.Status, instanceidhandler.Incomplete) } func TestMockSBOMAdapter_Version(t *testing.T) { - m := NewMockSBOMAdapter(false, false) + m := NewMockSBOMAdapter(false, false, false) assert.Equal(t, m.Version(), "Mock SBOM 1.0") } diff --git a/adapters/v1/armo.go b/adapters/v1/armo.go index 89d6102..470f08d 100644 --- a/adapters/v1/armo.go +++ b/adapters/v1/armo.go @@ -2,7 +2,6 @@ package v1 import ( "context" - "errors" "fmt" "net/http" "strconv" @@ -71,7 +70,7 @@ func (a *ArmoAdapter) GetCVEExceptions(ctx context.Context) (domain.CVEException // retrieve workload from context workload, ok := ctx.Value(domain.WorkloadKey{}).(domain.ScanCommand) if !ok { - return nil, errors.New("no workload found in context") + return nil, domain.ErrMissingWorkload } designator := armotypes.PortalDesignator{ @@ -100,7 +99,7 @@ func (a *ArmoAdapter) SendStatus(ctx context.Context, step int) error { // retrieve workload from context workload, ok := ctx.Value(domain.WorkloadKey{}).(domain.ScanCommand) if !ok { - return errors.New("no workload found in context") + return domain.ErrMissingWorkload } lastAction := workload.LastAction + 1 @@ -133,17 +132,17 @@ func (a *ArmoAdapter) SubmitCVE(ctx context.Context, cve domain.CVEManifest, cve // retrieve timestamp from context timestamp, ok := ctx.Value(domain.TimestampKey{}).(int64) if !ok { - return errors.New("no timestamp found in context") + return domain.ErrMissingTimestamp } // retrieve scanID from context scanID, ok := ctx.Value(domain.ScanIDKey{}).(string) if !ok { - return errors.New("no scanID found in context") + return domain.ErrMissingScanID } // retrieve workload from context workload, ok := ctx.Value(domain.WorkloadKey{}).(domain.ScanCommand) if !ok { - return errors.New("no workload found in context") + return domain.ErrMissingWorkload } // get exceptions diff --git a/adapters/v1/armo_test.go b/adapters/v1/armo_test.go index b355d7d..fb184ca 100644 --- a/adapters/v1/armo_test.go +++ b/adapters/v1/armo_test.go @@ -4,7 +4,7 @@ import ( "bytes" "context" "encoding/json" - "errors" + "fmt" "io" "net/http" "os" @@ -45,7 +45,7 @@ func TestArmoAdapter_GetCVEExceptions(t *testing.T) { workload: true, fields: fields{ getCVEExceptionsFunc: func(s string, s2 string, designator *armotypes.PortalDesignator) ([]armotypes.VulnerabilityExceptionPolicy, error) { - return nil, errors.New("error") + return nil, fmt.Errorf("error") }, }, wantErr: true, diff --git a/adapters/v1/domain_to_armo.go b/adapters/v1/domain_to_armo.go index 517a6a6..c41ee57 100644 --- a/adapters/v1/domain_to_armo.go +++ b/adapters/v1/domain_to_armo.go @@ -4,7 +4,6 @@ import ( "context" "encoding/base64" "encoding/json" - "errors" "github.com/anchore/syft/syft/source" "github.com/armosec/armoapi-go/armotypes" @@ -20,17 +19,17 @@ func domainToArmo(ctx context.Context, grypeDocument v1beta1.GrypeDocument, vuln // retrieve timestamp from context timestamp, ok := ctx.Value(domain.TimestampKey{}).(int64) if !ok { - return vulnerabilityResults, errors.New("no timestamp found in context") + return vulnerabilityResults, domain.ErrMissingTimestamp } // retrieve scanID from context scanID, ok := ctx.Value(domain.ScanIDKey{}).(string) if !ok { - return vulnerabilityResults, errors.New("no scanID found in context") + return vulnerabilityResults, domain.ErrMissingScanID } // retrieve workload from context workload, ok := ctx.Value(domain.WorkloadKey{}).