From 975cd2b8de196161d4809f378be93969ec51a9e6 Mon Sep 17 00:00:00 2001 From: Dave Shrewsberry Date: Fri, 17 Oct 2025 06:14:19 -0400 Subject: [PATCH 1/3] X-Smart-Branch-Parent: release-4.8 From 26e45389b80eb123cee5b569c95a32180853a1d2 Mon Sep 17 00:00:00 2001 From: David Shrewsberry <99685630+dashrews78@users.noreply.github.com> Date: Wed, 15 Oct 2025 14:54:07 -0400 Subject: [PATCH 2/3] ROX-31173: do not embed component in resolver context (#17154) --- central/graphql/resolvers/image_components.go | 69 +---------------- central/graphql/resolvers/image_scan.go | 76 +------------------ central/graphql/resolvers/image_scan_test.go | 5 ++ .../groovy/VulnScanWithGraphQLTest.groovy | 8 +- .../Entity/ConfigManagementEntityImage.jsx | 13 +++- .../Entity/Image/VulnMgmtEntityImage.jsx | 4 +- .../Entity/Image/VulnMgmtImageOverview.jsx | 24 +++--- ui/apps/platform/src/queries/image.js | 4 +- .../platform/src/utils/getEntityName.test.js | 2 +- 9 files changed, 39 insertions(+), 166 deletions(-) diff --git a/central/graphql/resolvers/image_components.go b/central/graphql/resolvers/image_components.go index 7fd45b492dc7c..696b329806374 100644 --- a/central/graphql/resolvers/image_components.go +++ b/central/graphql/resolvers/image_components.go @@ -21,7 +21,6 @@ import ( "github.com/stackrox/rox/pkg/features" pkgMetrics "github.com/stackrox/rox/pkg/metrics" "github.com/stackrox/rox/pkg/protocompat" - "github.com/stackrox/rox/pkg/scancomponent" "github.com/stackrox/rox/pkg/search" "github.com/stackrox/rox/pkg/search/scoped" "github.com/stackrox/rox/pkg/utils" @@ -409,39 +408,6 @@ func getImageCVEResolvers(ctx context.Context, root *Resolver, os string, vulns return paginate(query.GetPagination(), resolverI, nil) } -func getImageCVEV2Resolvers(ctx context.Context, root *Resolver, imageID string, component *storage.EmbeddedImageScanComponent, query *v1.Query) ([]ImageVulnerabilityResolver, error) { - query, _ = search.FilterQueryWithMap(query, mappings.VulnerabilityOptionsMap) - predicate, err := vulnPredicateFactory.GeneratePredicate(query) - if err != nil { - return nil, err - } - - componentID, err := scancomponent.ComponentIDV2(component, imageID) - if err != nil { - return nil, err - } - resolvers := make([]ImageVulnerabilityResolver, 0, len(component.GetVulns())) - for _, vuln := range component.GetVulns() { - if !predicate.Matches(vuln) { - continue - } - converted, err := cveConverter.EmbeddedVulnerabilityToImageCVEV2(imageID, componentID, vuln) - if err != nil { - return nil, err - } - - resolver, err := root.wrapImageCVEV2(converted, true, nil) - if err != nil { - return nil, err - } - resolver.ctx = embeddedobjs.VulnContext(ctx, vuln) - - resolvers = append(resolvers, resolver) - } - - return paginate(query.GetPagination(), resolvers, nil) -} - /* Sub Resolver Functions */ @@ -736,17 +702,7 @@ func (resolver *imageComponentV2Resolver) ImageVulnerabilities(ctx context.Conte resolver.ctx = ctx } - // Short path. Full image is embedded when image scan resolver is called. - embeddedComponent := embeddedobjs.ComponentFromContext(resolver.ctx) - if embeddedComponent == nil { - return resolver.root.ImageVulnerabilities(resolver.imageComponentScopeContext(ctx), args) - } - - query, err := args.AsV1QueryOrEmpty() - if err != nil { - return nil, err - } - return getImageCVEV2Resolvers(resolver.ctx, resolver.root, resolver.ImageId(resolver.ctx), embeddedComponent, query) + return resolver.root.ImageVulnerabilities(resolver.imageComponentScopeContext(ctx), args) } func (resolver *imageComponentV2Resolver) LastScanned(ctx context.Context) (*graphql.Time, error) { @@ -789,29 +745,6 @@ func (resolver *imageComponentV2Resolver) TopImageVulnerability(ctx context.Cont resolver.ctx = ctx } - // Short path. Full image is embedded when image scan resolver is called. - if embeddedComponent := embeddedobjs.ComponentFromContext(resolver.ctx); embeddedComponent != nil { - var topVuln *storage.EmbeddedVulnerability - for _, vuln := range embeddedComponent.GetVulns() { - if topVuln == nil || vuln.GetCvss() > topVuln.GetCvss() { - topVuln = vuln - } - } - if topVuln == nil { - return nil, nil - } - componentID, err := scancomponent.ComponentIDV2(embeddedComponent, resolver.ImageId(resolver.ctx)) - if err != nil { - return nil, err - } - - convertedTopVuln, err := cveConverter.EmbeddedVulnerabilityToImageCVEV2(resolver.ImageId(resolver.ctx), componentID, topVuln) - if err != nil { - return nil, err - } - return resolver.root.wrapImageCVEV2WithContext(resolver.ctx, convertedTopVuln, true, nil) - } - return resolver.root.TopImageVulnerability(resolver.imageComponentScopeContext(ctx), RawQuery{}) } diff --git a/central/graphql/resolvers/image_scan.go b/central/graphql/resolvers/image_scan.go index 10259a1371b1f..71badee3c693e 100644 --- a/central/graphql/resolvers/image_scan.go +++ b/central/graphql/resolvers/image_scan.go @@ -5,7 +5,6 @@ import ( "sort" "github.com/stackrox/rox/central/graphql/resolvers/embeddedobjs" - "github.com/stackrox/rox/central/graphql/resolvers/loaders" "github.com/stackrox/rox/central/image/datastore/store/common/v2" "github.com/stackrox/rox/central/image/mappings" v1 "github.com/stackrox/rox/generated/api/v1" @@ -25,13 +24,6 @@ func init() { "imageComponentCount(query: String): Int!", "imageComponents(query: String, pagination: Pagination): [ImageComponent!]!", }), - // deprecated fields - schema.AddExtraResolvers("ImageScan", []string{ - "componentCount(query: String): Int! " + - "@deprecated(reason: \"use 'imageComponentCount'\")", - "components(query: String, pagination: Pagination): [EmbeddedImageScanComponent!]! " + - "@deprecated(reason: \"use 'imageComponents'\")", - }), ) } @@ -41,7 +33,7 @@ func (resolver *imageScanResolver) ImageComponents(_ context.Context, args Pagin return nil, err } if features.FlattenCVEData.Enabled() { - return getImageComponentV2Resolvers(resolver.ctx, resolver.root, resolver.data, query) + return resolver.root.ImageComponents(resolver.ctx, args) } return getImageComponentResolvers(resolver.ctx, resolver.root, resolver.data, query) } @@ -93,69 +85,3 @@ func getImageComponentResolvers(ctx context.Context, root *Resolver, imageScan * } return paginate(query.GetPagination(), resolverI, nil) } - -func getImageComponentV2Resolvers(ctx context.Context, root *Resolver, imageScan *storage.ImageScan, query *v1.Query) ([]ImageComponentResolver, error) { - imageID := getImageIDFromScope(ctx) - if imageID == "" { - return nil, nil - } - - imageLoader, err := loaders.GetImageLoader(ctx) - if err != nil { - return nil, err - } - - image, err := imageLoader.FullImageWithID(ctx, imageID) - if err != nil { - return nil, err - } - - query, _ = search.FilterQueryWithMap(query, mappings.ComponentV2OptionsMap) - predicate, err := componentPredicateFactory.GeneratePredicate(query) - if err != nil { - return nil, err - } - - idToComponent := make(map[string]*imageComponentV2Resolver) - for _, embeddedComponent := range imageScan.GetComponents() { - if !predicate.Matches(embeddedComponent) { - continue - } - - os := imageScan.GetOperatingSystem() - id, err := scancomponent.ComponentIDV2(embeddedComponent, imageID) - if err != nil { - return nil, err - } - if _, exists := idToComponent[id]; !exists { - component, err := common.GenerateImageComponentV2(os, image, embeddedComponent) - if err != nil { - return nil, err - } - - resolver, err := root.wrapImageComponentV2(component, true, nil) - if err != nil { - return nil, err - } - imageScanTime := protocompat.ConvertTimestampToTimeOrNil(imageScan.GetScanTime()) - resolver.ctx = embeddedobjs.ComponentContext(ctx, os, imageScanTime, embeddedComponent) - idToComponent[id] = resolver - } - } - - // For now, sort by IDs. - resolvers := make([]*imageComponentV2Resolver, 