From 3c99950a960b068a91a657f25411a42277cc9e49 Mon Sep 17 00:00:00 2001 From: Dave Shrewsberry Date: Thu, 16 Oct 2025 15:26:18 -0400 Subject: [PATCH 1/3] X-Smart-Branch-Parent: release-4.9 From 485deec4791655761f28395ddd8a3352eb5d571f Mon Sep 17 00:00:00 2001 From: David Shrewsberry <99685630+dashrews78@users.noreply.github.com> Date: Wed, 15 Oct 2025 14:54:07 -0400 Subject: [PATCH 2/3] ROX-31173: do not embed component in resolver context (#17154) --- central/graphql/resolvers/image_components.go | 69 +-------- central/graphql/resolvers/image_scan.go | 137 +----------------- central/graphql/resolvers/image_scan_test.go | 5 + .../groovy/VulnScanWithGraphQLTest.groovy | 8 +- .../Entity/ConfigManagementEntityImage.jsx | 13 +- .../Entity/Image/VulnMgmtEntityImage.jsx | 4 +- .../Entity/Image/VulnMgmtImageOverview.jsx | 24 +-- ui/apps/platform/src/queries/image.js | 4 +- .../platform/src/utils/getEntityName.test.js | 2 +- 9 files changed, 39 insertions(+), 227 deletions(-) diff --git a/central/graphql/resolvers/image_components.go b/central/graphql/resolvers/image_components.go index aae60a5a53644..d6ee885fb75b0 100644 --- a/central/graphql/resolvers/image_components.go +++ b/central/graphql/resolvers/image_components.go @@ -21,7 +21,6 @@ import ( "github.com/stackrox/rox/pkg/features" pkgMetrics "github.com/stackrox/rox/pkg/metrics" "github.com/stackrox/rox/pkg/protocompat" - "github.com/stackrox/rox/pkg/scancomponent" "github.com/stackrox/rox/pkg/search" "github.com/stackrox/rox/pkg/search/scoped" "github.com/stackrox/rox/pkg/utils" @@ -413,39 +412,6 @@ func getImageCVEResolvers(ctx context.Context, root *Resolver, os string, vulns return paginate(query.GetPagination(), resolverI, nil) } -func getImageCVEV2Resolvers(ctx context.Context, root *Resolver, imageID string, component *storage.EmbeddedImageScanComponent, query *v1.Query) ([]ImageVulnerabilityResolver, error) { - query, _ = search.FilterQueryWithMap(query, mappings.VulnerabilityOptionsMap) - predicate, err := vulnPredicateFactory.GeneratePredicate(query) - if err != nil { - return nil, err - } - - componentID, err := scancomponent.ComponentIDV2(component, imageID) - if err != nil { - return nil, err - } - resolvers := make([]ImageVulnerabilityResolver, 0, len(component.GetVulns())) - for _, vuln := range component.GetVulns() { - if !predicate.Matches(vuln) { - continue - } - converted, err := cveConverter.EmbeddedVulnerabilityToImageCVEV2(imageID, componentID, vuln) - if err != nil { - return nil, err - } - - resolver, err := root.wrapImageCVEV2(converted, true, nil) - if err != nil { - return nil, err - } - resolver.ctx = embeddedobjs.VulnContext(ctx, vuln) - - resolvers = append(resolvers, resolver) - } - - return paginate(query.GetPagination(), resolvers, nil) -} - /* Sub Resolver Functions */ @@ -779,17 +745,7 @@ func (resolver *imageComponentV2Resolver) ImageVulnerabilities(ctx context.Conte resolver.ctx = ctx } - // Short path. Full image is embedded when image scan resolver is called. - embeddedComponent := embeddedobjs.ComponentFromContext(resolver.ctx) - if embeddedComponent == nil { - return resolver.root.ImageVulnerabilities(resolver.imageComponentScopeContext(ctx), args) - } - - query, err := args.AsV1QueryOrEmpty() - if err != nil { - return nil, err - } - return getImageCVEV2Resolvers(resolver.ctx, resolver.root, resolver.ImageId(resolver.ctx), embeddedComponent, query) + return resolver.root.ImageVulnerabilities(resolver.imageComponentScopeContext(ctx), args) } func (resolver *imageComponentV2Resolver) LastScanned(ctx context.Context) (*graphql.Time, error) { @@ -848,29 +804,6 @@ func (resolver *imageComponentV2Resolver) TopImageVulnerability(ctx context.Cont resolver.ctx = ctx } - // Short path. Full image is embedded when image scan resolver is called. - if embeddedComponent := embeddedobjs.ComponentFromContext(resolver.ctx); embeddedComponent != nil { - var topVuln *storage.EmbeddedVulnerability - for _, vuln := range embeddedComponent.GetVulns() { - if topVuln == nil || vuln.GetCvss() > topVuln.GetCvss() { - topVuln = vuln - } - } - if topVuln == nil { - return nil, nil - } - componentID, err := scancomponent.ComponentIDV2(embeddedComponent, resolver.ImageId(resolver.ctx)) - if err != nil { - return nil, err - } - - convertedTopVuln, err := cveConverter.EmbeddedVulnerabilityToImageCVEV2(resolver.ImageId(resolver.ctx), componentID, topVuln) - if err != nil { - return nil, err - } - return resolver.root.wrapImageCVEV2WithContext(resolver.ctx, convertedTopVuln, true, nil) - } - return resolver.root.TopImageVulnerability(resolver.imageComponentScopeContext(ctx), RawQuery{}) } diff --git a/central/graphql/resolvers/image_scan.go b/central/graphql/resolvers/image_scan.go index 05dd6e59f82e5..71badee3c693e 100644 --- a/central/graphql/resolvers/image_scan.go +++ b/central/graphql/resolvers/image_scan.go @@ -5,10 +5,8 @@ import ( "sort" "github.com/stackrox/rox/central/graphql/resolvers/embeddedobjs" - "github.com/stackrox/rox/central/graphql/resolvers/loaders" "github.com/stackrox/rox/central/image/datastore/store/common/v2" "github.com/stackrox/rox/central/image/mappings" - commonv2 "github.com/stackrox/rox/central/imagev2/datastore/store/common" v1 "github.com/stackrox/rox/generated/api/v1" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/features" @@ -26,13 +24,6 @@ func init() { "imageComponentCount(query: String): Int!", "imageComponents(query: String, pagination: Pagination): [ImageComponent!]!", }), - // deprecated fields - schema.AddExtraResolvers("ImageScan", []string{ - "componentCount(query: String): Int! " + - "@deprecated(reason: \"use 'imageComponentCount'\")", - "components(query: String, pagination: Pagination): [EmbeddedImageScanComponent!]! " + - "@deprecated(reason: \"use 'imageComponents'\")", - }), ) } @@ -42,7 +33,7 @@ func (resolver *imageScanResolver) ImageComponents(_ context.Context, args Pagin return nil, err } if features.FlattenCVEData.Enabled() { - return getImageComponentV2Resolvers(resolver.ctx, resolver.root, resolver.data, query) + return resolver.root.ImageComponents(resolver.ctx, args) } return getImageComponentResolvers(resolver.ctx, resolver.root, resolver.data, query) } @@ -94,129 +85,3 @@ func getImageComponentResolvers(ctx context.Context, root *Resolver, imageScan * } return paginate(query.GetPagination(), resolverI, nil) } - -func getImageComponentV2Resolvers(ctx context.Context, root *Resolver, imageScan *storage.ImageScan, query *v1.Query) ([]ImageComponentResolver, error) { - imageID := getImageIDFromScope(ctx) - if imageID == "" { - return nil, nil - } - - if features.FlattenImageData.Enabled() { - imageLoader, err := loaders.GetImageV2Loader(ctx) - if err != nil { - return nil, err - } - - image, err := imageLoader.FullImageWithID(ctx, imageID) - if err != nil { - return nil, err - } - - query, _ = search.FilterQueryWithMap(query, mappings.ComponentV2OptionsMap) - predicate, err := componentPredicateFactory.GeneratePredicate(query) - if err != nil { - return nil, err - } - - idToComponent := make(map[string]*imageComponentV2Resolver) - for _, embeddedComponent := range imageScan.GetComponents() { - if !predicate.Matches(embeddedComponent) { - continue - } - - os := imageScan.GetOperatingSystem() - id, err := scancomponent.ComponentIDV2(embeddedComponent, imageID) - if err != nil { - return nil, err - } - if _, exists := idToComponent[id]; !exists { - component, err := commonv2.GenerateImageComponentV2(os, image, embeddedComponent) - if err != nil { - return nil, err - } - - resolver, err := root.wrapImageComponentV2(component, true, nil) - if err != nil { - return nil, err - } - imageScanTime := protocompat.ConvertTimestampToTimeOrNil(imageScan.GetScanTime()) - resolver.ctx = embeddedobjs.ComponentContext(ctx, os, imageScanTime, embeddedComponent) - idToComponent[id] = resolver - } - } - - // For now, sort by IDs. - resolvers := make([]*imageComponentV2Resolver, 0, len(idToComponent)) - for _, component := range idToComponent { - resolvers = append(resolvers, component) - } - if len(query.GetPagination().GetSortOptions()) == 0 { - sort.SliceStable(resolvers, func(i, j int) bool { - return resolvers[i].data.GetId() < resolvers[j].data.GetId() - }) - } - resolverI := make([]ImageComponentResolver, 0, len(resolvers)) - for _, resolver := range resolvers { - resolverI = append(resolverI, resolver) - } - return paginate(query.GetPagination(), resolverI, nil) - } - imageLoader, err := loaders.GetImageLoader(ctx) - if err != nil { - return nil, err - } - - image, err := imageLoader.FullImageWithID(ctx, imageID) - if err != nil { - return nil, err - } - - query, _ = search.FilterQueryWithMap(query, mappings.ComponentV2OptionsMap) - predicate, err := componentPredicateFactory.GeneratePredicate(query) - if err != nil { - return nil, err - } - - idToComponent := make(map[string]*imageComponentV2Resolver) - for _, embeddedComponent := range imageScan.GetComponents() { - if !predicate.Matches(embeddedComponent) { - continue - } - - os := imageScan.GetOperatingSystem() - id, err := scancomponent.ComponentIDV2(embeddedComponent, imageID) - if err != nil { - return nil, err - } - if _, exists := idToComponent[id]; !exists { - component, err := common.GenerateImageComponentV2(os, image, embeddedComponent) - if err != nil { - return nil, err - } - - resolver, err := root.wrapImageComponentV2(component, true, nil) - if err != nil { - return nil, err - } - imageScanTime := protocompat.ConvertTimestampToTimeOrNil(imageScan.GetScanTime()) - resolver.ctx = embeddedobjs.ComponentContext(ctx, os, imageScanTime, embeddedComponent) - idToComponent[id] = resolver - } - } - - // For now, sort by IDs. - resolvers := make([]*imageComponentV2Resolver, 0, len(idToComponent)) - for _, component := range idToComponent { - resolvers = append(resolvers, component) - } - if len(query.GetPagination().GetSortOptions()) == 0 { - sort.SliceStable(resolvers, func(i, j int) bool { - return resolvers[i].data.GetId() < resolvers[j].data.GetId() - }) - } - resolverI := make([]ImageComponentResolver, 0, len(resolvers)) - for _, resolver := range resolvers { - resolverI = append(resolverI, resolver) - } - return paginate(query.GetPagination(), resolverI, nil) -} diff --git a/central/graphql/resolvers/image_scan_test.go b/central/graphql/resolvers/image_scan_test.go index 802a60619a3bb..1b35f1f1fde62 100644 --- a/central/graphql/resolvers/image_scan_test.go +++ b/central/graphql/resolvers/image_scan_test.go @@ -103,6 +103,11 @@ func (s *ImageScanResolverTestSuite) TestGetImagesWithScan() { Return([]*storage.Image{cloned}, nil) s.imageDataStore.EXPECT().GetImagesBatch(gomock.Any(), gomock.Any()). Return([]*storage.Image{img}, nil) + if