(domain.ScanCommand) if !ok { - return vulnerabilityResults, errors.New("no workload found in context") + return vulnerabilityResults, domain.ErrMissingWorkload } if grypeDocument.Source != nil { diff --git a/adapters/v1/grype.go b/adapters/v1/grype.go index 2ffaa35..8862552 100644 --- a/adapters/v1/grype.go +++ b/adapters/v1/grype.go @@ -2,7 +2,6 @@ package v1 import ( "context" - "errors" "path" "sync" "time" @@ -111,7 +110,7 @@ func (g *GrypeAdapter) ScanSBOM(ctx context.Context, sbom domain.SBOM) (domain.C defer g.mu.RUnlock() if g.dbStatus == nil { - return domain.CVEManifest{}, errors.New("grype DB is not initialized, run readiness probe first") + return domain.CVEManifest{}, domain.ErrInitVulnDB } logger.L().Debug("decoding SBOM", helpers.String("imageID", sbom.ID)) diff --git a/cmd/http/main_test.go b/cmd/http/main_test.go index 6aee08e..58496c1 100644 --- a/cmd/http/main_test.go +++ b/cmd/http/main_test.go @@ -85,7 +85,7 @@ func TestScan(t *testing.T) { for _, test := range tests { t.Run(test.name, func(t *testing.T) { repository := repositories.NewFakeAPIServerStorage("kubescape") - sbomAdapter := adapters.NewMockSBOMAdapter(false, false) + sbomAdapter := adapters.NewMockSBOMAdapter(false, false, false) cveAdapter := adapters.NewMockCVEAdapter() platform := adapters.NewMockPlatform() service := services.NewScanService(sbomAdapter, repository, cveAdapter, repository, platform, test.storage) diff --git a/core/domain/scan.go b/core/domain/scan.go index 8080c27..a9a01ab 100644 --- a/core/domain/scan.go +++ b/core/domain/scan.go @@ -1,15 +1,29 @@ package domain import ( + "errors" + "github.com/armosec/armoapi-go/armotypes" "github.com/docker/docker/api/types" ) const ( - AttributeUseHTTP = armotypes.AttributeUseHTTP + AttributeUseHTTP = armotypes.AttributeUseHTTP AttributeSkipTLSVerify = armotypes.AttributeSkipTLSVerify ) +var ( + ErrExpectedError = errors.New("expected error") + ErrInitVulnDB = errors.New("vulnerability DB is not initialized, run readiness probe") + ErrIncompleteSBOM = errors.New("incomplete SBOM, skipping CVE scan") + ErrMissingImageID = errors.New("missing imageID") + ErrMissingScanID = errors.New("missing scanID") + ErrMissingTimestamp = errors.New("missing timestamp") + ErrMissingWorkload = errors.New("missing workload") + ErrMockError = errors.New("mock error") + ErrTooManyRequests = errors.New("too many requests") +) + type ScanIDKey struct{} type TimestampKey struct{} type WorkloadKey struct{} diff --git a/core/services/mockscan.go b/core/services/mockscan.go index 99ca694..bff13e2 100644 --- a/core/services/mockscan.go +++ b/core/services/mockscan.go @@ -2,7 +2,6 @@ package services import ( "context" - "errors" "github.com/kubescape/kubevuln/core/domain" "github.com/kubescape/kubevuln/core/ports" @@ -22,7 +21,7 @@ func (m MockScanService) GenerateSBOM(context.Context) error { if m.happy { return nil } - return errors.New("mock error") + return domain.ErrMockError } func (m MockScanService) Ready(context.Context) bool { @@ -33,33 +32,33 @@ func (m MockScanService) ScanCVE(context.Context) error { if m.happy { return nil } - return errors.New("mock error") + return domain.ErrMockError } func (m MockScanService) ScanRegistry(context.Context) error { if m.happy { return nil } - return errors.New("mock error") + return domain.ErrMockError } func (m MockScanService) ValidateGenerateSBOM(ctx