0, len(idToComponent)) - for _, component := range idToComponent { - resolvers = append(resolvers, component) - } - if len(query.GetPagination().GetSortOptions()) == 0 { - sort.SliceStable(resolvers, func(i, j int) bool { - return resolvers[i].data.GetId() < resolvers[j].data.GetId() - }) - } - resolverI := make([]ImageComponentResolver, 0, len(resolvers)) - for _, resolver := range resolvers { - resolverI = append(resolverI, resolver) - } - return paginate(query.GetPagination(), resolverI, nil) -} diff --git a/central/graphql/resolvers/image_scan_test.go b/central/graphql/resolvers/image_scan_test.go index 802a60619a3bb..1b35f1f1fde62 100644 --- a/central/graphql/resolvers/image_scan_test.go +++ b/central/graphql/resolvers/image_scan_test.go @@ -103,6 +103,11 @@ func (s *ImageScanResolverTestSuite) TestGetImagesWithScan() { Return([]*storage.Image{cloned}, nil) s.imageDataStore.EXPECT().GetImagesBatch(gomock.Any(), gomock.Any()). Return([]*storage.Image{img}, nil) + if features.FlattenCVEData.Enabled() { + s.imageComponentFlatView.EXPECT().Get(gomock.Any(), gomock.Any()).Return(nil, nil) + s.imageComponentDataStoreV2.EXPECT().SearchRawImageComponents(gomock.Any(), gomock.Any()). + Return(nil, nil) + } response := s.schema.Exec(s.ctx, imageWithScanQuery, "getImages", nil) s.Len(response.Errors, 0) } diff --git a/qa-tests-backend/src/test/groovy/VulnScanWithGraphQLTest.groovy b/qa-tests-backend/src/test/groovy/VulnScanWithGraphQLTest.groovy index 8f9fc597002f0..4c0e1663fa6c9 100644 --- a/qa-tests-backend/src/test/groovy/VulnScanWithGraphQLTest.groovy +++ b/qa-tests-backend/src/test/groovy/VulnScanWithGraphQLTest.groovy @@ -40,7 +40,7 @@ class VulnScanWithGraphQLTest extends BaseSpecification { tag } scan { - components { + imageComponents { name layerIndex version @@ -49,7 +49,7 @@ class VulnScanWithGraphQLTest extends BaseSpecification { type url } - vulns { + imageVulnerabilities { cve cvss link @@ -136,8 +136,8 @@ class VulnScanWithGraphQLTest extends BaseSpecification { then: assert resultRet.getValue() != null def image = resultRet.getValue().image - assert image?.scan?.components?.vulns != null - int cve = getCVEs(image.scan.components.vulns) + assert image?.scan?.imageComponents?.imageVulnerabilities != null + int cve = getCVEs(image.scan.imageComponents.imageVulnerabilities) assert cve >= vuln_cve where: "Data inputs are :" diff --git a/ui/apps/platform/src/Containers/ConfigManagement/Entity/ConfigManagementEntityImage.jsx b/ui/apps/platform/src/Containers/ConfigManagement/Entity/ConfigManagementEntityImage.jsx index 582ba922f2265..8fe9a198e7b21 100644 --- a/ui/apps/platform/src/Containers/ConfigManagement/Entity/ConfigManagementEntityImage.jsx +++ b/ui/apps/platform/src/Containers/ConfigManagement/Entity/ConfigManagementEntityImage.jsx @@ -68,11 +68,11 @@ const ConfigManagementEntityImage = ({ tag } scan { - components { + imageComponents { name layerIndex version - vulns { + imageVulnerabilities { cve cvss link @@ -161,9 +161,14 @@ const ConfigManagementEntityImage = ({ layers.forEach((layer, i) => { layers[i].components = []; }); - scan.components.forEach((component) => { + scan.imageComponents.forEach((component) => { if (component.layerIndex !== undefined && layers[component.layerIndex]) { - layers[component.layerIndex].components.push(component); + // Transform imageVulnerabilities to vulns for CVETable compatibility + const transformedComponent = { + ...component, + vulns: component.imageVulnerabilities || [], + }; + layers[component.layerIndex].components.push(transformedComponent); } }); diff --git a/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtEntityImage.jsx b/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtEntityImage.jsx index 2ac84a0d17323..c4b83db70c277 100644 --- a/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtEntityImage.jsx +++ b/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtEntityImage.jsx @@ -67,7 +67,7 @@ const VulnMgmtEntityImage = ({ name } notes - components: imageComponents { + imageComponents { id priority name @@ -75,7 +75,7 @@ const VulnMgmtEntityImage = ({ version source location - vulns: imageVulnerabilities { + imageVulnerabilities { ...cveFields } } diff --git a/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtImageOverview.jsx b/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtImageOverview.jsx index dd32f2760f101..9f8a474df5a7e 100644 --- a/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtImageOverview.jsx +++ b/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtImageOverview.jsx @@ -37,7 +37,7 @@ const emptyImage = { name: {}, priority: 0, scan: { - components: [], + imageComponents: [], }, topVuln: {}, vulnCount: 0, @@ -49,31 +49,35 @@ const VulnMgmtImageOverview = ({ data, entityContext }) => { // guard against incomplete GraphQL-cached data const safeData = { ...emptyImage, ...data }; const { metadata, scan, topVuln, priority, notes } = safeData; - safeData.componentCount = scan?.components?.length || 0; + safeData.componentCount = scan?.imageComponents?.length || 0; - // TODO: replace this hack with feature flag selection of components or imageComponents, - // after `layerIndex` is available on ImageComponent - safeData.imageComponentCount = scan?.components?.length || 0; + // Updated to use imageComponents now that layerIndex is available on ImageComponent + safeData.imageComponentCount = scan?.imageComponents?.length || 0; const layers = metadata ? cloneDeep(metadata.v1.layers) : []; const fixableCves = []; // If we have a scan, then we can try and assume we have layers - if (scan) { + if (scan && scan.imageComponents) { layers.forEach((layer, i) => { layers[i].components = []; layers[i].cvesCount = 0; }); - scan.components.forEach((component) => { - component.vulns.forEach((cve) => { + scan.imageComponents.forEach((component) => { + component.imageVulnerabilities.forEach((cve) => { if (cve.isFixable) { fixableCves.push(cve); } }); if (component.layerIndex !== undefined && layers[component.layerIndex]) { - layers[component.layerIndex].components.push(component); - layers[component.layerIndex].cvesCount += component.vulns.length; + // Transform imageVulnerabilities to vulns for CVETable compatibility + const transformedComponent = { + ...component, + vulns: component.imageVulnerabilities || [], + }; + layers[component.layerIndex].components.push(transformedComponent); + layers[component.layerIndex].cvesCount += component.imageVulnerabilities.length; } }); } diff --git a/ui/apps/platform/src/queries/image.js b/ui/apps/platform/src/queries/image.js index 434dd913edc09..c70cd9e92671d 100644 --- a/ui/apps/platform/src/queries/image.js +++ b/ui/apps/platform/src/queries/image.js @@ -29,11 +29,11 @@ export const IMAGE_FRAGMENT = gql` tag } scan { - components { + imageComponents { name layerIndex version - vulns { + imageVulnerabilities { cve cvss link diff --git a/ui/apps/platform/src/utils/getEntityName.test.js b/ui/apps/platform/src/utils/getEntityName.test.js index c318486563d47..2fe98ec2c5cff 100644 --- a/ui/apps/platform/src/utils/getEntityName.test.js +++ b/ui/apps/platform/src/utils/getEntityName.test.js @@ -163,7 +163,7 @@ describe('getEntityName', () => { component: { id: 'bGlieG1sMg:Mi45LjErZGZzZzEtNStkZWI4dTQ', name: 'libxml2', - __typename: 'EmbeddedImageScanComponent', + __typename: 'ImageComponent', }, }; From 81feecb0b7f61715a7a508f1135221daa893b272 Mon Sep 17 00:00:00 2001 From: David Shrewsberry <99685630+dashrews78@users.noreply.github.com> Date: Thu, 16 Oct 2025 15:22:36 -0400 Subject: [PATCH 3/3] ROX-31174: reverting ID back to index based (#17200) --- .../cve/converter/utils/convert_utils_v2.go | 7 +- .../converter/utils/convert_utils_v2_test.go | 27 +- .../image/v2/datastore/datastore_sac_test.go | 364 +++++++++--------- .../datastore/datastore_impl_postgres_test.go | 15 +- .../image_components_v2_postgres_test.go | 52 +-- .../image_vulnerabilities_v2_test.go | 48 +-- central/graphql/resolvers/test_utils.go | 14 +- central/image/datastore/datastore_impl.go | 16 +- .../datastore_impl_flat_postgres_test.go | 16 +- .../datastore/store/common/v2/parts_test.go | 208 ++++++++-- .../datastore/store/common/v2/split_v2.go | 33 +- .../v2/datastore/datastore_sac_test.go | 17 +- central/risk/manager/manager.go | 18 +- .../scorer/component/image/scorer_test.go | 2 +- central/risk/scorer/component/image_scorer.go | 10 +- .../nodeindex/three_pipelines_test.go | 2 +- .../nodeinventory/two_pipelines_test.go | 2 +- central/views/imagecveflat/view_test.go | 14 +- pkg/cve/cve.go | 12 +- pkg/scancomponent/component_id.go | 20 +- 20 files changed, 491 insertions(+), 406 deletions(-) diff --git a/central/cve/converter/utils/convert_utils_v2.go b/central/cve/converter/utils/convert_utils_v2.go index 9b8f679270822..8b5d31461dbb1 100644 --- a/central/cve/converter/utils/convert_utils_v2.go +++ b/central/cve/converter/utils/convert_utils_v2.go @@ -50,7 +50,7 @@ func ImageCVEV2ToEmbeddedVulnerability(vuln *storage.ImageCVEV2) *storage.Embedd } // EmbeddedVulnerabilityToImageCVEV2 converts *storage.EmbeddedVulnerability object to *storage.ImageCVEV2 object -func EmbeddedVulnerabilityToImageCVEV2(imageID string, componentID string, from *storage.EmbeddedVulnerability) (*storage.ImageCVEV2, error) { +func EmbeddedVulnerabilityToImageCVEV2(imageID string, componentID string, index int, from *storage.EmbeddedVulnerability) (*storage.ImageCVEV2, error) { var nvdCvss float32 nvdVersion := storage.CvssScoreVersion_UNKNOWN_VERSION for _, score := range from.GetCvssMetrics() { @@ -75,10 +75,7 @@ func EmbeddedVulnerabilityToImageCVEV2(imageID string, componentID string, from impactScore = from.GetCvssV2().GetImpactScore() } - cveID, err := cve.IDV2(from, componentID) - if err != nil { - return nil, err - } + cveID := cve.IDV2(from, componentID, index) ret := &storage.ImageCVEV2{ Id: cveID, diff --git a/central/cve/converter/utils/convert_utils_v2_test.go b/central/cve/converter/utils/convert_utils_v2_test.go index fc108f13921f9..0bf10ac6b1f02 100644 --- a/central/cve/converter/utils/convert_utils_v2_test.go +++ b/central/cve/converter/utils/convert_utils_v2_test.go @@ -9,7 +9,6 @@ import ( "github.com/stackrox/rox/pkg/protocompat" "github.com/stackrox/rox/pkg/scancomponent" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) type componentPieces struct { @@ -144,28 +143,24 @@ func TestImageCVEV2ToEmbeddedCVEs(t *testing.T) { func TestEmbeddedCVEToImageCVEV2(t *testing.T) { for idx, embeddedVuln := range testVulns { componentInfo := getComponentInfo(t) - convertedVuln, err := EmbeddedVulnerabilityToImageCVEV2(componentInfo[idx].imageID, componentInfo[idx].componentID, embeddedVuln) + convertedVuln, err := EmbeddedVulnerabilityToImageCVEV2(componentInfo[idx].imageID, componentInfo[idx].componentID, idx, embeddedVuln) assert.NoError(t, err) protoassert.Equal(t, getTestCVEs(t)[idx], convertedVuln) } } -func getTestComponentID(t *testing.T) string { - id, err := scancomponent.ComponentIDV2(testComponent, "sha") - require.NoError(t, err) - return id +func getTestComponentID(index int) string { + return scancomponent.ComponentIDV2(testComponent, "sha", index) } -func getTestCVEID(t *testing.T, testCVE *storage.EmbeddedVulnerability, componentID string) string { - id, err := cve.IDV2(testCVE, componentID) - require.NoError(t, err) - return id +func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string, index int) string { + return cve.IDV2(testCVE, componentID, index) } func getTestCVEs(t *testing.T) []*storage.ImageCVEV2 { return []*storage.ImageCVEV2{ { - Id: getTestCVEID(t, testVulns[0], getTestComponentID(t)), + Id: getTestCVEID(testVulns[0], getTestComponentID(0), 0), ImageId: "sha", CveBaseInfo: &storage.CVEInfo{ Cve: "cve1", @@ -229,10 +224,10 @@ func getTestCVEs(t *testing.T) []*storage.ImageCVEV2 { State: 0, IsFixable: false, HasFixedBy: nil, - ComponentId: getTestComponentID(t), + ComponentId: getTestComponentID(0), }, { - Id: getTestCVEID(t, testVulns[1], getTestComponentID(t)), + Id: getTestCVEID(testVulns[1], getTestComponentID(1), 1), ImageId: "sha", CveBaseInfo: &storage.CVEInfo{ Cve: "cve2", @@ -271,7 +266,7 @@ func getTestCVEs(t *testing.T) []*storage.ImageCVEV2 { HasFixedBy: &storage.ImageCVEV2_FixedBy{ FixedBy: "ver3", }, - ComponentId: getTestComponentID(t), + ComponentId: getTestComponentID(1), }, } } @@ -280,12 +275,12 @@ func getComponentInfo(t *testing.T) []*componentPieces { return []*componentPieces{ { imageID: "sha", - componentID: getTestComponentID(t), + componentID: getTestComponentID(0), cveIndex: 0, }, { imageID: "sha", - componentID: getTestComponentID(t), + componentID: getTestComponentID(1), cveIndex: 1, }, } diff --git a/central/cve/image/v2/datastore/datastore_sac_test.go b/central/cve/image/v2/datastore/datastore_sac_test.go index 92a9afa6734a9..0e7b44e3ba8cf 100644 --- a/central/cve/image/v2/datastore/datastore_sac_test.go +++ b/central/cve/image/v2/datastore/datastore_sac_test.go @@ -54,9 +54,9 @@ func (s *cveV2DataStoreSACTestSuite) SetupSuite() { // operating system information as well. This information is propagated from the image // scan data. // This helper is here to ease testing against the various datastore flavours. -func getImageCVEID(vuln *storage.EmbeddedVulnerability, component *storage.EmbeddedImageScanComponent, imageID string) string { - componentID, _ := scancomponent.ComponentIDV2(component, imageID) - cveID, _ := cve.IDV2(vuln, componentID) +func getImageCVEID(vuln *storage.EmbeddedVulnerability, component *storage.EmbeddedImageScanComponent, imageID string, componentIndex int, cveIndex int) string { + componentID := scancomponent.ComponentIDV2(component, imageID, componentIndex) + cveID := cve.IDV2(vuln, componentID, cveIndex) return cveID } @@ -74,241 +74,241 @@ var ( { contextKey: sacTestUtils.UnrestrictedReadCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): true, }, }, { contextKey: sacTestUtils.UnrestrictedReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): true, }, }, { contextKey: sacTestUtils.Cluster1ReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster1NamespaceAReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster1NamespaceBReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster1NamespacesABReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster1NamespacesBCReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster2ReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): true, }, }, { contextKey: sacTestUtils.Cluster2NamespaceAReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster2NamespaceBReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): true, }, }, { contextKey: sacTestUtils.Cluster2NamespacesACReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster2NamespacesBCReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): true, }, }, { contextKey: sacTestUtils.Cluster3ReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster3NamespaceAReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster3NamespaceBReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster3NamespacesABReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { @@ -317,16 +317,16 @@ var ( // Therefore, it should see all vulnerabilities. // (images are in cluster1 namespaceA and cluster2 namespaceB). expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): true, }, }, } @@ -334,7 +334,7 @@ var ( func (s *cveV2DataStoreSACTestSuite) TestSACImageCVEExistsSingleScopeOnly() { // Inject the fixture graph, and test exists for CVE-1234-0001 - cveID := getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()) + cveID := getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0) s.runImageTest("TestSACImageCVEExistsSingleScopeOnly", func(c cveTestCase) { testCtx := s.imageTestContexts[c.contextKey] exists, err := s.imageCVEStore.Exists(testCtx, cveID) @@ -347,7 +347,7 @@ func (s *cveV2DataStoreSACTestSuite) TestSACImageCVEGetSingleScopeOnly() { // Inject the fixture graph, and test retrieval for CVE-1234-0001 targetCVE := fixtures.GetEmbeddedImageCVE1234x0001() cveName := targetCVE.GetCve() - cveID := getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()) + cveID := getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0) cvss := targetCVE.GetCvss() s.runImageTest("TestSACImageCVEGetSingleScopeOnly", func(c cveTestCase) { testCtx := s.imageTestContexts[c.contextKey] @@ -366,13 +366,13 @@ func (s *cveV2DataStoreSACTestSuite) TestSACImageCVEGetSingleScopeOnly() { func (s *cveV2DataStoreSACTestSuite) TestSACImageCVEGetBatch() { batchCVEs := []string{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()), - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()), - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()), - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()), - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()), - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()), - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()), + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0), + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1), + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0), + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0), + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1), + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1), + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2), } s.runImageTest("TestSACImageCVEGetBatch", func(c cveTestCase) { diff --git a/central/deployment/datastore/datastore_impl_postgres_test.go b/central/deployment/datastore/datastore_impl_postgres_test.go index 06fa095c0a809..8bc4d518a7d01 100644 --- a/central/deployment/datastore/datastore_impl_postgres_test.go +++ b/central/deployment/datastore/datastore_impl_postgres_test.go @@ -83,19 +83,16 @@ func (s *DeploymentPostgresDataStoreTestSuite) TestSearchWithPostgres() { s.NoError(s.deploymentDatastore.UpsertDeployment(ctx, dep2)) s.NoError(s.deploymentDatastore.UpsertDeployment(ctx, dep3)) - componentIDImg2, err := scancomponent.ComponentIDV2( + componentIDImg2 := scancomponent.ComponentIDV2( img2.GetScan().GetComponents()[0], - img2.GetId()) - s.NoError(err) + img2.GetId(), 0) - componentIDImg1, err := scancomponent.ComponentIDV2( + componentIDImg1 := scancomponent.ComponentIDV2( img1.GetScan().GetComponents()[0], - img1.GetId()) - s.NoError(err) - cveID, err := cve.IDV2( + img1.GetId(), 0) + cveID := cve.IDV2( img1.GetScan().GetComponents()[0].GetVulns()[0], - componentIDImg1) - s.NoError(err) + componentIDImg1, 0) for _, tc := range []struct { desc string diff --git a/central/graphql/resolvers/image_components_v2_postgres_test.go b/central/graphql/resolvers/image_components_v2_postgres_test.go index 58f7be947a870..61c6f356b0bcf 100644 --- a/central/graphql/resolvers/image_components_v2_postgres_test.go +++ b/central/graphql/resolvers/image_components_v2_postgres_test.go @@ -362,12 +362,12 @@ func (s *GraphQLImageComponentV2TestSuite) TestImageComponentImageVulnerabilitie "comp1os1", s.componentIDMap[comp11], []string{ - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2018-1", + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2018-1", SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ FixedBy: "1.1", }, Severity: storage.VulnerabilitySeverity_CRITICAL_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp11]), + }, s.componentIDMap[comp11], 0), }, &VulnerabilityCounterResolver{ all: &VulnerabilityFixableCounterResolver{0, 1}, @@ -381,12 +381,12 @@ func (s *GraphQLImageComponentV2TestSuite) TestImageComponentImageVulnerabilitie "comp2os1", s.componentIDMap[comp21], []string{ - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2018-1", + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2018-1", SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ FixedBy: "1.5", }, Severity: storage.VulnerabilitySeverity_CRITICAL_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp21]), + }, s.componentIDMap[comp21], 0), }, &VulnerabilityCounterResolver{ all: &VulnerabilityFixableCounterResolver{0, 1}, @@ -400,14 +400,14 @@ func (s *GraphQLImageComponentV2TestSuite) TestImageComponentImageVulnerabilitie "comp3os1", s.componentIDMap[comp31], []string{ - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-1", + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-1", Cvss: 4, Severity: storage.VulnerabilitySeverity_MODERATE_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp31]), - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-2", + }, s.componentIDMap[comp31], 0), + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-2", Cvss: 3, Severity: storage.VulnerabilitySeverity_LOW_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp31]), + }, s.componentIDMap[comp31], 1), }, &VulnerabilityCounterResolver{ all: &VulnerabilityFixableCounterResolver{0, 0}, @@ -421,12 +421,12 @@ func (s *GraphQLImageComponentV2TestSuite) TestImageComponentImageVulnerabilitie "comp1os2", s.componentIDMap[comp12], []string{ - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2018-1", + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2018-1", SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ FixedBy: "1.1", }, Severity: storage.VulnerabilitySeverity_CRITICAL_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp12]), + }, s.componentIDMap[comp12], 0), }, &VulnerabilityCounterResolver{ all: &VulnerabilityFixableCounterResolver{0, 1}, @@ -440,14 +440,14 @@ func (s *GraphQLImageComponentV2TestSuite) TestImageComponentImageVulnerabilitie "comp3os2", s.componentIDMap[comp32], []string{ - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-1", + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-1", Cvss: 4, Severity: storage.VulnerabilitySeverity_MODERATE_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp32]), - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-2", + }, s.componentIDMap[comp32], 0), + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-2", Cvss: 3, Severity: storage.VulnerabilitySeverity_LOW_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp32]), + }, s.componentIDMap[comp32], 1), }, &VulnerabilityCounterResolver{ all: &VulnerabilityFixableCounterResolver{0, 0}, @@ -461,14 +461,14 @@ func (s *GraphQLImageComponentV2TestSuite) TestImageComponentImageVulnerabilitie "comp4os2", s.componentIDMap[comp42], []string{ - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{ + getTestCVEID(&storage.EmbeddedVulnerability{ Cve: "cve-2017-1", Severity: storage.VulnerabilitySeverity_IMPORTANT_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp42]), - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{ + }, s.componentIDMap[comp42], 0), + getTestCVEID(&storage.EmbeddedVulnerability{ Cve: "cve-2017-2", Severity: storage.VulnerabilitySeverity_IMPORTANT_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp42]), + }, s.componentIDMap[comp42], 1), }, &VulnerabilityCounterResolver{ all: &VulnerabilityFixableCounterResolver{0, 0}, @@ -564,10 +564,10 @@ func (s *GraphQLImageComponentV2TestSuite) TestTopImageVulnerability() { comp := s.getImageComponentResolver(ctx, s.componentIDMap[comp31]) - expectedID := graphql.ID(getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-1", + expectedID := graphql.ID(getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-1", Cvss: 4, Severity: storage.VulnerabilitySeverity_MODERATE_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp31])) + }, s.componentIDMap[comp31], 