features.FlattenCVEData.Enabled() { + s.imageComponentFlatView.EXPECT().Get(gomock.Any(), gomock.Any()).Return(nil, nil) + s.imageComponentDataStoreV2.EXPECT().SearchRawImageComponents(gomock.Any(), gomock.Any()). + Return(nil, nil) + } response := s.schema.Exec(s.ctx, imageWithScanQuery, "getImages", nil) s.Len(response.Errors, 0) } diff --git a/qa-tests-backend/src/test/groovy/VulnScanWithGraphQLTest.groovy b/qa-tests-backend/src/test/groovy/VulnScanWithGraphQLTest.groovy index 8f9fc597002f0..4c0e1663fa6c9 100644 --- a/qa-tests-backend/src/test/groovy/VulnScanWithGraphQLTest.groovy +++ b/qa-tests-backend/src/test/groovy/VulnScanWithGraphQLTest.groovy @@ -40,7 +40,7 @@ class VulnScanWithGraphQLTest extends BaseSpecification { tag } scan { - components { + imageComponents { name layerIndex version @@ -49,7 +49,7 @@ class VulnScanWithGraphQLTest extends BaseSpecification { type url } - vulns { + imageVulnerabilities { cve cvss link @@ -136,8 +136,8 @@ class VulnScanWithGraphQLTest extends BaseSpecification { then: assert resultRet.getValue() != null def image = resultRet.getValue().image - assert image?.scan?.components?.vulns != null - int cve = getCVEs(image.scan.components.vulns) + assert image?.scan?.imageComponents?.imageVulnerabilities != null + int cve = getCVEs(image.scan.imageComponents.imageVulnerabilities) assert cve >= vuln_cve where: "Data inputs are :" diff --git a/ui/apps/platform/src/Containers/ConfigManagement/Entity/ConfigManagementEntityImage.jsx b/ui/apps/platform/src/Containers/ConfigManagement/Entity/ConfigManagementEntityImage.jsx index 0fd7546df494d..65192d2d4a3ba 100644 --- a/ui/apps/platform/src/Containers/ConfigManagement/Entity/ConfigManagementEntityImage.jsx +++ b/ui/apps/platform/src/Containers/ConfigManagement/Entity/ConfigManagementEntityImage.jsx @@ -69,11 +69,11 @@ const ConfigManagementEntityImage = ({ tag } scan { - components { + imageComponents { name layerIndex version - vulns { + imageVulnerabilities { cve cvss link @@ -162,9 +162,14 @@ const ConfigManagementEntityImage = ({ layers.forEach((layer, i) => { layers[i].components = []; }); - scan.components.forEach((component) => { + scan.imageComponents.forEach((component) => { if (component.layerIndex !== undefined && layers[component.layerIndex]) { - layers[component.layerIndex].components.push(component); + // Transform imageVulnerabilities to vulns for CVETable compatibility + const transformedComponent = { + ...component, + vulns: component.imageVulnerabilities || [], + }; + layers[component.layerIndex].components.push(transformedComponent); } }); diff --git a/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtEntityImage.jsx b/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtEntityImage.jsx index 2ac84a0d17323..c4b83db70c277 100644 --- a/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtEntityImage.jsx +++ b/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtEntityImage.jsx @@ -67,7 +67,7 @@ const VulnMgmtEntityImage = ({ name } notes - components: imageComponents { + imageComponents { id priority name @@ -75,7 +75,7 @@ const VulnMgmtEntityImage = ({ version source location - vulns: imageVulnerabilities { + imageVulnerabilities { ...cveFields } } diff --git a/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtImageOverview.jsx b/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtImageOverview.jsx index d947307984269..2b09743811ec7 100644 --- a/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtImageOverview.jsx +++ b/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtImageOverview.jsx @@ -36,7 +36,7 @@ const emptyImage = { name: {}, priority: 0, scan: { - components: [], + imageComponents: [], }, topVuln: {}, vulnCount: 0, @@ -46,31 +46,35 @@ const VulnMgmtImageOverview = ({ data, entityContext }) => { // guard against incomplete GraphQL-cached data const safeData = { ...emptyImage, ...data }; const { metadata, scan, topVuln, priority, notes } = safeData; - safeData.componentCount = scan?.components?.length || 0; + safeData.componentCount = scan?.imageComponents?.length || 0; - // TODO: replace this hack with feature flag selection of components or imageComponents, - // after `layerIndex` is available on ImageComponent - safeData.imageComponentCount = scan?.components?.length || 0; + // Updated to use imageComponents now that layerIndex is available on ImageComponent + safeData.imageComponentCount = scan?.imageComponents?.length || 0; const layers = metadata ? cloneDeep(metadata.v1.layers) : []; const fixableCves = []; // If we have a scan, then we can try and assume we have layers - if (scan) { + if (scan && scan.imageComponents) { layers.forEach((layer, i) => { layers[i].components = []; layers[i].cvesCount = 0; }); - scan.components.forEach((component) => { - component.vulns.forEach((cve) => { + scan.imageComponents.forEach((component) => { + component.imageVulnerabilities.forEach((cve) => { if (cve.isFixable) { fixableCves.push(cve); } }); if (component.layerIndex !== undefined && layers[component.layerIndex]) { - layers[component.layerIndex].components.push(component); - layers[component.layerIndex].cvesCount += component.vulns.length; + // Transform imageVulnerabilities to vulns for CVETable compatibility + const transformedComponent = { + ...component, + vulns: component.imageVulnerabilities || [], + }; + layers[component.layerIndex].components.push(transformedComponent); + layers[component.layerIndex].cvesCount += component.imageVulnerabilities.length; } }); } diff --git a/ui/apps/platform/src/queries/image.js b/ui/apps/platform/src/queries/image.js index 434dd913edc09..c70cd9e92671d 100644 --- a/ui/apps/platform/src/queries/image.js +++ b/ui/apps/platform/src/queries/image.js @@ -29,11 +29,11 @@ export const IMAGE_FRAGMENT = gql` tag } scan { - components { + imageComponents { name layerIndex version - vulns { + imageVulnerabilities { cve cvss link diff --git a/ui/apps/platform/src/utils/getEntityName.test.js b/ui/apps/platform/src/utils/getEntityName.test.js index c318486563d47..2fe98ec2c5cff 100644 --- a/ui/apps/platform/src/utils/getEntityName.test.js +++ b/ui/apps/platform/src/utils/getEntityName.test.js @@ -163,7 +163,7 @@ describe('getEntityName', () => { component: { id: 'bGlieG1sMg:Mi45LjErZGZzZzEtNStkZWI4dTQ', name: 'libxml2', - __typename: 'EmbeddedImageScanComponent', + __typename: 'ImageComponent', }, }; From c4c030861f4c82083e9d00f1259ffb30986721ac Mon Sep 17 00:00:00 2001 From: David Shrewsberry <99685630+dashrews78@users.noreply.github.com> Date: Thu, 16 Oct 2025 15:22:36 -0400 Subject: [PATCH 3/3] ROX-31174: reverting ID back to index based (#17200) --- .../cve/converter/utils/convert_utils_v2.go | 7 +- .../converter/utils/convert_utils_v2_test.go | 27 +- .../image/v2/datastore/datastore_sac_test.go | 364 +++++++++--------- .../datastore/datastore_impl_postgres_test.go | 15 +- .../image_components_v2_postgres_test.go | 52 +-- .../image_vulnerabilities_v2_test.go | 48 +-- central/graphql/resolvers/test_utils.go | 14 +- central/image/datastore/datastore_impl.go | 16 +- .../datastore_impl_flat_postgres_test.go | 16 +- .../datastore/store/common/v2/parts_test.go | 208 ++++++++-- .../datastore/store/common/v2/split_v2.go | 33 +- .../v2/datastore/datastore_sac_test.go | 17 +- central/imagev2/datastore/datastore_impl.go | 16 +- .../imagev2/datastore/datastore_impl_test.go | 16 +- .../datastore/store/common/parts_test.go | 160 ++++++-- .../imagev2/datastore/store/common/split.go | 33 +- central/risk/manager/manager.go | 22 +- .../scorer/component/image/scorer_test.go | 2 +- central/risk/scorer/component/image_scorer.go | 10 +- .../nodeindex/three_pipelines_test.go | 2 +- .../nodeinventory/two_pipelines_test.go | 2 +- central/views/imagecveflat/view_test.go | 14 +- pkg/cve/cve.go | 12 +- pkg/scancomponent/component_id.go | 20 +- 24 files changed, 636 insertions(+), 490 deletions(-) diff --git a/central/cve/converter/utils/convert_utils_v2.go b/central/cve/converter/utils/convert_utils_v2.go index 515924ed82224..0c4686297ce9c 100644 --- a/central/cve/converter/utils/convert_utils_v2.go +++ b/central/cve/converter/utils/convert_utils_v2.go @@ -51,7 +51,7 @@ func ImageCVEV2ToEmbeddedVulnerability(vuln *storage.ImageCVEV2) *storage.Embedd } // EmbeddedVulnerabilityToImageCVEV2 converts *storage.EmbeddedVulnerability object to *storage.ImageCVEV2 object -func EmbeddedVulnerabilityToImageCVEV2(imageID string, componentID string, from *storage.EmbeddedVulnerability) (*storage.ImageCVEV2, error) { +func EmbeddedVulnerabilityToImageCVEV2(imageID string, componentID string, index int, from *storage.EmbeddedVulnerability) (*storage.ImageCVEV2, error) { var nvdCvss float32 nvdVersion := storage.CvssScoreVersion_UNKNOWN_VERSION for _, score := range from.GetCvssMetrics() { @@ -76,10 +76,7 @@ func EmbeddedVulnerabilityToImageCVEV2(imageID string, componentID string, from impactScore = from.GetCvssV2().GetImpactScore() } - cveID, err := cve.IDV2(from, componentID) - if err != nil { - return nil, err - } + cveID := cve.IDV2(from, componentID, index) ret := &storage.ImageCVEV2{ Id: cveID, diff --git a/central/cve/converter/utils/convert_utils_v2_test.go b/central/cve/converter/utils/convert_utils_v2_test.go index fc108f13921f9..0bf10ac6b1f02 100644 --- a/central/cve/converter/utils/convert_utils_v2_test.go +++ b/central/cve/converter/utils/convert_utils_v2_test.go @@ -9,7 +9,6 @@ import ( "github.com/stackrox/rox/pkg/protocompat" "github.com/stackrox/rox/pkg/scancomponent" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) type componentPieces struct { @@ -144,28 +143,24 @@ func TestImageCVEV2ToEmbeddedCVEs(t *testing.T) { func TestEmbeddedCVEToImageCVEV2(t *testing.T) { for idx, embeddedVuln := range testVulns { componentInfo := getComponentInfo(t) - convertedVuln, err := EmbeddedVulnerabilityToImageCVEV2(componentInfo[idx].imageID, componentInfo[idx].componentID, embeddedVuln) + convertedVuln, err := EmbeddedVulnerabilityToImageCVEV2(componentInfo[idx].imageID, componentInfo[idx].componentID, idx, embeddedVuln) assert.NoError(t, err) protoassert.Equal(t, getTestCVEs(t)[idx], convertedVuln) } } -func getTestComponentID(t *testing.T) string { - id, err := scancomponent.ComponentIDV2(testComponent, "sha") - require.NoError(t, err) - return id +func getTestComponentID(index int) string { + return scancomponent.ComponentIDV2(testComponent, "sha", index) } -func getTestCVEID(t *testing.T, testCVE *storage.EmbeddedVulnerability, componentID string) string { - id, err := cve.IDV2(testCVE, componentID) - require.NoError(t, err) - return id +func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string, index int) string { + return cve.IDV2(testCVE, componentID, index) } func getTestCVEs(t *testing.T) []*storage.ImageCVEV2 { return []*storage.ImageCVEV2{ { - Id: getTestCVEID(t, testVulns[0], getTestComponentID(t)), + Id: getTestCVEID(testVulns[0], getTestComponentID(0), 0), ImageId: "sha", CveBaseInfo: &storage.CVEInfo{ Cve: "cve1", @@ -229,10 +224,10 @@ func getTestCVEs(t *testing.T) []*storage.ImageCVEV2 { State: 0, IsFixable: false, HasFixedBy: nil, - ComponentId: getTestComponentID(t), + ComponentId: getTestComponentID(0), }, { - Id: getTestCVEID(t, testVulns[1], getTestComponentID(t)), + Id: getTestCVEID(testVulns[1], getTestComponentID(1), 1), ImageId: "sha", CveBaseInfo: &storage.CVEInfo{ Cve: "cve2", @@ -271,7 +266,7 @@ func getTestCVEs(t *testing.T) []*storage.ImageCVEV2 { HasFixedBy: &storage.ImageCVEV2_FixedBy{ FixedBy: "ver3", }, - ComponentId: getTestComponentID(t), + ComponentId: getTestComponentID(1), }, } } @@ -280,12 +275,12 @@ func getComponentInfo(t *testing.T) []*componentPieces { return []*componentPieces{ { imageID: "sha", - componentID: getTestComponentID(t), + componentID: getTestComponentID(0), cveIndex: 0, }, { imageID: "sha", - componentID: getTestComponentID(t), + componentID: getTestComponentID(1), cveIndex: 1, }, } diff --git a/central/cve/image/v2/datastore/datastore_sac_test.go b/central/cve/image/v2/datastore/datastore_sac_test.go index 92a9afa6734a9..0e7b44e3ba8cf 100644 --- a/central/cve/image/v2/datastore/datastore_sac_test.go +++ b/central/cve/image/v2/datastore/datastore_sac_test.go @@ -54,9 +54,9 @@ func (s *cveV2DataStoreSACTestSuite) SetupSuite() { // operating system information as well. This information is propagated from the image // scan data. // This helper is here to ease testing against the various datastore flavours. -func getImageCVEID(vuln *storage.EmbeddedVulnerability, component *storage.EmbeddedImageScanComponent, imageID string) string { - componentID, _ := scancomponent.ComponentIDV2(component, imageID) - cveID, _ := cve.IDV2(vuln, componentID) +func getImageCVEID(vuln *storage.EmbeddedVulnerability, component *storage.EmbeddedImageScanComponent, imageID string, componentIndex int, cveIndex int) string { + componentID := scancomponent.ComponentIDV2(component, imageID, componentIndex) + cveID := cve.IDV2(vuln, componentID, cveIndex) return cveID } @@ -74,241 +74,241 @@ var ( { contextKey: sacTestUtils.UnrestrictedReadCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): true, }, }, { contextKey: sacTestUtils.UnrestrictedReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): true, }, }, { contextKey: sacTestUtils.Cluster1ReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster1NamespaceAReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster1NamespaceBReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster1NamespacesABReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster1NamespacesBCReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster2ReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): true, }, }, { contextKey: sacTestUtils.Cluster2NamespaceAReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster2NamespaceBReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): true, }, }, { contextKey: sacTestUtils.Cluster2NamespacesACReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster2NamespacesBCReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): true, }, }, { contextKey: sacTestUtils.Cluster3ReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster3NamespaceAReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster3NamespaceBReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster3NamespacesABReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { @@ -317,16 +317,16 @@ var ( // Therefore, it should see all vulnerabilities. // (images are in cluster1 namespaceA and cluster2 namespaceB). expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): true, }, }, } @@ -334,7 +334,7 @@ var ( func (s *cveV2DataStoreSACTestSuite) TestSACImageCVEExistsSingleScopeOnly() { // Inject the fixture graph, and test exists for CVE-1234-0001 - cveID := getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()) + cveID := getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0) s.runImageTest("TestSACImageCVEExistsSingleScopeOnly", func(c cveTestCase) { testCtx := s.imageTestContexts[c.contextKey] exists, err := s.imageCVEStore.Exists(testCtx, cveID) @@ -347,7 +347,7 @@ func (s *cveV2DataStoreSACTestSuite) TestSACImageCVEGetSingleScopeOnly() { // Inject the fixture graph, and test retrieval for CVE-1234-0001 targetCVE := fixtures.GetEmbeddedImageCVE1234x0001() cveName := targetCVE.GetCve() - cveID := getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()) + cveID := getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0) cvss := targetCVE.GetCvss() s.runImageTest("TestSACImageCVEGetSingleScopeOnly", func(c cveTestCase) { testCtx := s.imageTestContexts[c.contextKey] @@ -366,13 +366,13 @@ func (s *cveV2DataStoreSACTestSuite) TestSACImageCVEGetSingleScopeOnly() { func (s *cveV2DataStoreSACTestSuite) TestSACImageCVEGetBatch() { batchCVEs := []string{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()), - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()), - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()), - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()), - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()), - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()), - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()), + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0), + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1), + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0), + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0), + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1), + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1), + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2), } s.runImageTest("TestSACImageCVEGetBatch", func(c cveTestCase) { diff --git a/central/deployment/datastore/datastore_impl_postgres_test.go b/central/deployment/datastore/datastore_impl_postgres_test.go index 06fa095c0a809..8bc4d518a7d01 100644 --- a/central/deployment/datastore/datastore_impl_postgres_test.go +++ b/central/deployment/datastore/datastore_impl_postgres_test.go @@ -83,19 +83,16 @@ func (s *DeploymentPostgresDataStoreTestSuite) TestSearchWithPostgres() { s.NoError(s.deploymentDatastore.UpsertDeployment(ctx, dep2)) s.NoError(s.deploymentDatastore.UpsertDeployment(ctx, dep3)) - componentIDImg2, err := scancomponent.ComponentIDV2( + componentIDImg2 := scancomponent.ComponentIDV2( img2.GetScan().GetComponents()[0], - img2.GetId()) - s.NoError(err) + img2.GetId(), 0) - componentIDImg1, err := scancomponent.ComponentIDV2( + componentIDImg1 := scancomponent.ComponentIDV2( img1.GetScan().GetComponents()[0], - img1.GetId()) - s.NoError(err) - cveID, err := cve.IDV2( + img1.GetId(), 0) + cveID := cve.IDV2( img1.GetScan().GetComponents()[0].GetVulns()[0], - componentIDImg1) - s.NoError(err) + componentIDImg1, 0) for _, tc := range []struct { desc string diff --git a/central/graphql/resolvers/image_components_v2_postgres_test.go b/central/graphql/resolvers/image_components_v2_postgres_test.go index 02755973e6e94..fc3f955a08952 100644 --- a/central/graphql/resolvers/image_components_v2_postgres_test.go +++ b/central/graphql/resolvers/image_components_v2_postgres_test.go @@ -364,12 +364,12 @@ func (s *GraphQLImageComponentV2TestSuite) TestImageComponentImageVulnerabilitie "comp1os1", s.componentIDMap[comp11], []string{ - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2018-1", + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2018-1", SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ FixedBy: "1.1", }, Severity: storage.VulnerabilitySeverity_CRITICAL_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp11]), + }, s.componentIDMap[comp11], 0), }, &VulnerabilityCounterResolver{ all: &VulnerabilityFixableCounterResolver{0, 1}, @@ -383,12 +383,12 @@ func (s *GraphQLImageComponentV2TestSuite) TestImageComponentImageVulnerabilitie "comp2os1", s.componentIDMap[comp21], []string{ - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2018-1", + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2018-1", SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ FixedBy: "1.5", }, Severity: storage.VulnerabilitySeverity_CRITICAL_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp21]), + }, s.componentIDMap[comp21], 0), }, &VulnerabilityCounterResolver{ all: &VulnerabilityFixableCounterResolver{0, 1}, @@ -402,14 +402,14 @@ func (s *GraphQLImageComponentV2TestSuite) TestImageComponentImageVulnerabilitie "comp3os1", s.componentIDMap[comp31], []string{ - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-1", + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-1", Cvss: 4, Severity: storage.VulnerabilitySeverity_MODERATE_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp31]), - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-2", + }, s.componentIDMap[comp31], 0), + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-2", Cvss: 3, Severity: storage.VulnerabilitySeverity_LOW_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp31]), + }, s.componentIDMap[comp31], 1), }, &VulnerabilityCounterResolver{ all: &VulnerabilityFixableCounterResolver{0, 0}, @@ -423,12 +423,12 @@ func (s *GraphQLImageComponentV2TestSuite) TestImageComponentImageVulnerabilitie "comp1os2", s.componentIDMap[comp12], []string{ - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2018-1", + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2018-1", SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ FixedBy: "1.1", }, Severity: storage.VulnerabilitySeverity_CRITICAL_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp12]), + }, s.componentIDMap[comp12], 0), }, &VulnerabilityCounterResolver{ all: &VulnerabilityFixableCounterResolver{0, 1}, @@ -442,14 +442,14 @@ func (s *GraphQLImageComponentV2TestSuite) TestImageComponentImageVulnerabilitie "comp3os2", s.componentIDMap[comp32], []string{ - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-1", + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-1", Cvss: 4, Severity: storage.VulnerabilitySeverity_MODERATE_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp32]), - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-2", + }, s.componentIDMap[comp32], 0), + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-2", Cvss: 3, Severity: storage.VulnerabilitySeverity_LOW_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp32]), + }, s.componentIDMap[comp32], 1), }, &VulnerabilityCounterResolver{ all: &VulnerabilityFixableCounterResolver{0, 0}, @@ -463,14 +463,14 @@ func (s *GraphQLImageComponentV2TestSuite) TestImageComponentImageVulnerabilitie "comp4os2", s.componentIDMap[comp42], []string{ - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{ + getTestCVEID(&storage.EmbeddedVulnerability{ Cve: "cve-2017-1", Severity: storage.VulnerabilitySeverity_IMPORTANT_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp42]), - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{ + }, s.componentIDMap[comp42], 0), + getTestCVEID(&storage.EmbeddedVulnerability{ Cve: "cve-2017-2", Severity: storage.VulnerabilitySeverity_IMPORTANT_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp42]), + }, s.componentIDMap[comp42], 1), }, &VulnerabilityCounterResolver{ all: &VulnerabilityFixableCounterResolver{0, 0}, @@ -566,10 +566,10 @@ func (s *GraphQLImageComponentV2TestSuite) TestTopImageVulnerability() { comp := s.getImageComponentResolver(ctx, s.componentIDMap[comp31]) - expectedID := graphql.ID(getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-1", + expectedID := graphql.ID(getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-1", Cvss: 4, Severity: storage.VulnerabilitySeverity_MODERATE_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp31])) + }, s.componentIDMap[comp31], 0)) vuln, err := comp.TopImageVulnerability(ctx) assert.NoError(s.T(), err) @@ -595,11 +595,11 @@ func (s *GraphQLImageComponentV2TestSuite) getImageComponentResolver(ctx context func (s *GraphQLImageComponentV2TestSuite) getComponentIDMap() map[string]string { return map[string]string{ - comp11: getTestComponentID(s.T(), testImages()[0].GetScan().GetComponents()[0], "sha1"), - comp12: getTestComponentID(s.T(), testImages()[1].GetScan().GetComponents()[0], "sha2"), - comp21: getTestComponentID(s.T(), testImages()[0].GetScan().GetComponents()[1], "sha1"), - comp31: getTestComponentID(s.T(), testImages()[0].GetScan().GetComponents()[2], "sha1"), - comp32: getTestComponentID(s.T(), testImages()[1].GetScan().GetComponents()[1], "sha2"), - comp42: getTestComponentID(s.T(), testImages()[1].GetScan().GetComponents()[2], "sha2"), + comp11: getTestComponentID(testImages()[0].GetScan().GetComponents()[0], "sha1", 0), + comp12: getTestComponentID(testImages()[1].GetScan().GetComponents()[0], "sha2", 0), + comp21: getTestComponentID(testImages()[0].GetScan().GetComponents()[1], "sha1", 1), + comp31: getTestComponentID(testImages()[0].GetScan().GetComponents()[2], "sha1", 2), + comp32: getTestComponentID(testImages()[1].GetScan().GetComponents()[1], "sha2", 1), + comp42: getTestComponentID(testImages()[1].GetScan().GetComponents()[2], "sha2", 2), } } diff --git a/central/graphql/resolvers/image_vulnerabilities_v2_test.go b/central/graphql/resolvers/image_vulnerabilities_v2_test.go index 29e79703ad8fa..ae7dfe9080f3a 100644 --- a/central/graphql/resolvers/image_vulnerabilities_v2_test.go +++ b/central/graphql/resolvers/image_vulnerabilities_v2_test.go @@ -718,56 +718,56 @@ func getCVEList(ctx context.Context, vulns []ImageVulnerabilityResolver) []strin func (s *GraphQLImageVulnerabilityV2TestSuite) getIDMap() map[string]string { return map[string]string{ - cve111: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2018-1", + cve111: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2018-1", SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ FixedBy: "1.1", }, Severity: storage.VulnerabilitySeverity_CRITICAL_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp11]), - cve121: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2018-1", + }, s.componentIDMap[comp11], 0), + cve121: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2018-1", SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ FixedBy: "1.5", }, Severity: storage.VulnerabilitySeverity_CRITICAL_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp21]), - cve231: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-1", + }, s.componentIDMap[comp21], 0), + cve231: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-1", Cvss: 4, Severity: storage.VulnerabilitySeverity_MODERATE_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp31]), - cve331: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-2", + }, s.componentIDMap[comp31], 0), + cve331: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-2", Cvss: 3, Severity: storage.VulnerabilitySeverity_LOW_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp31]), - cve112: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2018-1", + }, s.componentIDMap[comp31], 1), + cve112: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2018-1", SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ FixedBy: "1.1", }, Severity: storage.VulnerabilitySeverity_CRITICAL_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp12]), - cve232: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-1", + }, s.componentIDMap[comp12], 0), + cve232: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-1", Severity: storage.VulnerabilitySeverity_MODERATE_VULNERABILITY_SEVERITY, Cvss: 4, - }, s.componentIDMap[comp32]), - cve332: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-2", + }, s.componentIDMap[comp32], 0), + cve332: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-2", Severity: storage.VulnerabilitySeverity_LOW_VULNERABILITY_SEVERITY, Cvss: 3, - }, s.componentIDMap[comp32]), - cve442: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2017-1", + }, s.componentIDMap[comp32], 1), + cve442: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2017-1", Severity: storage.VulnerabilitySeverity_IMPORTANT_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp42]), - cve542: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2017-2", + }, s.componentIDMap[comp42], 0), + cve542: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2017-2", Severity: storage.VulnerabilitySeverity_IMPORTANT_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp42]), + }, s.componentIDMap[comp42], 1), } } func (s *GraphQLImageVulnerabilityV2TestSuite) getComponentIDMap() map[string]string { return map[string]string{ - comp11: getTestComponentID(s.T(), testImages()[0].GetScan().GetComponents()[0], "sha1"), - comp12: getTestComponentID(s.T(), testImages()[1].GetScan().GetComponents()[0], "sha2"), - comp21: getTestComponentID(s.T(), testImages()[0].GetScan().GetComponents()[1], "sha1"), - comp31: getTestComponentID(s.T(), testImages()[0].GetScan().GetComponents()[2], "sha1"), - comp32: getTestComponentID(s.T(), testImages()[1].GetScan().GetComponents()[1], "sha2"), - comp42: getTestComponentID(s.T(), testImages()[1].GetScan().GetComponents()[2], "sha2"), + comp11: getTestComponentID(testImages()[0].GetScan().GetComponents()[0], "sha1", 0), + comp12: getTestComponentID(testImages()[1].GetScan().GetComponents()[0], "sha2", 0), + comp21: getTestComponentID(testImages()[0].GetScan().GetComponents()[1], "sha1", 1), + comp31: getTestComponentID(testImages()[0].GetScan().GetComponents()[2], "sha1", 2), + comp32: getTestComponentID(testImages()[1].GetScan().GetComponents()[1], "sha2", 1), + comp42: getTestComponentID(testImages()[1].GetScan().GetComponents()[2], "sha2", 2), } } diff --git a/central/graphql/resolvers/test_utils.go b/central/graphql/resolvers/test_utils.go index 8693c03d9d35f..3ec198c91bb98 100644 --- a/central/graphql/resolvers/test_utils.go +++ b/central/graphql/resolvers/test_utils.go @@ -753,16 +753,10 @@ func contextWithClusterPerm(t testing.TB, ctrl *gomock.Controller) context.Conte return authn.ContextWithIdentity(sac.WithAllAccess(loaders.WithLoaderContext(context.Background())), id, t) } -func getTestComponentID(t *testing.T, testComponent *storage.EmbeddedImageScanComponent, imageID string) string { - id, err := scancomponent.ComponentIDV2(testComponent, imageID) - require.NoError(t, err) - - return id +func getTestComponentID(testComponent *storage.EmbeddedImageScanComponent, imageID string, index int) string { + return scancomponent.ComponentIDV2(testComponent, imageID, index) } -func getTestCVEID(t *testing.T, testCVE *storage.EmbeddedVulnerability, componentID string) string { - id, err := cve.IDV2(testCVE, componentID) - require.NoError(t, err) - - return id +func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string, index int) string { + return cve.IDV2(testCVE, componentID, index) } diff --git a/central/image/datastore/datastore_impl.go b/central/image/datastore/datastore_impl.go index e135d6f88d6ad..4731c4fd07713 100644 --- a/central/image/datastore/datastore_impl.go +++ b/central/image/datastore/datastore_impl.go @@ -363,13 +363,9 @@ func (ds *datastoreImpl) updateListImagePriority(images ...*storage.ListImage) { func (ds *datastoreImpl) updateImagePriority(images ...*storage.Image) { for _, image := range images { image.Priority = ds.imageRanker.GetRankForID(image.GetId()) - for _, component := range image.GetScan().GetComponents() { + for index, component := range image.GetScan().GetComponents() { if features.FlattenCVEData.Enabled() { - componentID, err := scancomponent.ComponentIDV2(component, image.GetId()) - if err != nil { - log.Error(err) - continue - } + componentID := scancomponent.ComponentIDV2(component, image.GetId(), index) component.Priority = ds.imageComponentRanker.GetRankForID(componentID) } else { component.Priority = ds.imageComponentRanker.GetRankForID(scancomponent.ComponentID(component.GetName(), component.GetVersion(), image.GetScan().GetOperatingSystem())) @@ -379,13 +375,9 @@ func (ds *datastoreImpl) updateImagePriority(images ...