context.Context, _ domain.ScanCommand) (context.Context, error) { if m.happy { return ctx, nil } - return ctx, errors.New("mock error") + return ctx, domain.ErrMockError } func (m MockScanService) ValidateScanCVE(ctx context.Context, _ domain.ScanCommand) (context.Context, error) { if m.happy { return ctx, nil } - return ctx, errors.New("mock error") + return ctx, domain.ErrMockError } func (m MockScanService) ValidateScanRegistry(ctx context.Context, _ domain.ScanCommand) (context.Context, error) { if m.happy { return ctx, nil } - return ctx, errors.New("mock error") + return ctx, domain.ErrMockError } diff --git a/core/services/scan.go b/core/services/scan.go index 7dba040..a6870dd 100644 --- a/core/services/scan.go +++ b/core/services/scan.go @@ -5,9 +5,12 @@ import ( "crypto/sha256" "errors" "fmt" + "net/http" "os" "time" + "github.com/akyoto/cache" + "github.com/google/go-containerregistry/pkg/v1/remote/transport" "github.com/google/uuid" "github.com/kubescape/go-logger" "github.com/kubescape/go-logger/helpers" @@ -19,15 +22,21 @@ import ( "go.opentelemetry.io/otel/trace" ) +const ( + cleaningInterval = 1 * time.Minute + ttl = 10 * time.Minute +) + // ScanService implements ScanService from ports, this is the business component // business logic should be independent of implementations type ScanService struct { - sbomCreator ports.SBOMCreator - sbomRepository ports.SBOMRepository - cveScanner ports.CVEScanner - cveRepository ports.CVERepository - platform ports.Platform - storage bool + sbomCreator ports.SBOMCreator + sbomRepository ports.SBOMRepository + cveScanner ports.CVEScanner + cveRepository ports.CVERepository + platform ports.Platform + storage bool + tooManyRequests *cache.Cache } var _ ports.ScanService = (*ScanService)(nil) @@ -35,12 +44,22 @@ var _ ports.ScanService = (*ScanService)(nil) // NewScanService initializes the ScanService with all injected dependencies func NewScanService(sbomCreator ports.SBOMCreator, sbomRepository ports.SBOMRepository, cveScanner ports.CVEScanner, cveRepository ports.CVERepository, platform ports.Platform, storage bool) *ScanService { return &ScanService{ - sbomCreator: sbomCreator, - sbomRepository: sbomRepository, - cveScanner: cveScanner, - cveRepository: cveRepository, - platform: platform, - storage: storage, + sbomCreator: sbomCreator, + sbomRepository: sbomRepository, + cveScanner: cveScanner, + cveRepository: cveRepository, + platform: platform, + storage: storage, + tooManyRequests: cache.New(cleaningInterval), + } +} + +func (s *ScanService) checkCreateSBOM(err error, key string) { + if err != nil { + var transportError *transport.Error + if errors.As(err, &transportError) && transportError.StatusCode == http.StatusTooManyRequests { + s.tooManyRequests.Set(key, true, ttl) + } } } @@ -52,7 +71,7 @@ func (s *ScanService) GenerateSBOM(ctx context.Context) error { // retrieve workload from context workload, ok := ctx.Value(domain.WorkloadKey{}).(domain.ScanCommand) if !ok { - return errors.New("no workload found in context") + return domain.ErrMissingWorkload } // check if SBOM is already available @@ -69,6 +88,7 @@ func (s *ScanService) GenerateSBOM(ctx context.Context) error { if sbom.Content == nil { // create SBOM sbom, err = s.sbomCreator.CreateSBOM(ctx, workload.ImageHash, optionsFromWorkload(workload)) + s.checkCreateSBOM(err, workload.ImageHash) if err != nil { return err } @@ -98,7 +118,7 @@ func (s *ScanService) ScanCVE(ctx context.Context) error { // retrieve workload from context workload, ok := ctx.Value(domain.WorkloadKey{}).