0)) vuln, err := comp.TopImageVulnerability(ctx) assert.NoError(s.T(), err) @@ -593,11 +593,11 @@ func (s *GraphQLImageComponentV2TestSuite) getImageComponentResolver(ctx context func (s *GraphQLImageComponentV2TestSuite) getComponentIDMap() map[string]string { return map[string]string{ - comp11: getTestComponentID(s.T(), testImages()[0].GetScan().GetComponents()[0], "sha1"), - comp12: getTestComponentID(s.T(), testImages()[1].GetScan().GetComponents()[0], "sha2"), - comp21: getTestComponentID(s.T(), testImages()[0].GetScan().GetComponents()[1], "sha1"), - comp31: getTestComponentID(s.T(), testImages()[0].GetScan().GetComponents()[2], "sha1"), - comp32: getTestComponentID(s.T(), testImages()[1].GetScan().GetComponents()[1], "sha2"), - comp42: getTestComponentID(s.T(), testImages()[1].GetScan().GetComponents()[2], "sha2"), + comp11: getTestComponentID(testImages()[0].GetScan().GetComponents()[0], "sha1", 0), + comp12: getTestComponentID(testImages()[1].GetScan().GetComponents()[0], "sha2", 0), + comp21: getTestComponentID(testImages()[0].GetScan().GetComponents()[1], "sha1", 1), + comp31: getTestComponentID(testImages()[0].GetScan().GetComponents()[2], "sha1", 2), + comp32: getTestComponentID(testImages()[1].GetScan().GetComponents()[1], "sha2", 1), + comp42: getTestComponentID(testImages()[1].GetScan().GetComponents()[2], "sha2", 2), } } diff --git a/central/graphql/resolvers/image_vulnerabilities_v2_test.go b/central/graphql/resolvers/image_vulnerabilities_v2_test.go index 0388c5c49ce46..645ae0ba25966 100644 --- a/central/graphql/resolvers/image_vulnerabilities_v2_test.go +++ b/central/graphql/resolvers/image_vulnerabilities_v2_test.go @@ -718,56 +718,56 @@ func getCVEList(ctx context.Context, vulns []ImageVulnerabilityResolver) []strin func (s *GraphQLImageVulnerabilityV2TestSuite) getIDMap() map[string]string { return map[string]string{ - cve111: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2018-1", + cve111: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2018-1", SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ FixedBy: "1.1", }, Severity: storage.VulnerabilitySeverity_CRITICAL_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp11]), - cve121: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2018-1", + }, s.componentIDMap[comp11], 0), + cve121: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2018-1", SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ FixedBy: "1.5", }, Severity: storage.VulnerabilitySeverity_CRITICAL_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp21]), - cve231: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-1", + }, s.componentIDMap[comp21], 0), + cve231: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-1", Cvss: 4, Severity: storage.VulnerabilitySeverity_MODERATE_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp31]), - cve331: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-2", + }, s.componentIDMap[comp31], 0), + cve331: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-2", Cvss: 3, Severity: storage.VulnerabilitySeverity_LOW_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp31]), - cve112: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2018-1", + }, s.componentIDMap[comp31], 1), + cve112: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2018-1", SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ FixedBy: "1.1", }, Severity: storage.VulnerabilitySeverity_CRITICAL_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp12]), - cve232: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-1", + }, s.componentIDMap[comp12], 0), + cve232: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-1", Severity: storage.VulnerabilitySeverity_MODERATE_VULNERABILITY_SEVERITY, Cvss: 4, - }, s.componentIDMap[comp32]), - cve332: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-2", + }, s.componentIDMap[comp32], 0), + cve332: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-2", Severity: storage.VulnerabilitySeverity_LOW_VULNERABILITY_SEVERITY, Cvss: 3, - }, s.componentIDMap[comp32]), - cve442: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2017-1", + }, s.componentIDMap[comp32], 1), + cve442: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2017-1", Severity: storage.VulnerabilitySeverity_IMPORTANT_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp42]), - cve542: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2017-2", + }, s.componentIDMap[comp42], 0), + cve542: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2017-2", Severity: storage.VulnerabilitySeverity_IMPORTANT_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp42]), + }, s.componentIDMap[comp42], 1), } } func (s *GraphQLImageVulnerabilityV2TestSuite) getComponentIDMap() map[string]string { return map[string]string{ - comp11: getTestComponentID(s.T(), testImages()[0].GetScan().GetComponents()[0], "sha1"), - comp12: getTestComponentID(s.T(), testImages()[1].GetScan().GetComponents()[0], "sha2"), - comp21: getTestComponentID(s.T(), testImages()[0].GetScan().GetComponents()[1], "sha1"), - comp31: getTestComponentID(s.T(), testImages()[0].GetScan().GetComponents()[2], "sha1"), - comp32: getTestComponentID(s.T(), testImages()[1].GetScan().GetComponents()[1], "sha2"), - comp42: getTestComponentID(s.T(), testImages()[1].GetScan().GetComponents()[2], "sha2"), + comp11: getTestComponentID(testImages()[0].GetScan().GetComponents()[0], "sha1", 0), + comp12: getTestComponentID(testImages()[1].GetScan().GetComponents()[0], "sha2", 0), + comp21: getTestComponentID(testImages()[0].GetScan().GetComponents()[1], "sha1", 1), + comp31: getTestComponentID(testImages()[0].GetScan().GetComponents()[2], "sha1", 2), + comp32: getTestComponentID(testImages()[1].GetScan().GetComponents()[1], "sha2", 1), + comp42: getTestComponentID(testImages()[1].GetScan().GetComponents()[2], "sha2", 2), } } diff --git a/central/graphql/resolvers/test_utils.go b/central/graphql/resolvers/test_utils.go index 72d63a9f7b6b6..bf724563c25ec 100644 --- a/central/graphql/resolvers/test_utils.go +++ b/central/graphql/resolvers/test_utils.go @@ -753,16 +753,10 @@ func contextWithClusterPerm(t testing.TB, ctrl *gomock.Controller) context.Conte return authn.ContextWithIdentity(sac.WithAllAccess(loaders.WithLoaderContext(context.Background())), id, t) } -func getTestComponentID(t *testing.T, testComponent *storage.EmbeddedImageScanComponent, imageID string) string { - id, err := scancomponent.ComponentIDV2(testComponent, imageID) - require.NoError(t, err) - - return id +func getTestComponentID(testComponent *storage.EmbeddedImageScanComponent, imageID string, index int) string { + return scancomponent.ComponentIDV2(testComponent, imageID, index) } -func getTestCVEID(t *testing.T, testCVE *storage.EmbeddedVulnerability, componentID string) string { - id, err := cve.IDV2(testCVE, componentID) - require.NoError(t, err) - - return id +func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string, index int) string { + return cve.IDV2(testCVE, componentID, index) } diff --git a/central/image/datastore/datastore_impl.go b/central/image/datastore/datastore_impl.go index b564c7f39a37a..c6f598290265c 100644 --- a/central/image/datastore/datastore_impl.go +++ b/central/image/datastore/datastore_impl.go @@ -334,13 +334,9 @@ func (ds *datastoreImpl) updateListImagePriority(images ...*storage.ListImage) { func (ds *datastoreImpl) updateImagePriority(images ...