*storage.Image) { } func (ds *datastoreImpl) updateComponentRisk(image *storage.Image) { - for _, component := range image.GetScan().GetComponents() { + for index, component := range image.GetScan().GetComponents() { if features.FlattenCVEData.Enabled() { - componentID, err := scancomponent.ComponentIDV2(component, image.GetId()) - if err != nil { - log.Error(err) - continue - } + componentID := scancomponent.ComponentIDV2(component, image.GetId(), index) component.RiskScore = ds.imageComponentRanker.GetScoreForID(componentID) } else { component.RiskScore = ds.imageComponentRanker.GetScoreForID(scancomponent.ComponentID(component.GetName(), component.GetVersion(), image.GetScan().GetOperatingSystem())) diff --git a/central/image/datastore/datastore_impl_flat_postgres_test.go b/central/image/datastore/datastore_impl_flat_postgres_test.go index dff52391092ef..e4f9a59aba837 100644 --- a/central/image/datastore/datastore_impl_flat_postgres_test.go +++ b/central/image/datastore/datastore_impl_flat_postgres_test.go @@ -302,12 +302,12 @@ func (s *ImageFlatPostgresDataStoreTestSuite) TestSortByComponent() { ctx := sac.WithAllAccess(context.Background()) image := fixtures.GetImageWithUniqueComponents(5) componentIDs := make([]string, 0, len(image.GetScan().GetComponents())) - for _, component := range image.GetScan().GetComponents() { - compID, err := scancomponent.ComponentIDV2( + for index, component := range image.GetScan().GetComponents() { + compID := scancomponent.ComponentIDV2( component, image.GetId(), + index, ) - s.NoError(err) componentIDs = append(componentIDs, compID) } @@ -362,12 +362,10 @@ func (s *ImageFlatPostgresDataStoreTestSuite) TestImageDeletes() { testImage.Scan.ScanTime = protocompat.TimestampNow() testImage.Scan.Components = testImage.Scan.Components[:len(testImage.Scan.Components)-1] cveIDsSet := set.NewStringSet() - for _, component := range testImage.GetScan().GetComponents() { - componentID, err := scancomponent.ComponentIDV2(component, testImage.GetId()) - s.NoError(err) - for _, cve := range component.GetVulns() { - cveID, err := pkgCVE.IDV2(cve, componentID) - s.NoError(err) + for compIndex, component := range testImage.GetScan().GetComponents() { + componentID := scancomponent.ComponentIDV2(component, testImage.GetId(), compIndex) + for cveIndex, cve := range component.GetVulns() { + cveID := pkgCVE.IDV2(cve, componentID, cveIndex) cveIDsSet.Add(cveID) } } diff --git a/central/image/datastore/store/common/v2/parts_test.go b/central/image/datastore/store/common/v2/parts_test.go index 1264cafb01b6b..7c1b9e7250e42 100644 --- a/central/image/datastore/store/common/v2/parts_test.go +++ b/central/image/datastore/store/common/v2/parts_test.go @@ -166,13 +166,13 @@ func TestSplitAndMergeImage(t *testing.T) { }, }, SetComponents: &storage.Image_Components{ - Components: 3, + Components: 4, }, SetCves: &storage.Image_Cves{ - Cves: 4, + Cves: 7, }, SetFixable: &storage.Image_FixableCves{ - FixableCves: 2, + FixableCves: 4, }, Scan: &storage.ImageScan{ ScanTime: ts, @@ -292,13 +292,13 @@ func TestSplitAndMergeImage(t *testing.T) { ScanTime: ts, }, SetComponents: &storage.Image_Components{ - Components: 3, + Components: 4, }, SetCves: &storage.Image_Cves{ - Cves: 4, + Cves: 7, }, SetFixable: &storage.Image_FixableCves{ - FixableCves: 2, + FixableCves: 4, }, }, ImageCVEEdges: map[string]*storage.ImageCVEEdge{ @@ -321,7 +321,7 @@ func TestSplitAndMergeImage(t *testing.T) { Version: "ver1", }, ComponentV2: &storage.ImageComponentV2{ - Id: getTestComponentID(testComponents[0], "sha"), + Id: getTestComponentID(testComponents[0], "sha", 0), Name: "comp1", Version: "ver1", ImageId: "sha", @@ -346,7 +346,7 @@ func TestSplitAndMergeImage(t *testing.T) { Version: "ver2", }, ComponentV2: &storage.ImageComponentV2{ - Id: getTestComponentID(testComponents[1], "sha"), + Id: getTestComponentID(testComponents[1], "sha", 1), Name: "comp1", Version: "ver2", ImageId: "sha", @@ -378,7 +378,7 @@ func TestSplitAndMergeImage(t *testing.T) { ImageCveId: cve.ID("cve1", ""), }, CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(testCVEs["cve1comp1"], getTestComponentID(testComponents[1], "sha")), + Id: getTestCVEID(testCVEs["cve1comp1"], getTestComponentID(testComponents[1], "sha", 1), 0), ImageId: "sha", CveBaseInfo: &storage.CVEInfo{ Cve: "cve1", @@ -386,7 +386,7 @@ func TestSplitAndMergeImage(t *testing.T) { }, NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(testComponents[1], "sha"), + ComponentId: getTestComponentID(testComponents[1], "sha", 1), }, }, { @@ -408,7 +408,7 @@ func TestSplitAndMergeImage(t *testing.T) { IsFixable: true, }, CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(testCVEs["cve2comp1"], getTestComponentID(testComponents[1], "sha")), + Id: getTestCVEID(testCVEs["cve2comp1"], getTestComponentID(testComponents[1], "sha", 1), 1), ImageId: "sha", CveBaseInfo: &storage.CVEInfo{ Cve: "cve2", @@ -420,7 +420,41 @@ func TestSplitAndMergeImage(t *testing.T) { }, IsFixable: true, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(testComponents[1], "sha"), + ComponentId: getTestComponentID(testComponents[1], "sha", 1), + }, + }, + { + CVE: &storage.ImageCVE{ + Id: cve.ID("cve2", ""), + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve2", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + }, + Edge: &storage.ComponentCVEEdge{ + Id: pgSearch.IDFromPks([]string{scancomponent.ComponentID("comp1", "ver2", ""), cve.ID("cve2", "")}), + ImageComponentId: scancomponent.ComponentID("comp1", "ver2", ""), + ImageCveId: cve.ID("cve2", ""), + HasFixedBy: &storage.ComponentCVEEdge_FixedBy{ + FixedBy: "ver3", + }, + IsFixable: true, + }, + CVEV2: &storage.ImageCVEV2{ + Id: getTestCVEID(testCVEs["cve2comp1"], getTestComponentID(testComponents[1], "sha", 1), 2), + ImageId: "sha", + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve2", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + HasFixedBy: &storage.ImageCVEV2_FixedBy{ + FixedBy: "ver3", + }, + IsFixable: true, + FirstImageOccurrence: ts, + ComponentId: getTestComponentID(testComponents[1], "sha", 1), }, }, }, @@ -432,7 +466,7 @@ func TestSplitAndMergeImage(t *testing.T) { Version: "ver1", }, ComponentV2: &storage.ImageComponentV2{ - Id: getTestComponentID(testComponents[2], "sha"), + Id: getTestComponentID(testComponents[2], "sha", 2), Name: "comp2", Version: "ver1", ImageId: "sha", @@ -468,7 +502,7 @@ func TestSplitAndMergeImage(t *testing.T) { IsFixable: true, }, CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(testCVEs["cve1comp2"], getTestComponentID(testComponents[2], "sha")), + Id: getTestCVEID(testCVEs["cve1comp2"], getTestComponentID(testComponents[2], "sha", 2), 0), ImageId: "sha", CveBaseInfo: &storage.CVEInfo{ Cve: "cve1", @@ -480,7 +514,7 @@ func TestSplitAndMergeImage(t *testing.T) { }, IsFixable: true, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(testComponents[2], "sha"), + ComponentId: getTestComponentID(testComponents[2], "sha", 2), }, }, { @@ -498,7 +532,7 @@ func TestSplitAndMergeImage(t *testing.T) { ImageCveId: cve.ID("cve2", ""), }, CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(testCVEs["cve2comp2"], getTestComponentID(testComponents[2], "sha")), + Id: getTestCVEID(testCVEs["cve2comp2"], getTestComponentID(testComponents[2], "sha", 2), 1), ImageId: "sha", CveBaseInfo: &storage.CVEInfo{ Cve: "cve2", @@ -506,7 +540,93 @@ func TestSplitAndMergeImage(t *testing.T) { }, NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(testComponents[2], "sha"), + ComponentId: getTestComponentID(testComponents[2], "sha", 2), + }, + }, + }, + }, + { + Component: &storage.ImageComponent{ + Id: scancomponent.ComponentID("comp2", "ver1", ""), + Name: "comp2", + Version: "ver1", + }, + ComponentV2: &storage.ImageComponentV2{ + Id: getTestComponentID(testComponents[2], "sha", 3), + Name: "comp2", + Version: "ver1", + ImageId: "sha", + HasLayerIndex: &storage.ImageComponentV2_LayerIndex{ + LayerIndex: 2, + }, + }, + Edge: &storage.ImageComponentEdge{ + Id: pgSearch.IDFromPks([]string{"sha", scancomponent.ComponentID("comp2", "ver1", "")}), + ImageId: "sha", + ImageComponentId: scancomponent.ComponentID("comp2", "ver1", ""), + HasLayerIndex: &storage.ImageComponentEdge_LayerIndex{ + LayerIndex: 2, + }, + }, + Children: []CVEParts{ + { + CVE: &storage.ImageCVE{ + Id: cve.ID("cve1", ""), + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve1", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + }, + Edge: &storage.ComponentCVEEdge{ + Id: pgSearch.IDFromPks([]string{scancomponent.ComponentID("comp2", "ver1", ""), cve.ID("cve1", "")}), + ImageComponentId: scancomponent.ComponentID("comp2", "ver1", ""), + ImageCveId: cve.ID("cve1", ""), + HasFixedBy: &storage.ComponentCVEEdge_FixedBy{ + FixedBy: "ver2", + }, + IsFixable: true, + }, + CVEV2: &storage.ImageCVEV2{ + Id: getTestCVEID(testCVEs["cve1comp2"], getTestComponentID(testComponents[2], "sha", 3), 0), + ImageId: "sha", + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve1", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + HasFixedBy: &storage.ImageCVEV2_FixedBy{ + FixedBy: "ver2", + }, + IsFixable: true, + FirstImageOccurrence: ts, + ComponentId: getTestComponentID(testComponents[2], "sha", 3), + }, + }, + { + CVE: &storage.ImageCVE{ + Id: cve.ID("cve2", ""), + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve2", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + }, + Edge: &storage.ComponentCVEEdge{ + Id: pgSearch.IDFromPks([]string{scancomponent.ComponentID("comp2", "ver1", ""), cve.ID("cve2", "")}), + ImageComponentId: scancomponent.ComponentID("comp2", "ver1", ""), + ImageCveId: cve.ID("cve2", ""), + }, + CVEV2: &storage.ImageCVEV2{ + Id: getTestCVEID(testCVEs["cve2comp2"], getTestComponentID(testComponents[2], "sha", 3), 1), + ImageId: "sha", + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve2", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + FirstImageOccurrence: ts, + ComponentId: getTestComponentID(testComponents[2], "sha", 3), }, }, }, @@ -558,16 +678,12 @@ func TestSplitAndMergeImage(t *testing.T) { protoassert.Equal(t, dedupedImage(), imageActual) } -func getTestComponentID(testComponent *storage.EmbeddedImageScanComponent, imageID string) string { - id, _ := scancomponent.ComponentIDV2(testComponent, imageID) - - return id +func getTestComponentID(testComponent *storage.EmbeddedImageScanComponent, imageID string, index int) string { + return scancomponent.ComponentIDV2(testComponent, imageID, index) } -func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string) string { - id, _ := cve.IDV2(testCVE, componentID) - - return id +func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string, index int) string { + return cve.IDV2(testCVE, componentID, index) } func dedupedImage() *storage.Image { @@ -582,13 +698,13 @@ func dedupedImage() *storage.Image { }, }, SetComponents: &storage.Image_Components{ - Components: 3, + Components: 4, }, SetCves: &storage.Image_Cves{ - Cves: 4, + Cves: 7, }, SetFixable: &storage.Image_FixableCves{ - FixableCves: 2, + FixableCves: 4, }, Scan: &storage.ImageScan{ ScanTime: ts, @@ -625,6 +741,42 @@ func dedupedImage() *storage.Image { FirstImageOccurrence: ts, FirstSystemOccurrence: ts, }, + { + Cve: "cve2", + VulnerabilityType: storage.EmbeddedVulnerability_IMAGE_VULNERABILITY, + VulnerabilityTypes: []storage.EmbeddedVulnerability_VulnerabilityType{storage.EmbeddedVulnerability_IMAGE_VULNERABILITY}, + SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ + FixedBy: "ver3", + }, + FirstImageOccurrence: ts, + FirstSystemOccurrence: ts, + }, + }, + }, + { + Name: "comp2", + Version: "ver1", + HasLayerIndex: &storage.EmbeddedImageScanComponent_LayerIndex{ + LayerIndex: 2, + }, + Vulns: []*storage.EmbeddedVulnerability{ + { + Cve: "cve1", + VulnerabilityType: storage.EmbeddedVulnerability_IMAGE_VULNERABILITY, + VulnerabilityTypes: []storage.EmbeddedVulnerability_VulnerabilityType{storage.EmbeddedVulnerability_IMAGE_VULNERABILITY}, + SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ + FixedBy: "ver2", + }, + FirstImageOccurrence: ts, + FirstSystemOccurrence: ts, + }, + { + Cve: "cve2", + VulnerabilityType: storage.EmbeddedVulnerability_IMAGE_VULNERABILITY, + VulnerabilityTypes: []storage.EmbeddedVulnerability_VulnerabilityType{storage.EmbeddedVulnerability_IMAGE_VULNERABILITY}, + FirstImageOccurrence: ts, + FirstSystemOccurrence: ts, + }, }, }, { diff --git a/central/image/datastore/store/common/v2/split_v2.go b/central/image/datastore/store/common/v2/split_v2.go index 31c43f17c3969..eae8054f9f72e 100644 --- a/central/image/datastore/store/common/v2/split_v2.go +++ b/central/image/datastore/store/common/v2/split_v2.go @@ -34,21 +34,12 @@ func SplitV2(image *storage.Image, withComponents bool) (ImageParts, error) { func splitComponentsV2(parts ImageParts) ([]ComponentParts, error) { ret := make([]ComponentParts, 0, len(parts.Image.GetScan().GetComponents())) - componentMap := make(map[string]*storage.EmbeddedImageScanComponent) - for _, component := range parts.Image.GetScan().GetComponents() { - generatedComponentV2, err := GenerateImageComponentV2(parts.Image.GetScan().GetOperatingSystem(), parts.Image, component) + for index, component := range parts.Image.GetScan().GetComponents() { + generatedComponentV2, err := GenerateImageComponentV2(parts.Image.GetScan().GetOperatingSystem(), parts.Image, index, component) if err != nil { return nil, err } - // dedupe components within the component - if _, ok := componentMap[generatedComponentV2.GetId()]; ok { - log.Infof("Component %s-%s has already been processed in the image. Skipping...", component.GetName(), component.GetVersion()) - continue - } - - componentMap[generatedComponentV2.GetId()] = component - cves, err := splitCVEsV2(parts.Image.GetId(), generatedComponentV2.GetId(), component) if err != nil { return nil, err @@ -67,21 +58,12 @@ func splitComponentsV2(parts ImageParts) ([]ComponentParts, error) { func splitCVEsV2(imageID string, componentID string, embedded *storage.EmbeddedImageScanComponent) ([]CVEParts, error) { ret := make([]CVEParts, 0, len(embedded.GetVulns())) - cveMap := make(map[string]*storage.EmbeddedVulnerability) - for _, cve := range embedded.GetVulns() { - convertedCVE, err := utils.EmbeddedVulnerabilityToImageCVEV2(imageID, componentID, cve) + for index, cve := range embedded.GetVulns() { + convertedCVE, err := utils.EmbeddedVulnerabilityToImageCVEV2(imageID, componentID, index, cve) if err != nil { return nil, err } - // dedupe CVEs within the component - if _, ok := cveMap[convertedCVE.GetId()]; ok { - log.Infof("CVE %s has already been processed in the image. Skipping...", cve.GetCve()) - continue - } - - cveMap[convertedCVE.GetId()] = cve - cp := CVEParts{ CVEV2: convertedCVE, } @@ -92,11 +74,8 @@ func splitCVEsV2(imageID string, componentID string, embedded *storage.EmbeddedI } // GenerateImageComponentV2 returns top-level image component from embedded component. -func GenerateImageComponentV2(os string, image *storage.Image, from *storage.EmbeddedImageScanComponent) (*storage.ImageComponentV2, error) { - componentID, err := scancomponent.ComponentIDV2(from, image.GetId()) - if err != nil { - return nil, err - } +func GenerateImageComponentV2(os string, image *storage.Image, index int, from *storage.EmbeddedImageScanComponent) (*storage.ImageComponentV2, error) { + componentID := scancomponent.ComponentIDV2(from, image.GetId(), index) ret := &storage.ImageComponentV2{ Id: componentID, diff --git a/central/imagecomponent/v2/datastore/datastore_sac_test.go b/central/imagecomponent/v2/datastore/datastore_sac_test.go index 7aa3129c7dea1..958ee62889f31 100644 --- a/central/imagecomponent/v2/datastore/datastore_sac_test.go +++ b/central/imagecomponent/v2/datastore/datastore_sac_test.go @@ -43,9 +43,8 @@ func (s *componentV2DataStoreSACTestSuite) SetupSuite() { s.imageTestContexts = sacTestUtils.GetNamespaceScopedTestContexts(context.Background(), s.T(), resources.Image) } -func getImageComponentID(component *storage.EmbeddedImageScanComponent, imageID string) string { - componentID, _ := scancomponent.ComponentIDV2(component, imageID) - return componentID +func getImageComponentID(component *storage.EmbeddedImageScanComponent, imageID string, index int) string { + return scancomponent.ComponentIDV2(component, imageID, index) } func (s *componentV2DataStoreSACTestSuite) cleanImageToVulnerabilitiesGraph() { @@ -63,12 +62,12 @@ var ( imageComponent1s2x3 = fixtures.GetEmbeddedImageComponent1s2x3() imageComponent2x4 = fixtures.GetEmbeddedImageComponent2x4() imageComponent2x5 = fixtures.GetEmbeddedImageComponent2x5() - imageComponentID1x1 = getImageComponentID(imageComponent1x1, fixtures.GetImageSherlockHolmes1().GetId()) - imageComponentID1x2 = getImageComponentID(imageComponent1x2, fixtures.GetImageSherlockHolmes1().GetId()) - imageComponentID1s2x3i1 = getImageComponentID(imageComponent1s2x3, fixtures.GetImageSherlockHolmes1().GetId()) - imageComponentID1s2x3i2 = getImageComponentID(imageComponent1s2x3, fixtures.GetImageDoctorJekyll2().GetId()) - imageComponentID2x4 = getImageComponentID(imageComponent2x4, fixtures.GetImageDoctorJekyll2().GetId()) - imageComponentID2x5 = getImageComponentID(imageComponent2x5, fixtures.GetImageDoctorJekyll2().GetId()) + imageComponentID1x1 = getImageComponentID(imageComponent1x1, fixtures.GetImageSherlockHolmes1().GetId(), 0) + imageComponentID1x2 = getImageComponentID(imageComponent1x2, fixtures.GetImageSherlockHolmes1().GetId(), 1) + imageComponentID1s2x3i1 = getImageComponentID(imageComponent1s2x3, fixtures.GetImageSherlockHolmes1().GetId(), 2) + imageComponentID1s2x3i2 = getImageComponentID(imageComponent1s2x3, fixtures.GetImageDoctorJekyll2().GetId(), 0) + imageComponentID2x4 = getImageComponentID(imageComponent2x4, fixtures.GetImageDoctorJekyll2().GetId(), 1) + imageComponentID2x5 = getImageComponentID(imageComponent2x5, fixtures.GetImageDoctorJekyll2().GetId(), 2) imageComponentTestCases = []componentTestCase{ { diff --git a/central/imagev2/datastore/datastore_impl.go b/central/imagev2/datastore/datastore_impl.go index 4295d97a672d2..4c2e4765c06e5 100644 --- a/central/imagev2/datastore/datastore_impl.go +++ b/central/imagev2/datastore/datastore_impl.go @@ -310,24 +310,16 @@ func (ds *datastoreImpl) initializeRankers() { func (ds *datastoreImpl) updateImagePriority(images ...*storage.ImageV2) { for _, image := range images { image.Priority = ds.imageRanker.GetRankForID(image.GetId()) - for _, component := range image.GetScan().GetComponents() { - componentID, err := scancomponent.ComponentIDV2(component, image.GetId()) - if err != nil { - log.Error(err) - continue - } + for index, component := range image.GetScan().GetComponents() { + componentID := scancomponent.ComponentIDV2(component, image.GetId(), index) component.Priority = ds.imageComponentRanker.GetRankForID(componentID) } } } func (ds *datastoreImpl) updateComponentRisk(image *storage.ImageV2) { - for _, component := range image.GetScan().GetComponents() { - componentID, err := scancomponent.ComponentIDV2(component, image.GetId()) - if err != nil { - log.Error(err) - continue - } + for index, component := range image.GetScan().GetComponents() { + componentID := scancomponent.ComponentIDV2(component, image.GetId(), index) component.RiskScore = ds.imageComponentRanker.GetScoreForID(componentID) } } diff --git a/central/imagev2/datastore/datastore_impl_test.go b/central/imagev2/datastore/datastore_impl_test.go index f0123cf50dbfd..616ea3f11a062 100644 --- a/central/imagev2/datastore/datastore_impl_test.go +++ b/central/imagev2/datastore/datastore_impl_test.go @@ -251,12 +251,12 @@ func (s *ImageV2DataStoreTestSuite) TestSortByComponent() { ctx := sac.WithAllAccess(context.Background()) image := fixtures.GetImageV2WithUniqueComponents(5) componentIDs := make([]string, 0, len(image.GetScan().GetComponents())) - for _, component := range image.GetScan().GetComponents() { - compID, err := scancomponent.ComponentIDV2( + for index, component := range image.GetScan().GetComponents() { + compID := scancomponent.ComponentIDV2( component, image.GetId(), + index, ) - s.NoError(err) componentIDs = append(componentIDs, compID) } @@ -311,12 +311,10 @@ func (s *ImageV2DataStoreTestSuite) TestImageDeletes() { testImage.Scan.ScanTime = protocompat.TimestampNow() testImage.Scan.Components = testImage.Scan.Components[:len(testImage.Scan.Components)-1] cveIDsSet := set.NewStringSet() - for _, component := range testImage.GetScan().GetComponents() { - componentID, err := scancomponent.ComponentIDV2(component, testImage.GetId()) - s.NoError(err) - for _, cve := range component.GetVulns() { - cveID, err := pkgCVE.IDV2(cve, componentID) - s.NoError(err) + for compIndex, component := range testImage.GetScan().GetComponents() { + componentID := scancomponent.ComponentIDV2(component, testImage.GetId(), compIndex) + for cveIndex, cve := range component.GetVulns() { + cveID := pkgCVE.IDV2(cve, componentID, cveIndex) cveIDsSet.Add(cveID) } } diff --git a/central/imagev2/datastore/store/common/parts_test.go b/central/imagev2/datastore/store/common/parts_test.go index 4fa45b5a15a5e..ceb27eb102527 100644 --- a/central/imagev2/datastore/store/common/parts_test.go +++ b/central/imagev2/datastore/store/common/parts_test.go @@ -176,11 +176,11 @@ func TestSplitAndMergeImageV2(t *testing.T) { }, }, ScanStats: &storage.ImageV2_ScanStats{ - ComponentCount: 3, - CveCount: 4, - FixableCveCount: 2, - UnknownCveCount: 4, - FixableUnknownCveCount: 2, + ComponentCount: 4, + CveCount: 7, + FixableCveCount: 4, + UnknownCveCount: 7, + FixableUnknownCveCount: 4, }, Scan: &storage.ImageScan{ ScanTime: ts, @@ -301,17 +301,17 @@ func TestSplitAndMergeImageV2(t *testing.T) { ScanTime: ts, }, ScanStats: &storage.ImageV2_ScanStats{ - ComponentCount: 3, - CveCount: 4, - FixableCveCount: 2, - UnknownCveCount: 4, - FixableUnknownCveCount: 2, + ComponentCount: 4, + CveCount: 7, + FixableCveCount: 4, + UnknownCveCount: 7, + FixableUnknownCveCount: 4, }, }, Children: []ComponentPartsV2{ { ComponentV2: &storage.ImageComponentV2{ - Id: getTestComponentID(t, testComponents[0], imageID), + Id: getTestComponentID(testComponents[0], imageID, 0), Name: "comp1", Version: "ver1", ImageIdV2: imageID, @@ -323,7 +323,7 @@ func TestSplitAndMergeImageV2(t *testing.T) { }, { ComponentV2: &storage.ImageComponentV2{ - Id: getTestComponentID(t, testComponents[1], imageID), + Id: getTestComponentID(testComponents[1], imageID, 1), Name: "comp1", Version: "ver2", ImageIdV2: imageID, @@ -334,7 +334,7 @@ func TestSplitAndMergeImageV2(t *testing.T) { Children: []CVEPartsV2{ { CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(t, testCVEs["cve1comp1"], getTestComponentID(t, testComponents[1], imageID)), + Id: getTestCVEID(testCVEs["cve1comp1"], getTestComponentID(testComponents[1], imageID, 1), 0), ImageIdV2: imageID, CveBaseInfo: &storage.CVEInfo{ Cve: "cve1", @@ -342,12 +342,12 @@ func TestSplitAndMergeImageV2(t *testing.T) { }, NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(t, testComponents[1], imageID), + ComponentId: getTestComponentID(testComponents[1], imageID, 1), }, }, { CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(t, testCVEs["cve2comp1"], getTestComponentID(t, testComponents[1], imageID)), + Id: getTestCVEID(testCVEs["cve2comp1"], getTestComponentID(testComponents[1], imageID, 1), 1), ImageIdV2: imageID, CveBaseInfo: &storage.CVEInfo{ Cve: "cve2", @@ -359,14 +359,31 @@ func TestSplitAndMergeImageV2(t *testing.T) { }, IsFixable: true, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(t, testComponents[1], imageID), + ComponentId: getTestComponentID(testComponents[1], imageID, 1), + }, + }, + { + CVEV2: &storage.ImageCVEV2{ + Id: getTestCVEID(testCVEs["cve2comp1"], getTestComponentID(testComponents[1], imageID, 1), 2), + ImageIdV2: imageID, + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve2", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + HasFixedBy: &storage.ImageCVEV2_FixedBy{ + FixedBy: "ver3", + }, + IsFixable: true, + FirstImageOccurrence: ts, + ComponentId: getTestComponentID(testComponents[1], imageID, 1), }, }, }, }, { ComponentV2: &storage.ImageComponentV2{ - Id: getTestComponentID(t, testComponents[2], imageID), + Id: getTestComponentID(testComponents[2], imageID, 2), Name: "comp2", Version: "ver1", ImageIdV2: imageID, @@ -377,7 +394,7 @@ func TestSplitAndMergeImageV2(t *testing.T) { Children: []CVEPartsV2{ { CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(t, testCVEs["cve1comp2"], getTestComponentID(t, testComponents[2], imageID)), + Id: getTestCVEID(testCVEs["cve1comp2"], getTestComponentID(testComponents[2], imageID, 2), 0), ImageIdV2: imageID, CveBaseInfo: &storage.CVEInfo{ Cve: "cve1", @@ -389,12 +406,12 @@ func TestSplitAndMergeImageV2(t *testing.T) { }, IsFixable: true, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(t, testComponents[2], imageID), + ComponentId: getTestComponentID(testComponents[2], imageID, 2), }, }, { CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(t, testCVEs["cve2comp2"], getTestComponentID(t, testComponents[2], imageID)), + Id: getTestCVEID(testCVEs["cve2comp2"], getTestComponentID(testComponents[2], imageID, 2), 1), ImageIdV2: imageID, CveBaseInfo: &storage.CVEInfo{ Cve: "cve2", @@ -402,7 +419,50 @@ func TestSplitAndMergeImageV2(t *testing.T) { }, NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(t, testComponents[2], imageID), + ComponentId: getTestComponentID(testComponents[2], imageID, 2), + }, + }, + }, + }, + { + ComponentV2: &storage.ImageComponentV2{ + Id: getTestComponentID(testComponents[2], imageID, 3), + Name: "comp2", + Version: "ver1", + ImageIdV2: imageID, + HasLayerIndex: &storage.ImageComponentV2_LayerIndex{ + LayerIndex: 2, + }, + }, + Children: []CVEPartsV2{ + { + CVEV2: &storage.ImageCVEV2{ + Id: getTestCVEID(testCVEs["cve1comp2"], getTestComponentID(testComponents[2], imageID, 3), 0), + ImageIdV2: imageID, + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve1", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + HasFixedBy: &storage.ImageCVEV2_FixedBy{ + FixedBy: "ver2", + }, + IsFixable: true, + FirstImageOccurrence: ts, + ComponentId: getTestComponentID(testComponents[2], imageID, 3), + }, + }, + { + CVEV2: &storage.ImageCVEV2{ + Id: getTestCVEID(testCVEs["cve2comp2"], getTestComponentID(testComponents[2], imageID, 3), 1), + ImageIdV2: imageID, + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve2", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + FirstImageOccurrence: ts, + ComponentId: getTestComponentID(testComponents[2], imageID, 3), }, }, }, @@ -430,16 +490,12 @@ func TestSplitAndMergeImageV2(t *testing.T) { protoassert.Equal(t, dedupedImageV2(imageID, imageName, imageSha), imageActual) } -func getTestComponentID(t *testing.T, testComponent *storage.EmbeddedImageScanComponent, imageID string) string { - id, err := scancomponent.ComponentIDV2(testComponent, imageID) - assert.NoError(t, err) - return id +func getTestComponentID(testComponent *storage.EmbeddedImageScanComponent, imageID string, index int) string { + return scancomponent.ComponentIDV2(testComponent, imageID, index) } -func getTestCVEID(t *testing.T, testCVE *storage.EmbeddedVulnerability, componentID string) string { - id, err := cve.IDV2(testCVE, componentID) - assert.NoError(t, err) - return id +func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string, index int) string { + return cve.IDV2(testCVE, componentID, index) } func dedupedImageV2(imageID, imageName, imageSha string) *storage.ImageV2 { @@ -455,11 +511,11 @@ func dedupedImageV2(imageID, imageName, imageSha string) *storage.ImageV2 { }, }, ScanStats: &storage.ImageV2_ScanStats{ - ComponentCount: 3, - CveCount: 4, - FixableCveCount: 2, - UnknownCveCount: 4, - FixableUnknownCveCount: 2, + ComponentCount: 4, + CveCount: 7, + FixableCveCount: 4, + UnknownCveCount: 7, + FixableUnknownCveCount: 4, }, Scan: &storage.ImageScan{ ScanTime: ts, @@ -496,6 +552,42 @@ func dedupedImageV2(imageID, imageName, imageSha string) *storage.ImageV2 { FirstImageOccurrence: ts, FirstSystemOccurrence: ts, }, + { + Cve: "cve2", + VulnerabilityType: storage.EmbeddedVulnerability_IMAGE_VULNERABILITY, + VulnerabilityTypes: []storage.EmbeddedVulnerability_VulnerabilityType{storage.EmbeddedVulnerability_IMAGE_VULNERABILITY}, + SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ + FixedBy: "ver3", + }, + FirstImageOccurrence: ts, + FirstSystemOccurrence: ts, + }, + }, + }, + { + Name: "comp2", + Version: "ver1", + HasLayerIndex: &storage.EmbeddedImageScanComponent_LayerIndex{ + LayerIndex: 2, + }, + Vulns: []*storage.EmbeddedVulnerability{ + { + Cve: "cve1", + VulnerabilityType: storage.EmbeddedVulnerability_IMAGE_VULNERABILITY, + VulnerabilityTypes: []storage.EmbeddedVulnerability_VulnerabilityType{storage.EmbeddedVulnerability_IMAGE_VULNERABILITY}, + SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ + FixedBy: "ver2", + }, + FirstImageOccurrence: ts, + FirstSystemOccurrence: ts, + }, + { + Cve: "cve2", + VulnerabilityType: storage.EmbeddedVulnerability_IMAGE_VULNERABILITY, + VulnerabilityTypes: []storage.EmbeddedVulnerability_VulnerabilityType{storage.EmbeddedVulnerability_IMAGE_VULNERABILITY}, + FirstImageOccurrence: ts, + FirstSystemOccurrence: ts, + }, }, }, { diff --git a/central/imagev2/datastore/store/common/split.go b/central/imagev2/datastore/store/common/split.go index 79abb613ab889..3930451c20ae1 100644 --- a/central/imagev2/datastore/store/common/split.go +++ b/central/imagev2/datastore/store/common/split.go @@ -34,21 +34,12 @@ func Split(image *storage.ImageV2, withComponents bool) (ImagePartsV2, error) { func splitComponents(parts ImagePartsV2) ([]ComponentPartsV2, error) { ret := make([]ComponentPartsV2, 0, len(parts.Image.GetScan().GetComponents())) - componentMap := make(map[string]*storage.EmbeddedImageScanComponent) - for _, component := range parts.Image.GetScan().GetComponents() { - generatedComponentV2, err := GenerateImageComponentV2(parts.Image.GetScan().GetOperatingSystem(), parts.Image, component) + for index, component := range parts.Image.GetScan().GetComponents() { + generatedComponentV2, err := GenerateImageComponentV2(parts.Image.GetScan().GetOperatingSystem(), parts.Image, index, component) if err != nil { return nil, err } - // dedupe components within the component - if _, ok := componentMap[generatedComponentV2.GetId()]; ok { - log.Infof("Component %s-%s has already been processed in the image. Skipping...", component.GetName(), component.GetVersion()) - continue - } - - componentMap[generatedComponentV2.GetId()] = component - cves, err := splitCVEs(parts.Image.GetId(), generatedComponentV2.GetId(), component) if err != nil { return nil, err @@ -67,21 +58,12 @@ func splitComponents(parts ImagePartsV2) ([]ComponentPartsV2, error) { func splitCVEs(imageID string, componentID string, embedded *storage.EmbeddedImageScanComponent) ([]CVEPartsV2, error) { ret := make([]CVEPartsV2, 0, len(embedded.GetVulns())) - cveMap := make(map[string]*storage.EmbeddedVulnerability) - for _, cve := range embedded.GetVulns() { - convertedCVE, err := utils.EmbeddedVulnerabilityToImageCVEV2(imageID, componentID, cve) + for index, cve := range embedded.GetVulns() { + convertedCVE, err := utils.EmbeddedVulnerabilityToImageCVEV2(imageID, componentID, index, cve) if err != nil { return nil, err } - // dedupe CVEs within the component - if _, ok := cveMap[convertedCVE.GetId()]; ok { - log.Infof("CVE %s has already been processed in the image. Skipping...", cve.GetCve()) - continue - } - - cveMap[convertedCVE.GetId()] = cve - cp := CVEPartsV2{ CVEV2: convertedCVE, } @@ -92,11 +74,8 @@ func splitCVEs(imageID string, componentID string, embedded *storage.EmbeddedIma } // GenerateImageComponentV2 returns top-level image component from embedded component. -func GenerateImageComponentV2(os string, image *storage.ImageV2, from *storage.EmbeddedImageScanComponent) (*storage.ImageComponentV2, error) { - componentID, err := scancomponent.ComponentIDV2(from, image.GetId()) - if err != nil { - return nil, err - } +func GenerateImageComponentV2(os string, image *storage.ImageV2, index int, from *storage.EmbeddedImageScanComponent) (*storage.ImageComponentV2, error) { + componentID := scancomponent.ComponentIDV2(from, image.GetId(), index) ret := &storage.ImageComponentV2{ Id: componentID, diff --git a/central/risk/manager/manager.go b/central/risk/manager/manager.go index 8fd92551773f8..3638c1a0b5673 100644 --- a/central/risk/manager/manager.go +++ b/central/risk/manager/manager.go @@ -217,8 +217,8 @@ func (e *managerImpl) calculateAndUpsertImageRisk(image *storage.Image) error { } // We want to compute and store risk for image components when image risk is reprocessed. - for _, component := range image.GetScan().GetComponents() { - e.reprocessImageComponentRisk(component, image.GetScan().GetOperatingSystem(), image.GetId()) + for index, component := range image.GetScan().GetComponents() { + e.reprocessImageComponentRisk(component, image.GetScan().GetOperatingSystem(), image.GetId(), index) } image.RiskScore = risk.Score @@ -299,8 +299,8 @@ func (e *managerImpl) calculateAndUpsertImageV2Risk(image *storage.ImageV2) erro } // We want to compute and store risk for image components when image risk is reprocessed. - for _, component := range image.GetScan().GetComponents() { - e.reprocessImageComponentRisk(component, image.GetScan().GetOperatingSystem(), image.GetId()) + for