(domain.ScanCommand) if !ok { - return errors.New("no workload found in context") + return domain.ErrMissingWorkload } logger.L().Info("scan started", helpers.String("imageID", workload.ImageHash), helpers.String("jobID", workload.JobID)) @@ -132,6 +152,7 @@ func (s *ScanService) ScanCVE(ctx context.Context) error { if sbom.Content == nil { // create SBOM sbom, err = s.sbomCreator.CreateSBOM(ctx, workload.ImageHash, optionsFromWorkload(workload)) + s.checkCreateSBOM(err, workload.ImageHash) if err != nil { return err } @@ -146,7 +167,7 @@ func (s *ScanService) ScanCVE(ctx context.Context) error { // do not process timed out SBOM if sbom.Status == instanceidhandler.Incomplete { - return errors.New("SBOM incomplete due to timeout, skipping CVE scan") + return domain.ErrIncompleteSBOM } // scan for CVE @@ -218,7 +239,7 @@ func (s *ScanService) ScanRegistry(ctx context.Context) error { // retrieve workload from context workload, ok := ctx.Value(domain.WorkloadKey{}).(domain.ScanCommand) if !ok { - return errors.New("no workload found in context") + return domain.ErrMissingWorkload } logger.L().Info("registry scan started", helpers.String("imageID", workload.ImageTag), helpers.String("jobID", workload.JobID)) @@ -230,13 +251,14 @@ func (s *ScanService) ScanRegistry(ctx context.Context) error { // create SBOM sbom, err := s.sbomCreator.CreateSBOM(ctx, workload.ImageTag, optionsFromWorkload(workload)) + s.checkCreateSBOM(err, workload.ImageTag) if err != nil { return err } // do not process timed out SBOM if sbom.Status == instanceidhandler.Incomplete { - return errors.New("SBOM incomplete due to timeout, skipping CVE scan") + return domain.ErrIncompleteSBOM } // scan for CVE @@ -317,7 +339,7 @@ func (s *ScanService) ValidateGenerateSBOM(ctx context.Context, workload domain. ctx = enrichContext(ctx, workload) // validate inputs if workload.ImageHash == "" { - return ctx, errors.New("missing imageID") + return ctx, domain.ErrMissingImageID } // add imageID to parent span if parentSpan := trace.SpanFromContext(ctx); parentSpan != nil { @@ -325,6 +347,10 @@ func (s *ScanService) ValidateGenerateSBOM(ctx context.Context, workload domain. parentSpan.SetAttributes(attribute.String("version", os.Getenv("RELEASE"))) ctx = trace.ContextWithSpan(ctx, parentSpan) } + // check if previous image pull resulted in TOOMANYREQUESTS error + if _, ok := s.tooManyRequests.Get(workload.ImageHash); ok { + return ctx, domain.ErrTooManyRequests + } return ctx, nil } @@ -335,7 +361,7 @@ func (s *ScanService) ValidateScanCVE(ctx context.Context, workload domain.ScanC ctx = enrichContext(ctx, workload) // validate inputs if workload.ImageHash == "" { - return ctx, errors.New("missing imageID") + return ctx, domain.ErrMissingImageID } // add instanceID and imageID to parent span if parentSpan := trace.SpanFromContext(ctx); parentSpan != nil { @@ -347,6 +373,10 @@ func (s *ScanService) ValidateScanCVE(ctx context.Context, workload domain.ScanC parentSpan.SetAttributes(attribute.String("wlid", workload.Wlid)) ctx = trace.ContextWithSpan(ctx, parentSpan) } + // check if previous image pull resulted in TOOMANYREQUESTS error + if _, ok := s.tooManyRequests.Get(workload.ImageHash); ok { + return ctx, domain.ErrTooManyRequests + } // report to platform err := s.platform.SendStatus(ctx, domain.Accepted) if err != nil { @@ -362,7 +392,7 @@ func (s *ScanService) ValidateScanRegistry(ctx context.Context, workload domain. ctx = enrichContext(ctx, workload) // validate inputs if workload.ImageTag == "" { - return ctx, errors.New("missing imageID") + return ctx, domain.ErrMissingImageID } // add imageID to parent span if parentSpan := trace.SpanFromContext(ctx); parentSpan != nil { @@ -370,5 +400,9 @@ func (s *ScanService) ValidateScanRegistry(ctx context.Context, workload domain. parentSpan.SetAttributes(attribute.String("version", os.Getenv("RELEASE"))) ctx = trace.ContextWithSpan(ctx, parentSpan) } + // check if previous image pull resulted in TOOMANYREQUESTS error + if _, ok := s.tooManyRequests.Get(workload.ImageTag); ok { + return ctx, domain.ErrTooManyRequests + } return ctx, nil } diff --git a/core/services/scan_test.go b/core/services/scan_test.go index 1ae9f05..f44b992 100644 --- a/core/services/scan_test.go +++ b/core/services/scan_test.go @@ -26,6 +26,7 @@ func TestScanService_GenerateSBOM(t *testing.T) { getError bool storeError bool timeout bool + toomanyrequests bool workload bool wantErr bool }{ @@ -51,6 +52,12 @@ func TestScanService_GenerateSBOM(t *testing.T) { workload: true, wantErr: false, // we no longer check for timeout }, + { + name: "phase 1, too many requests", + toomanyrequests: true, + workload: true, + wantErr: true, + }, { name: "phase 2, get SBOM failed", storage: true, @@ -74,7 +81,7 @@ func TestScanService_GenerateSBOM(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - sbomAdapter := adapters.NewMockSBOMAdapter(tt.createSBOMError, tt.timeout) + sbomAdapter := adapters.NewMockSBOMAdapter(tt.createSBOMError, tt.timeout, tt.toomanyrequests) storage := repositories.NewMemoryStorage(tt.getError, tt.storeError) s := NewScanService(sbomAdapter, storage, @@ -83,33 +90,36 @@ func TestScanService_GenerateSBOM(t *testing.T) { adapters.NewMockPlatform(), tt.storage) ctx := context.TODO() + + workload := domain.ScanCommand{ + ImageHash: "k8s.gcr.io/kube-proxy@sha256:c1b135231b5b1a6799346cd701da4b59e5b7ef8e694ec7b04fb23b8dbe144137", + } + workload.Credentialslist = []types.AuthConfig{ + { + Username: "test", + Password: "test", + }, + { + RegistryToken: "test", + }, + { + Auth: "test", + }, + } + workload.Args = map[string]interface{}{ + domain.AttributeUseHTTP: false, + domain.AttributeSkipTLSVerify: false, + } if tt.workload { - workload := domain.ScanCommand{ - ImageHash: "k8s.gcr.io/kube-proxy@sha256:c1b135231b5b1a6799346cd701da4b59e5b7ef8e694ec7b04fb23b8dbe144137", - } - workload.Credentialslist = []types.AuthConfig{ - { - Username: "test", - Password: "test", - }, - { - RegistryToken: "test", - }, - { - Auth: "test", - }, - } - workload.Args = map[string]interface{}{ - domain.AttributeUseHTTP: false, - domain.AttributeSkipTLSVerify: false, - } - var err error ctx, _ = s.ValidateGenerateSBOM(ctx, workload) - tools.EnsureSetup(t, err == nil) } if err := s.GenerateSBOM(ctx); (err != nil) != tt.wantErr { t.Errorf("GenerateSBOM() error = %v, wantErr %v", err, tt.wantErr) } + if tt.toomanyrequests { + _, err := s.ValidateGenerateSBOM(ctx, workload) + assert.Equal(t, domain.ErrTooManyRequests, err) + } }) } } @@ -127,6 +137,7 @@ func TestScanService_ScanCVE(t *testing.T) { storeErrorCVE bool storeErrorSBOM bool timeout bool + toomanyrequests bool workload bool wantCvep bool wantErr bool @@ -147,6 +158,12 @@ func TestScanService_ScanCVE(t *testing.T) { workload: true, wantErr: true, }, + { + name: "create SBOM too many requests", + toomanyrequests: true, + workload: true, + wantErr: true, + }, { name: "empty wlid", emptyWlid: true, @@ -213,7 +230,7 @@ func TestScanService_ScanCVE(t *testing.T) { if tt.emptyWlid { wlid = "" } - sbomAdapter := adapters.NewMockSBOMAdapter(tt.createSBOMError, tt.timeout) + sbomAdapter := adapters.NewMockSBOMAdapter(tt.createSBOMError, tt.timeout, tt.toomanyrequests) cveAdapter := adapters.NewMockCVEAdapter() storageSBOM := repositories.NewMemoryStorage(tt.getErrorSBOM, tt.storeErrorSBOM) storageCVE := repositories.NewMemoryStorage(tt.getErrorCVE, tt.storeErrorCVE) @@ -225,14 +242,15 @@ func TestScanService_ScanCVE(t *testing.T) { tt.storage) ctx := context.TODO() s.Ready(ctx) + + workload := domain.ScanCommand{ + ImageHash: imageHash, + Wlid: wlid, + } + if tt.instanceID != "" { + workload.InstanceID = tt.instanceID + } if tt.workload { - workload := domain.ScanCommand{ - ImageHash: imageHash, - Wlid: wlid, - } - if tt.instanceID != "" { - workload.InstanceID = tt.instanceID - } var err error ctx, err = s.ValidateScanCVE(ctx, workload) tools.EnsureSetup(t, err == nil) @@ -253,6 +271,10 @@ func TestScanService_ScanCVE(t *testing.T) { if err := s.ScanCVE(ctx); (err != nil) != tt.wantErr { t.Errorf("ScanCVE() error = %v, wantErr %v", err, tt.wantErr) } + if tt.toomanyrequests { + _, err := s.ValidateScanCVE(ctx, workload) + assert.Equal(t, domain.ErrTooManyRequests, err) + } if tt.wantCvep { cvep, err := storageCVE.GetCVE(ctx, sbomp.ID, sbomAdapter.Version(), cveAdapter.Version(ctx), cveAdapter.DBVersion(ctx)) tools.EnsureSetup(t, err == nil) @@ -277,7 +299,7 @@ func TestScanService_NginxTest(t *testing.T) { imageHash := "docker.io/library/nginx@sha256:32fdf92b4e986e109e4db0865758020cb0c3b70d6ba80d02fe87bad5cc3dc228" instanceID := "1c83b589d90ba26957627525e08124b1a24732755a330924f7987e9d9e3952c1" ctx := context.TODO() - sbomAdapter := adapters.NewMockSBOMAdapter(false, false) + sbomAdapter := adapters.NewMockSBOMAdapter(false, false, false) go func() { _ = http.ListenAndServe(":8000", http.FileServer(http.Dir("../../adapters/v1/testdata"))) }() @@ -337,7 +359,7 @@ func TestScanService_ValidateGenerateSBOM(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - s := NewScanService(adapters.NewMockSBOMAdapter(false, false), + s := NewScanService(adapters.NewMockSBOMAdapter(false, false, false), repositories.NewMemoryStorage(false, false), adapters.NewMockCVEAdapter(), repositories.NewMemoryStorage(false, false), @@ -381,7 +403,7 @@ func TestScanService_ValidateScanCVE(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - s := NewScanService(adapters.NewMockSBOMAdapter(false, false), + s := NewScanService(adapters.NewMockSBOMAdapter(false, false, false), repositories.NewMemoryStorage(false, false), adapters.NewMockCVEAdapter(), repositories.NewMemoryStorage(false, false), @@ -401,6 +423,7 @@ func TestScanService_ScanRegistry(t *testing.T) { createSBOMError bool name string timeout bool + toomanyrequests bool workload bool wantErr bool }{ @@ -421,6 +444,12 @@ func TestScanService_ScanRegistry(t *testing.T) { workload: true, wantErr: true, }, + { + name: "toomanyrequests SBOM", + toomanyrequests: true, + workload: true, + wantErr: true, + }, { name: "scan", workload: true, @@ -429,7 +458,7 @@ func TestScanService_ScanRegistry(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - sbomAdapter := adapters.NewMockSBOMAdapter(tt.createSBOMError, tt.timeout) + sbomAdapter := adapters.NewMockSBOMAdapter(tt.createSBOMError, tt.timeout, tt.toomanyrequests) storage := repositories.NewMemoryStorage(false, false) s := NewScanService(sbomAdapter, storage, @@ -438,22 +467,22 @@ func TestScanService_ScanRegistry(t *testing.T) { adapters.NewMockPlatform(), false) ctx := context.TODO() + workload := domain.ScanCommand{ + ImageTag: "k8s.gcr.io/kube-proxy:v1.24.3", + } + workload.Credentialslist = []types.AuthConfig{ + { + Username: "test", + Password: "test", + }, + { + RegistryToken: "test", + }, + { + Auth: "test", + }, + } if tt.workload { - workload := domain.ScanCommand{ - ImageTag: "k8s.gcr.io/kube-proxy:v1.24.3", - } - workload.Credentialslist = []types.AuthConfig{ - { - Username: "test", - Password: "test", - }, - { - RegistryToken: "test", - }, - { - Auth: "test", - }, - } var err error ctx, _ = s.ValidateScanRegistry(ctx, workload) tools.EnsureSetup(t, err == nil) @@ -461,6 +490,10 @@ func TestScanService_ScanRegistry(t *testing.T) { if err := s.ScanRegistry(ctx); (err != nil) != tt.wantErr { t.Errorf("ScanRegistry() error = %v, wantErr %v", err, tt.wantErr) } + if tt.toomanyrequests { + _, err := s.ValidateScanRegistry(ctx, workload) + assert.Equal(t, domain.ErrTooManyRequests, err) + } }) } } @@ -486,7 +519,7 @@ func TestScanService_ValidateScanRegistry(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - s := NewScanService(adapters.NewMockSBOMAdapter(false, false), + s := NewScanService(adapters.NewMockSBOMAdapter(false, false, false), repositories.NewMemoryStorage(false, false), adapters.NewMockCVEAdapter(), repositories.NewMemoryStorage(false, false), diff --git a/go.mod b/go.mod index 070ad73..436754e 100644 --- a/go.mod +++ b/go.mod @@ -4,6 +4,7 @@ go 1.19 require ( github.com/adrg/xdg v0.4.0 + github.com/akyoto/cache v1.0.6 github.com/anchore/grype v0.61.0 github.com/anchore/stereoscope v0.0.0-20230323161519-d7551b7f46f5 github.com/anchore/syft v0.76.0 diff --git a/go.sum b/go.sum index 265d94e..b3f99cf 100644 --- a/go.sum +++ b/go.sum @@ -220,6 +220,8 @@ github.com/acobaugh/osrelease v0.1.0 h1:Yb59HQDGGNhCj4suHaFQQfBps5wyoKLSSX/J/+Ui github.com/acobaugh/osrelease v0.1.0/go.mod h1:4bFEs0MtgHNHBrmHCt67gNisnabCRAlzdVasCEGHTWY= github.com/adrg/xdg v0.4.0 h1:RzRqFcjH4nE5C6oTAxhBtoE2IRyjBSa62SCbyPidvls= github.com/adrg/xdg v0.4.0/go.mod h1:N6ag73EX4wyxeaoeHctc1mas01KZgsj5tYiAIwqJE/E= +github.com/akyoto/cache v1.0.6 h1:5XGVVYoi2i+DZLLPuVIXtsNIJ/qaAM16XT0LaBaXd2k= +github.com/akyoto/cache v1.0.6/go.mod h1:WfxTRqKhfgAG71Xh6E3WLpjhBtZI37O53G4h5s+3iM4= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= diff --git a/repositories/apiserver.go b/repositories/apiserver.go index 5477d58..1f5c7c8 100644 --- a/repositories/apiserver.go +++ b/repositories/apiserver.go @@ -2,7 +2,6 @@ package repositories import ( "context" - "fmt" "strconv" "strings" "time" @@ -204,7 +203,7 @@ func (a *APIServerStore) GetSBOM(ctx context.Context, imageID, SBOMCreatorVersio func validateSBOMp(manifest *v1beta1.SBOMSPDXv2p3Filtered) error { if status, ok := manifest.Annotations[instanceidhandler.StatusMetadataKey]; ok && status == instanceidhandler.Incomplete { - return fmt.Errorf("relevant SBOM is incomplete") + return domain.ErrIncompleteSBOM } return nil } diff --git a/repositories/broken.go b/repositories/broken.go index f700f19..f2a0e1e 100644 --- a/repositories/broken.go +++ b/repositories/broken.go @@ -2,7 +2,6 @@ package repositories import ( "context" - "errors" "github.com/kubescape/kubevuln/core/domain" "github.com/kubescape/kubevuln/core/ports" @@ -22,29 +21,29 @@ func NewBrokenStorage() *BrokenStore { func (b BrokenStore) GetSBOM(ctx context.Context, _ string, _ string) (sbom domain.SBOM, err error) { _, span := otel.Tracer("").Start(ctx, "BrokenStore.GetSBOM") defer span.End() - return domain.SBOM{}, errors.New("expected error") + return domain.SBOM{}, domain.ErrExpectedError } func (b BrokenStore) GetSBOMp(ctx context.Context, _ string, _ string) (sbom domain.SBOM, err error) { _, span := otel.Tracer("").Start(ctx, "BrokenStore.GetSBOMp") defer span.End() - return domain.SBOM{}, errors.New("expected error") + return domain.SBOM{}, domain.ErrExpectedError } func (b BrokenStore) StoreSBOM(ctx context.Context, _ domain.SBOM) error { _, span := otel.Tracer("").Start(ctx, "BrokenStore.StoreSBOM") defer span.End() - return errors.New("expected error") + return domain.ErrExpectedError } func (b BrokenStore) GetCVE(ctx context.Context, _ string, _ string, _ string, _ string) (cve domain.CVEManifest, err error) { _, span := otel.Tracer("").Start(ctx, "BrokenStore.GetCVE") defer span.End() - return domain.CVEManifest{}, errors.New("expected error") + return domain.CVEManifest{}, domain.ErrExpectedError } func (b BrokenStore) StoreCVE(ctx context.Context, _ domain.CVEManifest, _ bool) error { _, span := otel.Tracer("").Start(ctx, "BrokenStore.StoreCVE") defer span.End() - return errors.New("expected error") + return domain.ErrExpectedError } diff --git a/repositories/memory.go b/repositories/memory.go index 182a606..9edba03 100644 --- a/repositories/memory.go +++ b/repositories/memory.go @@ -2,7 +2,6 @@ package repositories import ( "context" - "errors" "github.com/kubescape/kubevuln/core/domain" "github.com/kubescape/kubevuln/core/ports" @@ -49,7 +48,7 @@ func (m *MemoryStore) GetCVE(ctx context.Context, imageID, SBOMCreatorVersion, C defer span.End() if m.getError { - return domain.CVEManifest{}, errors.New("mock error") + return domain.CVEManifest{}, domain.ErrMockError } id := cveID{ @@ -70,7 +69,7 @@ func (m *MemoryStore) StoreCVE(ctx context.Context, cve domain.CVEManifest, _ bo defer span.End() if m.storeError { - return errors.New("mock error") + return domain.ErrMockError } id := cveID{ @@ -89,7 +88,7 @@ func (m *MemoryStore) GetSBOM(ctx context.Context, imageID, SBOMCreatorVersion s defer span.End() if m.getError { - return domain.SBOM{}, errors.New("mock error") + return domain.SBOM{}, domain.ErrMockError } id := sbomID{ @@ -108,7 +107,7 @@ func (m *MemoryStore) GetSBOMp(ctx context.Context, instanceID, SBOMCreatorVersi defer span.End() if m.getError { - return domain.SBOM{}, errors.New("mock error") + return domain.SBOM{}, domain.ErrMockError } id := sbomID{ @@ -127,7 +126,7 @@ func (m *MemoryStore) StoreSBOM(ctx context.Context, sbom domain.SBOM) error { defer span.End() if m.storeError { - return errors.New("mock error") + return domain.ErrMockError } id := sbomID{