*storage.Image) { for _, image := range images { image.Priority = ds.imageRanker.GetRankForID(image.GetId()) - for _, component := range image.GetScan().GetComponents() { + for index, component := range image.GetScan().GetComponents() { if features.FlattenCVEData.Enabled() { - componentID, err := scancomponent.ComponentIDV2(component, image.GetId()) - if err != nil { - log.Error(err) - continue - } + componentID := scancomponent.ComponentIDV2(component, image.GetId(), index) component.Priority = ds.imageComponentRanker.GetRankForID(componentID) } else { component.Priority = ds.imageComponentRanker.GetRankForID(scancomponent.ComponentID(component.GetName(), component.GetVersion(), image.GetScan().GetOperatingSystem())) @@ -350,13 +346,9 @@ func (ds *datastoreImpl) updateImagePriority(images ...*storage.Image) { } func (ds *datastoreImpl) updateComponentRisk(image *storage.Image) { - for _, component := range image.GetScan().GetComponents() { + for index, component := range image.GetScan().GetComponents() { if features.FlattenCVEData.Enabled() { - componentID, err := scancomponent.ComponentIDV2(component, image.GetId()) - if err != nil { - log.Error(err) - continue - } + componentID := scancomponent.ComponentIDV2(component, image.GetId(), index) component.RiskScore = ds.imageComponentRanker.GetScoreForID(componentID) } else { component.RiskScore = ds.imageComponentRanker.GetScoreForID(scancomponent.ComponentID(component.GetName(), component.GetVersion(), image.GetScan().GetOperatingSystem())) diff --git a/central/image/datastore/datastore_impl_flat_postgres_test.go b/central/image/datastore/datastore_impl_flat_postgres_test.go index 213fe86078dac..f0380bf0579e1 100644 --- a/central/image/datastore/datastore_impl_flat_postgres_test.go +++ b/central/image/datastore/datastore_impl_flat_postgres_test.go @@ -306,12 +306,12 @@ func (s *ImageFlatPostgresDataStoreTestSuite) TestSortByComponent() { ctx := sac.WithAllAccess(context.Background()) image := fixtures.GetImageWithUniqueComponents(5) componentIDs := make([]string, 0, len(image.GetScan().GetComponents())) - for _, component := range image.GetScan().GetComponents() { - compID, err := scancomponent.ComponentIDV2( + for index, component := range image.GetScan().GetComponents() { + compID := scancomponent.ComponentIDV2( component, image.GetId(), + index, ) - s.NoError(err) componentIDs = append(componentIDs, compID) } @@ -366,12 +366,10 @@ func (s *ImageFlatPostgresDataStoreTestSuite) TestImageDeletes() { testImage.Scan.ScanTime = protocompat.TimestampNow() testImage.Scan.Components = testImage.Scan.Components[:len(testImage.Scan.Components)-1] cveIDsSet := set.NewStringSet() - for _, component := range testImage.GetScan().GetComponents() { - componentID, err := scancomponent.ComponentIDV2(component, testImage.GetId()) - s.NoError(err) - for _, cve := range component.GetVulns() { - cveID, err := pkgCVE.IDV2(cve, componentID) - s.NoError(err) + for compIndex, component := range testImage.GetScan().GetComponents() { + componentID := scancomponent.ComponentIDV2(component, testImage.GetId(), compIndex) + for cveIndex, cve := range component.GetVulns() { + cveID := pkgCVE.IDV2(cve, componentID, cveIndex) cveIDsSet.Add(cveID) } } diff --git a/central/image/datastore/store/common/v2/parts_test.go b/central/image/datastore/store/common/v2/parts_test.go index 1264cafb01b6b..7c1b9e7250e42 100644 --- a/central/image/datastore/store/common/v2/parts_test.go +++ b/central/image/datastore/store/common/v2/parts_test.go @@ -166,13 +166,13 @@ func TestSplitAndMergeImage(t *testing.T) { }, }, SetComponents: &storage.Image_Components{ - Components: 3, + Components: 4, }, SetCves: &storage.Image_Cves{ - Cves: 4, + Cves: 7, }, SetFixable: &storage.Image_FixableCves{ - FixableCves: 2, + FixableCves: 4, }, Scan: &storage.ImageScan{ ScanTime: ts, @@ -292,13 +292,13 @@ func TestSplitAndMergeImage(t *testing.T) { ScanTime: ts, }, SetComponents: &storage.Image_Components{ - Components: 3, + Components: 4, }, SetCves: &storage.Image_Cves{ - Cves: 4, + Cves: 7, }, SetFixable: &storage.Image_FixableCves{ - FixableCves: 2, + FixableCves: 4, }, }, ImageCVEEdges: map[string]*storage.ImageCVEEdge{ @@ -321,7 +321,7 @@ func TestSplitAndMergeImage(t *testing.T) { Version: "ver1", }, ComponentV2: &storage.ImageComponentV2{ - Id: getTestComponentID(testComponents[0], "sha"), + Id: getTestComponentID(testComponents[0], "sha", 0), Name: "comp1", Version: "ver1", ImageId: "sha", @@ -346,7 +346,7 @@ func TestSplitAndMergeImage(t *testing.T) { Version: "ver2", }, ComponentV2: &storage.ImageComponentV2{ - Id: getTestComponentID(testComponents[1], "sha"), + Id: getTestComponentID(testComponents[1], "sha", 1), Name: "comp1", Version: "ver2", ImageId: "sha", @@ -378,7 +378,7 @@ func TestSplitAndMergeImage(t *testing.T) { ImageCveId: cve.ID("cve1", ""), }, CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(testCVEs["cve1comp1"], getTestComponentID(testComponents[1], "sha")), + Id: getTestCVEID(testCVEs["cve1comp1"], getTestComponentID(testComponents[1], "sha", 1), 0), ImageId: "sha", CveBaseInfo: &storage.CVEInfo{ Cve: "cve1", @@ -386,7 +386,7 @@ func TestSplitAndMergeImage(t *testing.T) { }, NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(testComponents[1], "sha"), + ComponentId: getTestComponentID(testComponents[1], "sha", 1), }, }, { @@ -408,7 +408,7 @@ func TestSplitAndMergeImage(t *testing.T) { IsFixable: true, }, CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(testCVEs["cve2comp1"], getTestComponentID(testComponents[1], "sha")), + Id: getTestCVEID(testCVEs["cve2comp1"], getTestComponentID(testComponents[1], "sha", 1), 1), ImageId: "sha", CveBaseInfo: &storage.CVEInfo{ Cve: "cve2", @@ -420,7 +420,41 @@ func TestSplitAndMergeImage(t *testing.T) { }, IsFixable: true, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(testComponents[1], "sha"), + ComponentId: getTestComponentID(testComponents[1], "sha", 1), + }, + }, + { + CVE: &storage.ImageCVE{ + Id: cve.ID("cve2", ""), + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve2", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + }, + Edge: &storage.ComponentCVEEdge{ + Id: pgSearch.IDFromPks([]string{scancomponent.ComponentID("comp1", "ver2", ""), cve.ID("cve2", "")}), + ImageComponentId: scancomponent.ComponentID("comp1", "ver2", ""), + ImageCveId: cve.ID("cve2", ""), + HasFixedBy: &storage.ComponentCVEEdge_FixedBy{ + FixedBy: "ver3", + }, + IsFixable: true, + }, + CVEV2: &storage.ImageCVEV2{ + Id: getTestCVEID(testCVEs["cve2comp1"], getTestComponentID(testComponents[1], "sha", 1), 2), + ImageId: "sha", + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve2", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + HasFixedBy: &storage.ImageCVEV2_FixedBy{ + FixedBy: "ver3", + }, + IsFixable: true, + FirstImageOccurrence: ts, + ComponentId: getTestComponentID(testComponents[1], "sha", 1), }, }, }, @@ -432,7 +466,7 @@ func TestSplitAndMergeImage(t *testing.T) { Version: "ver1", }, ComponentV2: &storage.ImageComponentV2{ - Id: getTestComponentID(testComponents[2], "sha"), + Id: getTestComponentID(testComponents[2], "sha", 2), Name: "comp2", Version: "ver1", ImageId: "sha", @@ -468,7 +502,7 @@ func TestSplitAndMergeImage(t *testing.T) { IsFixable: true, }, CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(testCVEs["cve1comp2"], getTestComponentID(testComponents[2], "sha")), + Id: getTestCVEID(testCVEs["cve1comp2"], getTestComponentID(testComponents[2], "sha", 2), 0), ImageId: "sha", CveBaseInfo: &storage.CVEInfo{ Cve: "cve1", @@ -480,7 +514,7 @@ func TestSplitAndMergeImage(t *testing.T) { }, IsFixable: true, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(testComponents[2], "sha"), + ComponentId: getTestComponentID(testComponents[2], "sha", 2), }, }, { @@ -498,7 +532,7 @@ func TestSplitAndMergeImage(t *testing.T) { ImageCveId: cve.ID("cve2", ""), }, CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(testCVEs["cve2comp2"], getTestComponentID(testComponents[2], "sha")), + Id: getTestCVEID(testCVEs["cve2comp2"], getTestComponentID(testComponents[2], "sha", 2), 