index, component := range image.GetScan().GetComponents() { + e.reprocessImageComponentRisk(component, image.GetScan().GetOperatingSystem(), image.GetId(), index) } image.RiskScore = risk.Score @@ -349,16 +349,22 @@ func (e *managerImpl) skipImageV2Upsert(img *storage.ImageV2) (bool, error) { // reprocessImageComponentRisk will reprocess risk of image components and save the results. // Image Component ID is generated as : -func (e *managerImpl) reprocessImageComponentRisk(imageComponent *storage.EmbeddedImageScanComponent, os string, imageID string) { +func (e *managerImpl) reprocessImageComponentRisk(imageComponent *storage.EmbeddedImageScanComponent, os string, imageID string, componentIndex int) { defer metrics.ObserveRiskProcessingDuration(time.Now(), "ImageComponent") - risk := e.imageComponentScorer.Score(allAccessCtx, scancomponent.NewFromImageComponent(imageComponent), os, imageComponent, imageID) + risk := e.imageComponentScorer.Score(allAccessCtx, scancomponent.NewFromImageComponent(imageComponent), os, imageComponent, imageID, componentIndex) if risk == nil { return } - oldScore := e.imageComponentRanker.GetScoreForID( - scancomponent.ComponentID(imageComponent.GetName(), imageComponent.GetVersion(), os)) + var oldScore float32 + if features.FlattenCVEData.Enabled() { + oldScore = e.imageComponentRanker.GetScoreForID( + scancomponent.ComponentIDV2(imageComponent, imageID, componentIndex)) + } else { + oldScore = e.imageComponentRanker.GetScoreForID( + scancomponent.ComponentID(imageComponent.GetName(), imageComponent.GetVersion(), os)) + } // Image component risk results are currently unused so if the score is the same then no need to upsert if risk.GetScore() == oldScore { diff --git a/central/risk/scorer/component/image/scorer_test.go b/central/risk/scorer/component/image/scorer_test.go index 4ec969c5c5655..cc89914991fba 100644 --- a/central/risk/scorer/component/image/scorer_test.go +++ b/central/risk/scorer/component/image/scorer_test.go @@ -36,7 +36,7 @@ func TestScore(t *testing.T) { }, } - actualRisk := scorer.Score(ctx, scancomponent.NewFromImageComponent(imageComponent), "", imageComponent, pkgScorer.GetMockImage().GetId()) + actualRisk := scorer.Score(ctx, scancomponent.NewFromImageComponent(imageComponent), "", imageComponent, pkgScorer.GetMockImage().GetId(), 0) protoassert.SlicesEqual(t, expectedRiskResults, actualRisk.GetResults()) assert.InDelta(t, expectedRiskScore, actualRisk.GetScore(), 0.0001) diff --git a/central/risk/scorer/component/image_scorer.go b/central/risk/scorer/component/image_scorer.go index 2ef2be40d81e6..2c5216b2ad447 100644 --- a/central/risk/scorer/component/image_scorer.go +++ b/central/risk/scorer/component/image_scorer.go @@ -12,7 +12,7 @@ import ( // Scorer is the object that encompasses the multipliers for evaluating component risk type ImageScorer interface { - Score(ctx context.Context, component scancomponent.ScanComponent, os string, imageComponent *storage.EmbeddedImageScanComponent, imageID string) *storage.Risk + Score(ctx context.Context, component scancomponent.ScanComponent, os string, imageComponent *storage.EmbeddedImageScanComponent, imageID string, index int) *storage.Risk } // NewComponentScorer returns a new scorer that encompasses multipliers for evaluating component risk @@ -31,7 +31,7 @@ type componentImageScorerImpl struct { } // Score takes a component and evaluates its risk -func (s *componentImageScorerImpl) Score(ctx context.Context, scanComponent scancomponent.ScanComponent, os string, imageComponent *storage.EmbeddedImageScanComponent, imageID string) *storage.Risk { +func (s *componentImageScorerImpl) Score(ctx context.Context, scanComponent scancomponent.ScanComponent, os string, imageComponent *storage.EmbeddedImageScanComponent, imageID string, index int) *storage.Risk { riskResults := make([]*storage.Risk_Result, 0, len(s.ConfiguredMultipliers)) overallScore := float32(1.0) for _, mult := range s.ConfiguredMultipliers { @@ -47,11 +47,7 @@ func (s *componentImageScorerImpl) Score(ctx context.Context, scanComponent scan var componentID string var err error if features.FlattenCVEData.Enabled() { - componentID, err = scancomponent.ComponentIDV2(imageComponent, imageID) - if err != nil { - log.Errorf("Unable to score %s: %v", scanComponent.GetName(), err) - return nil - } + componentID = scancomponent.ComponentIDV2(imageComponent, imageID, index) } else { componentID = scancomponent.ComponentID(scanComponent.GetName(), scanComponent.GetVersion(), os) } diff --git a/central/sensor/service/pipeline/nodeindex/three_pipelines_test.go b/central/sensor/service/pipeline/nodeindex/three_pipelines_test.go index c149a369719a6..6952800e477c7 100644 --- a/central/sensor/service/pipeline/nodeindex/three_pipelines_test.go +++ b/central/sensor/service/pipeline/nodeindex/three_pipelines_test.go @@ -608,7 +608,7 @@ func (m *mockComponentScorer) Score(_ context.Context, _ scancomponent.ScanCompo type mockImageComponentScorer struct{} -func (m *mockImageComponentScorer) Score(_ context.Context, _ scancomponent.ScanComponent, _ string, _ *storage.EmbeddedImageScanComponent, _ string) *storage.Risk { +func (m *mockImageComponentScorer) Score(_ context.Context, _ scancomponent.ScanComponent, _ string, _ *storage.EmbeddedImageScanComponent, _ string, _ int) *storage.Risk { return getDummyRisk() } diff --git a/central/sensor/service/pipeline/nodeinventory/two_pipelines_test.go b/central/sensor/service/pipeline/nodeinventory/two_pipelines_test.go index 39b1b2445c47e..d6c795ae9e5ab 100644 --- a/central/sensor/service/pipeline/nodeinventory/two_pipelines_test.go +++ b/central/sensor/service/pipeline/nodeinventory/two_pipelines_test.go @@ -390,7 +390,7 @@ func (m *mockComponentScorer) Score(_ context.Context, _ scancomponent.ScanCompo type mockImageComponentScorer struct{} -func (m *mockImageComponentScorer) Score(_ context.Context, _ scancomponent.ScanComponent, _ string, _ *storage.EmbeddedImageScanComponent, _ string) *storage.Risk { +func (m *mockImageComponentScorer) Score(_ context.Context, _ scancomponent.ScanComponent, _ string, _ *storage.EmbeddedImageScanComponent, _ string, _ int) *storage.Risk { return getDummyRisk() } diff --git a/central/views/imagecveflat/view_test.go b/central/views/imagecveflat/view_test.go index c7b4c2fa6e532..ba7b9aac600c3 100644 --- a/central/views/imagecveflat/view_test.go +++ b/central/views/imagecveflat/view_test.go @@ -525,7 +525,7 @@ func (s *ImageCVEFlatViewTestSuite) testCases() []testCase { Source: storage.SourceType_OS, Location: "", Architecture: "", - }, "sha256:05dd8ed5c76ad3c9f06481770828cf17b8c89f1e406c91d548426dd70fe94560"))}, + }, "sha256:05dd8ed5c76ad3c9f06481770828cf17b8c89f1e406c91d548426dd70fe94560", 0), 0)}, Level: v1.SearchCategory_IMAGE_VULNERABILITIES, }, }), @@ -904,16 +904,12 @@ func standardizeImages(images ...*storage.Image) { } } -func getTestComponentID(testComponent *storage.EmbeddedImageScanComponent, imageID string) string { - id, _ := scancomponent.ComponentIDV2(testComponent, imageID) - - return id +func getTestComponentID(testComponent *storage.EmbeddedImageScanComponent, imageID string, index int) string { + return scancomponent.ComponentIDV2(testComponent, imageID, index) } -func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string) string { - id, _ := cve.IDV2(testCVE, componentID) - - return id +func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string, index int) string { + return cve.IDV2(testCVE, componentID, index) } func getTestCVE() *storage.EmbeddedVulnerability { diff --git a/pkg/cve/cve.go b/pkg/cve/cve.go index 7af6609c77bdd..32086230d5ba3 100644 --- a/pkg/cve/cve.go +++ b/pkg/cve/cve.go @@ -3,7 +3,6 @@ package cve import ( "strconv" - "github.com/mitchellh/hashstructure/v2" "github.com/stackrox/rox/generated/storage" pgSearch "github.com/stackrox/rox/pkg/search/postgres" ) @@ -25,13 +24,10 @@ func ID(cve, os string) string { } // IDV2 creates a CVE ID from the given cve name, component id and index of CVE within the component. -func IDV2(cve *storage.EmbeddedVulnerability, componentID string) (string, error) { - hash, err := hashstructure.Hash(cve, hashstructure.FormatV2, &hashstructure.HashOptions{ZeroNil: true}) - if err != nil { - return "", err - } - - return pgSearch.IDFromPks([]string{cve.GetCve(), strconv.FormatUint(hash, 10), componentID}), nil +func IDV2(cve *storage.EmbeddedVulnerability, componentID string, index int) string { + // The index it occurs in the component list is sufficient for uniqueness. We do not need to be able to + // rebuild this ID at query time from an embedded object. + return pgSearch.IDFromPks([]string{cve.GetCve(), strconv.Itoa(index), componentID}) } // IDToParts return the CVE ID parts—cve and operating system. diff --git a/pkg/scancomponent/component_id.go b/pkg/scancomponent/component_id.go index 33cc3caff91b0..063389ea8c100 100644 --- a/pkg/scancomponent/component_id.go +++ b/pkg/scancomponent/component_id.go @@ -3,7 +3,6 @@ package scancomponent import ( "strconv" - "github.com/mitchellh/hashstructure/v2" "github.com/stackrox/rox/generated/storage" pgSearch "github.com/stackrox/rox/pkg/search/postgres" ) @@ -14,19 +13,8 @@ func ComponentID(name, version, os string) string { } // ComponentIDV2 creates a component ID from the given name and version and architecture and imageID. -func ComponentIDV2(component *storage.EmbeddedImageScanComponent, imageID string) (string, error) { - // A little future proofing here. Just hashing the component to ensure uniqueness. If a field is added, the data - // will be replaced anyway. We just need to ensure uniqueness within the scan since we tack on the imageID. - // We must make a clone of the incoming object to use in our hash. The `SetTopCvss` must be set to nil before hashing - // as that is added by the enricher and may vary. So we want to ignore it. Since it is - // a oneof we cannot simply flag it as ignore in the proto, sadly. - clonedComponent := component.CloneVT() - clonedComponent.SetTopCvss = nil - - hash, err := hashstructure.Hash(clonedComponent, hashstructure.FormatV2, &hashstructure.HashOptions{ZeroNil: true}) - if err != nil { - return "", err - } - - return pgSearch.IDFromPks([]string{component.GetName(), strconv.FormatUint(hash, 10), imageID}), nil +func ComponentIDV2(component *storage.EmbeddedImageScanComponent, imageID string, index int) string { + // The index it occurs in the component list is sufficient for uniqueness. We do not need to be able to + // rebuild this ID at query time from an embedded object. Which is why we were forced to use a hash before. + return pgSearch.IDFromPks([]string{component.GetName(), strconv.Itoa(index), imageID}) }