report filter sbom incompelte imp

Signed-off-by: Raziel Cohen <rcohen@armosec.io>
kubescape · May 11, 2023 · aa8b02c · aa8b02c
1 parent 549f89a
commit aa8b02c
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 28 deletions.
diff --git a/pkg/conthandler/container_main_handler.go b/pkg/conthandler/container_main_handler.go
@@ -101,7 +101,6 @@ func (ch *ContainerHandler) afterTimerActions() error {
 				logger.L().Ctx(ctx).Warning("SBOM is incomplete", []helpers.IDetails{helpers.String("container ID", afterTimerActionsData.containerID), helpers.String("container name", containerData.event.GetContainerName()), helpers.String("k8s resource ", containerData.event.GetK8SWorkloadID()), helpers.Error(err)}...)
 				containerData.syncChannel[StepValidateSBOM] <- err
 				span.End()
-				continue
 			}
 			if err = containerData.sbomClient.FilterSBOM(fileList); err != nil {
 				ctx, span := otel.Tracer("").Start(context.GetBackgroundContext(), "afterTimerActions")

diff --git a/pkg/sbom/v1/sbom_spdx_storage_format.go b/pkg/sbom/v1/sbom_spdx_storage_format.go
@@ -23,26 +23,26 @@ import (
 
 const (
 	// CreatorType should be one of "Person", "Organization", or "Tool"
-	Organization              = "Organization"
-	Tool                      = "Tool"
-	Person                    = "Person"
-	KubescapeOrganizationName = "Kubescape"
-	KubescapeNodeAgentName    = "KubescapeNodeAgent"
-	RelationshipContainType   = "CONTAINS"
-	directorySBOM             = "SBOM"
-	sourceInfoDotnet = "acquired package info from dotnet project assets file"
-	sourceInfoNodeModule = "acquired package info from installed node module manifest file"
-	sourceInfoPythonPackage = "acquired package info from installed python package manifest file"
-	sourceInfoJava = "acquired package info from installed java archive"
-	sourceInfoGemFile = "acquired package info from installed gem metadata file"
-	sourceInfoGoModule = "acquired package info from go module information"
-	sourceInfoRustCargo = "acquired package info from rust cargo manifest"
-	sourceInfoPHPComposer = "acquired package info from PHP composer manifest"
-	sourceInfoCabal = "acquired package info from cabal or stack manifest files"
-	sourceInfoRebar = "acquired package info from rebar3 or mix manifest file"
-	sourceInfoLinuxKernel = "acquired package info from linux kernel archive"
+	Organization                = "Organization"
+	Tool                        = "Tool"
+	Person                      = "Person"
+	KubescapeOrganizationName   = "Kubescape"
+	KubescapeNodeAgentName      = "KubescapeNodeAgent"
+	RelationshipContainType     = "CONTAINS"
+	directorySBOM               = "SBOM"
+	sourceInfoDotnet            = "acquired package info from dotnet project assets file"
+	sourceInfoNodeModule        = "acquired package info from installed node module manifest file"
+	sourceInfoPythonPackage     = "acquired package info from installed python package manifest file"
+	sourceInfoJava              = "acquired package info from installed java archive"
+	sourceInfoGemFile           = "acquired package info from installed gem metadata file"
+	sourceInfoGoModule          = "acquired package info from go module information"
+	sourceInfoRustCargo         = "acquired package info from rust cargo manifest"
+	sourceInfoPHPComposer       = "acquired package info from PHP composer manifest"
+	sourceInfoCabal             = "acquired package info from cabal or stack manifest files"
+	sourceInfoRebar             = "acquired package info from rebar3 or mix manifest file"
+	sourceInfoLinuxKernel       = "acquired package info from linux kernel archive"
 	sourceInfoLinuxKernelModule = "acquired package info from linux kernel module files"
-	sourceInfoDefault = "acquired package info from the following paths"
+	sourceInfoDefault           = "acquired package info from the following paths"
 )
 
 var (
@@ -59,6 +59,7 @@ type SBOMData struct {
 	relevantRealtimeFilesByPackageSourceInfo sync.Map
 	newRelevantData                          bool
 	alreadyExistSBOM                         bool
+	status                                   string
 	instanceID                               instanceidhandler.IInstanceID
 }
 
@@ -82,7 +83,7 @@ func createSBOMDir() {
 func init() {
 	createSBOMDir()
 	sourceInfoPrefixData := []string{sourceInfoDotnet, sourceInfoNodeModule, sourceInfoPythonPackage, sourceInfoJava, sourceInfoGemFile, sourceInfoGoModule, sourceInfoRustCargo, sourceInfoPHPComposer, sourceInfoCabal, sourceInfoRebar, sourceInfoLinuxKernel, sourceInfoLinuxKernelModule, sourceInfoDefault}
-	sourceInfoRequiredPrefix = append(sourceInfoRequiredPrefix,sourceInfoPrefixData...) 
+	sourceInfoRequiredPrefix = append(sourceInfoRequiredPrefix, sourceInfoPrefixData...)
 }
 
 func CreateSBOMDataSPDXVersionV040(instanceID instanceidhandler.IInstanceID) SBOMFormat {
@@ -95,6 +96,7 @@ func CreateSBOMDataSPDXVersionV040(instanceID instanceidhandler.IInstanceID) SBO
 		newRelevantData:                          false,
 		alreadyExistSBOM:                         false,
 		instanceID:                               instanceID,
+		status:                                   "",
 	}
 }
 
@@ -205,6 +207,9 @@ func (sbom *SBOMData) getSBOMDataSPDXFormat() (*spdxv1beta1.SBOMSPDXv2p3, error)
 }
 
 func (sbom *SBOMData) FilterSBOM(sbomFileRelevantMap map[string]bool) error {
+	if sbom.status == instanceidhandlerV1.Incomplete {
+		return nil
+	}
 	sbom.newRelevantData = false
 
 	spdxData, err := sbom.getSBOMDataSPDXFormat()
@@ -318,6 +323,7 @@ func (sbom *SBOMData) storeAnnotations(wlidData, imageID string, instanceID inst
 	annotations[instanceidhandlerV1.InstanceIDMetadataKey] = instanceID.GetStringFormatted()
 	annotations[instanceidhandlerV1.ContainerNameMetadataKey] = instanceID.GetContainerName()
 	annotations[instanceidhandlerV1.ImageIDMetadataKey] = imageID
+	annotations[instanceidhandlerV1.StatusMetadataKey] = sbom.status
 
 	sbom.filteredSpdxData.ObjectMeta.SetAnnotations(annotations)
 }
@@ -335,16 +341,17 @@ func (sc *SBOMData) CleanResources() {
 }
 
 func (sc *SBOMData) ValidateSBOM() error {
-	sbom, err :=  sc.getSBOMDataSPDXFormat()
+	sbom, err := sc.getSBOMDataSPDXFormat()
 	if err != nil {
 		logger.L().Debug("fail to validate SBOM", helpers.String("file name", sc.spdxDataPath), helpers.Error(err))
 		return nil
 	}
 	annotationes := sbom.GetAnnotations()
 	if val, ok := annotationes[instanceidhandlerV1.StatusMetadataKey]; ok {
 		if val == instanceidhandlerV1.Incomplete {
+			sc.status = instanceidhandlerV1.Incomplete
 			return SBOMIncomplete
-		} 
-	} 
+		}
+	}
 	return nil
-}
+}
diff --git a/pkg/sbom/v1/sbom_spdx_storage_format_test.go b/pkg/sbom/v1/sbom_spdx_storage_format_test.go
@@ -501,7 +501,6 @@ func TestParsedFilesBySourceInfoFiltered(t *testing.T) {
 		}
 	}
 
-
 	shouldNotBeSourcesInfo := []string{"acquired package info from ALPM DB: 1234, 456", "acquired package info from RPM DB: 1234, 456", "acquired package info from APK DB: 1234, 456", "acquired package info from DPKG DB: 1234, 456", "acquired package info from installed cocoapods manifest file: 1234, 456", "acquired package info from conan manifest: 1234, 456", "acquired package info from portage DB: 1234, 456", "acquired package info from nix store path: 123, 456"}
 	for i := range shouldNotBeSourcesInfo {
 		list := parsedFilesBySourceInfo(shouldNotBeSourcesInfo[i])
@@ -536,5 +535,7 @@ func TestSBOMIncomplete(t *testing.T) {
 	if err = SBOMData.ValidateSBOM(); err == nil {
 		t.Fatalf("SBOM should mark as incomplete")
 	}
-
-}
+	if SBOMData.status != instanceidhandlerV1.Incomplete {
+		t.Fatalf("SBOM status should be in complete")
+	}
+}