1), ImageId: "sha", CveBaseInfo: &storage.CVEInfo{ Cve: "cve2", @@ -506,7 +540,93 @@ func TestSplitAndMergeImage(t *testing.T) { }, NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(testComponents[2], "sha"), + ComponentId: getTestComponentID(testComponents[2], "sha", 2), + }, + }, + }, + }, + { + Component: &storage.ImageComponent{ + Id: scancomponent.ComponentID("comp2", "ver1", ""), + Name: "comp2", + Version: "ver1", + }, + ComponentV2: &storage.ImageComponentV2{ + Id: getTestComponentID(testComponents[2], "sha", 3), + Name: "comp2", + Version: "ver1", + ImageId: "sha", + HasLayerIndex: &storage.ImageComponentV2_LayerIndex{ + LayerIndex: 2, + }, + }, + Edge: &storage.ImageComponentEdge{ + Id: pgSearch.IDFromPks([]string{"sha", scancomponent.ComponentID("comp2", "ver1", "")}), + ImageId: "sha", + ImageComponentId: scancomponent.ComponentID("comp2", "ver1", ""), + HasLayerIndex: &storage.ImageComponentEdge_LayerIndex{ + LayerIndex: 2, + }, + }, + Children: []CVEParts{ + { + CVE: &storage.ImageCVE{ + Id: cve.ID("cve1", ""), + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve1", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + }, + Edge: &storage.ComponentCVEEdge{ + Id: pgSearch.IDFromPks([]string{scancomponent.ComponentID("comp2", "ver1", ""), cve.ID("cve1", "")}), + ImageComponentId: scancomponent.ComponentID("comp2", "ver1", ""), + ImageCveId: cve.ID("cve1", ""), + HasFixedBy: &storage.ComponentCVEEdge_FixedBy{ + FixedBy: "ver2", + }, + IsFixable: true, + }, + CVEV2: &storage.ImageCVEV2{ + Id: getTestCVEID(testCVEs["cve1comp2"], getTestComponentID(testComponents[2], "sha", 3), 0), + ImageId: "sha", + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve1", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + HasFixedBy: &storage.ImageCVEV2_FixedBy{ + FixedBy: "ver2", + }, + IsFixable: true, + FirstImageOccurrence: ts, + ComponentId: getTestComponentID(testComponents[2], "sha", 3), + }, + }, + { + CVE: &storage.ImageCVE{ + Id: cve.ID("cve2", ""), + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve2", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + }, + Edge: &storage.ComponentCVEEdge{ + Id: pgSearch.IDFromPks([]string{scancomponent.ComponentID("comp2", "ver1", ""), cve.ID("cve2", "")}), + ImageComponentId: scancomponent.ComponentID("comp2", "ver1", ""), + ImageCveId: cve.ID("cve2", ""), + }, + CVEV2: &storage.ImageCVEV2{ + Id: getTestCVEID(testCVEs["cve2comp2"], getTestComponentID(testComponents[2], "sha", 3), 1), + ImageId: "sha", + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve2", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + FirstImageOccurrence: ts, + ComponentId: getTestComponentID(testComponents[2], "sha", 3), }, }, }, @@ -558,16 +678,12 @@ func TestSplitAndMergeImage(t *testing.T) { protoassert.Equal(t, dedupedImage(), imageActual) } -func getTestComponentID(testComponent *storage.EmbeddedImageScanComponent, imageID string) string { - id, _ := scancomponent.ComponentIDV2(testComponent, imageID) - - return id +func getTestComponentID(testComponent *storage.EmbeddedImageScanComponent, imageID string, index int) string { + return scancomponent.ComponentIDV2(testComponent, imageID, index) } -func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string) string { - id, _ := cve.IDV2(testCVE, componentID) - - return id +func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string, index int) string { + return cve.IDV2(testCVE, componentID, index) } func dedupedImage() *storage.Image { @@ -582,13 +698,13 @@ func dedupedImage() *storage.Image { }, }, SetComponents: &storage.Image_Components{ - Components: 3, + Components: 4, }, SetCves: &storage.Image_Cves{ - Cves: 4, + Cves: 7, }, SetFixable: &storage.Image_FixableCves{ - FixableCves: 2, + FixableCves: 4, }, Scan: &storage.ImageScan{ ScanTime: ts, @@ -625,6 +741,42 @@ func dedupedImage() *storage.Image { FirstImageOccurrence: ts, FirstSystemOccurrence: ts, }, + { + Cve: "cve2", + VulnerabilityType: storage.EmbeddedVulnerability_IMAGE_VULNERABILITY, + VulnerabilityTypes: []storage.EmbeddedVulnerability_VulnerabilityType{storage.EmbeddedVulnerability_IMAGE_VULNERABILITY}, + SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ + FixedBy: "ver3", + }, + FirstImageOccurrence: ts, + FirstSystemOccurrence: ts, + }, + }, + }, + { + Name: "comp2", + Version: "ver1", + HasLayerIndex: &storage.EmbeddedImageScanComponent_LayerIndex{ + LayerIndex: 2, + }, + Vulns: []*storage.EmbeddedVulnerability{ + { + Cve: "cve1", + VulnerabilityType: storage.EmbeddedVulnerability_IMAGE_VULNERABILITY, + VulnerabilityTypes: []storage.EmbeddedVulnerability_VulnerabilityType{storage.EmbeddedVulnerability_IMAGE_VULNERABILITY}, + SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ + FixedBy: "ver2", + }, + FirstImageOccurrence: ts, + FirstSystemOccurrence: ts, + }, + { + Cve: "cve2", + VulnerabilityType: storage.EmbeddedVulnerability_IMAGE_VULNERABILITY, + VulnerabilityTypes: []storage.EmbeddedVulnerability_VulnerabilityType{storage.EmbeddedVulnerability_IMAGE_VULNERABILITY}, + FirstImageOccurrence: ts, + FirstSystemOccurrence: ts, + }, }, }, { diff --git a/central/image/datastore/store/common/v2/split_v2.go b/central/image/datastore/store/common/v2/split_v2.go index 31c43f17c3969..eae8054f9f72e 100644 --- a/central/image/datastore/store/common/v2/split_v2.go +++ b/central/image/datastore/store/common/v2/split_v2.go @@ -34,21 +34,12 @@ func SplitV2(image *storage.Image, withComponents bool) (ImageParts, error) { func splitComponentsV2(parts ImageParts) ([]ComponentParts, error) { ret := make([]ComponentParts, 0, len(parts.Image.GetScan().GetComponents())) - componentMap := make(map[string]*storage.EmbeddedImageScanComponent) - for _, component := range parts.Image.GetScan().GetComponents() { - generatedComponentV2, err := GenerateImageComponentV2(parts.Image.GetScan().GetOperatingSystem(), parts.Image, component) + for index, component := range parts.Image.GetScan().GetComponents() { + generatedComponentV2, err := GenerateImageComponentV2(parts.Image.GetScan().GetOperatingSystem(), parts.Image, index, component) if err != nil { return nil, err } - // dedupe components within the component - if _, ok := componentMap[generatedComponentV2.GetId()]; ok { - log.Infof("Component %s-%s has already been processed in the image. Skipping...", component.GetName(), component.GetVersion()) - continue - } - - componentMap[generatedComponentV2.GetId()] = component - cves, err := splitCVEsV2(parts.Image.GetId(), generatedComponentV2.GetId(), component) if err != nil { return nil, err @@ -67,21 +58,12 @@ func splitComponentsV2(parts ImageParts) ([]ComponentParts, error) { func splitCVEsV2(imageID string, componentID string, embedded *storage.EmbeddedImageScanComponent) ([]CVEParts, error) { ret := make([]CVEParts, 0, len(embedded.GetVulns())) - cveMap := make(map[string]*storage.EmbeddedVulnerability) - for _, cve := range embedded.GetVulns() { - convertedCVE, err := utils.EmbeddedVulnerabilityToImageCVEV2(imageID, componentID, cve) + for index, cve := range embedded.GetVulns() { + convertedCVE, err := utils.EmbeddedVulnerabilityToImageCVEV2(imageID, componentID, index, cve) if err != nil { return nil, err } - // dedupe CVEs within the component - if _, ok := cveMap[convertedCVE.GetId()]; ok { - log.Infof("CVE %s has already been processed in the image. Skipping...", cve.GetCve()) - continue - } - - cveMap[convertedCVE.GetId()] = cve - cp := CVEParts{ CVEV2: convertedCVE, } @@ -92,11 +74,8 @@ func splitCVEsV2(imageID string, componentID string, embedded *storage.EmbeddedI } // GenerateImageComponentV2 returns top-level image component from embedded component. -func GenerateImageComponentV2(os string, image *storage.Image, from *storage.EmbeddedImageScanComponent) (*storage.ImageComponentV2, error) { - componentID, err := scancomponent.ComponentIDV2(from, image.GetId()) - if err != nil { - return nil, err - } +func GenerateImageComponentV2(os string, image *storage.Image, index int, from *storage.EmbeddedImageScanComponent) (*storage.ImageComponentV2, error) { + componentID := scancomponent.ComponentIDV2(from, image.GetId(), index) ret := &storage.ImageComponentV2{ Id: componentID, diff --git a/central/imagecomponent/v2/datastore/datastore_sac_test.go b/central/imagecomponent/v2/datastore/datastore_sac_test.go index 7aa3129c7dea1..958ee62889f31 100644 --- a/central/imagecomponent/v2/datastore/datastore_sac_test.go +++ b/central/imagecomponent/v2/datastore/datastore_sac_test.go @@ -43,9 +43,8 @@ func (s *componentV2DataStoreSACTestSuite) SetupSuite() { s.imageTestContexts = sacTestUtils.GetNamespaceScopedTestContexts(context.Background(), s.T(), resources.Image) } -func getImageComponentID(component *storage.EmbeddedImageScanComponent, imageID string) string { - componentID, _ := scancomponent.ComponentIDV2(component, imageID) - return componentID +func getImageComponentID(component *storage.EmbeddedImageScanComponent, imageID string, index int) string { + return scancomponent.ComponentIDV2(component, imageID, index) } func (s *componentV2DataStoreSACTestSuite) cleanImageToVulnerabilitiesGraph() { @@ -63,12 +62,12 @@ var ( imageComponent1s2x3 = fixtures.GetEmbeddedImageComponent1s2x3() imageComponent2x4 = fixtures.GetEmbeddedImageComponent2x4() imageComponent2x5 = fixtures.GetEmbeddedImageComponent2x5() - imageComponentID1x1 = getImageComponentID(imageComponent1x1, fixtures.GetImageSherlockHolmes1().GetId()) - imageComponentID1x2 = getImageComponentID(imageComponent1x2, fixtures.GetImageSherlockHolmes1().GetId()) - imageComponentID1s2x3i1 = getImageComponentID(imageComponent1s2x3, fixtures.GetImageSherlockHolmes1().GetId()) - imageComponentID1s2x3i2 = getImageComponentID(imageComponent1s2x3, fixtures.GetImageDoctorJekyll2().GetId()) - imageComponentID2x4 = getImageComponentID(imageComponent2x4, fixtures.GetImageDoctorJekyll2().GetId()) - imageComponentID2x5 = getImageComponentID(imageComponent2x5, fixtures.GetImageDoctorJekyll2().GetId()) + imageComponentID1x1 = getImageComponentID(imageComponent1x1, fixtures.GetImageSherlockHolmes1().GetId(), 0) + imageComponentID1x2 = getImageComponentID(imageComponent1x2, fixtures.GetImageSherlockHolmes1().GetId(), 1) + imageComponentID1s2x3i1 = getImageComponentID(imageComponent1s2x3, fixtures.GetImageSherlockHolmes1().GetId(), 2) + imageComponentID1s2x3i2 = getImageComponentID(imageComponent1s2x3, fixtures.GetImageDoctorJekyll2().GetId(), 0) + imageComponentID2x4 = getImageComponentID(imageComponent2x4, fixtures.GetImageDoctorJekyll2().GetId(), 1) + imageComponentID2x5 = getImageComponentID(imageComponent2x5, fixtures.GetImageDoctorJekyll2().GetId(), 2) imageComponentTestCases = []componentTestCase{ { diff --git a/central/risk/manager/manager.go b/central/risk/manager/manager.go index 2593e5f7a7772..f50b336237ffc 100644 --- a/central/risk/manager/manager.go +++ b/central/risk/manager/manager.go @@ -211,8 +211,8 @@ func (e *managerImpl) calculateAndUpsertImageRisk(image *storage.Image) error { } // We want to compute and store risk for image components when image risk is reprocessed. - for _, component := range image.GetScan().GetComponents() { - e.reprocessImageComponentRisk(component, image.GetScan().GetOperatingSystem(), image.GetId()) + for index, component := range image.GetScan().GetComponents() { + e.reprocessImageComponentRisk(component, image.GetScan().GetOperatingSystem(), image.GetId(), index) } image.RiskScore = risk.Score @@ -284,16 +284,22 @@ func scannedByScannerV4(img *storage.Image) bool { // reprocessImageComponentRisk will reprocess risk of image components and save the results. // Image Component ID is generated as : -func (e *managerImpl) reprocessImageComponentRisk(imageComponent *storage.EmbeddedImageScanComponent, os string, imageID string) { +func (e *managerImpl) reprocessImageComponentRisk(imageComponent *storage.EmbeddedImageScanComponent, os string, imageID string, componentIndex int) { defer metrics.ObserveRiskProcessingDuration(time.Now(), "ImageComponent") - risk := e.imageComponentScorer.Score(allAccessCtx, scancomponent.NewFromImageComponent(imageComponent), os, imageComponent, imageID) + risk := e.imageComponentScorer.Score(allAccessCtx, scancomponent.NewFromImageComponent(imageComponent), os, imageComponent, imageID, componentIndex) if risk == nil { return } - oldScore := e.imageComponentRanker.GetScoreForID( - scancomponent.ComponentID(imageComponent.GetName(), imageComponent.GetVersion(), os)) + var oldScore float32 + if features.FlattenCVEData.Enabled() { + oldScore = e.imageComponentRanker.GetScoreForID( + scancomponent.ComponentIDV2(imageComponent, imageID, componentIndex)) + } else { + oldScore = e.imageComponentRanker.GetScoreForID( + scancomponent.ComponentID(imageComponent.GetName(), imageComponent.GetVersion(), os)) + } // Image component risk results are currently unused so if the score is the same then no need to upsert if risk.GetScore() == oldScore { diff --git a/central/risk/scorer/component/image/scorer_test.go b/central/risk/scorer/component/image/scorer_test.go index 4ec969c5c5655..cc89914991fba 100644 --- a/central/risk/scorer/component/image/scorer_test.go +++ b/central/risk/scorer/component/image/scorer_test.go @@ -36,7 +36,7 @@ func TestScore(t *testing.T) { }, } - actualRisk := scorer.Score(ctx, scancomponent.NewFromImageComponent(imageComponent), "", imageComponent, pkgScorer.GetMockImage().GetId()) + actualRisk := scorer.Score(ctx, scancomponent.NewFromImageComponent(imageComponent), "", imageComponent, pkgScorer.GetMockImage().GetId(), 0) protoassert.SlicesEqual(t, expectedRiskResults, actualRisk.GetResults()) assert.InDelta(t, expectedRiskScore, actualRisk.GetScore(), 0.0001) diff --git a/central/risk/scorer/component/image_scorer.go b/central/risk/scorer/component/image_scorer.go index 2ef2be40d81e6..2c5216b2ad447 100644 --- a/central/risk/scorer/component/image_scorer.go +++ b/central/risk/scorer/component/image_scorer.go @@ -12,7 +12,7 @@ import ( // Scorer is the object that encompasses the multipliers for evaluating component risk type ImageScorer interface { - Score(ctx context.Context, component scancomponent.ScanComponent, os string, imageComponent *storage.EmbeddedImageScanComponent, imageID string) *storage.Risk + Score(ctx context.Context, component scancomponent.ScanComponent, os string, imageComponent *storage.EmbeddedImageScanComponent, imageID string, index int) *storage.Risk } // NewComponentScorer returns a new scorer that encompasses multipliers for evaluating component risk @@ -31,7 +31,7 @@ type componentImageScorerImpl struct { } // Score takes a component and evaluates its risk -func (s *componentImageScorerImpl) Score(ctx context.Context, scanComponent scancomponent.ScanComponent, os string, imageComponent *storage.EmbeddedImageScanComponent, imageID string) *storage.Risk { +func (s *componentImageScorerImpl) Score(ctx context.Context, scanComponent scancomponent.ScanComponent, os string, imageComponent *storage.EmbeddedImageScanComponent, imageID string, index int) *storage.Risk { riskResults := make([]*storage.Risk_Result, 0, len(s.ConfiguredMultipliers)) overallScore := float32(1.0) for _, mult := range s.ConfiguredMultipliers { @@ -47,11 +47,7 @@ func (s *componentImageScorerImpl) Score(ctx context.Context, scanComponent scan var componentID string var err error if features.FlattenCVEData.Enabled() { - componentID, err = scancomponent.ComponentIDV2(imageComponent, imageID) - if err != nil { - log.Errorf("Unable to score %s: %v", scanComponent.GetName(), err) - return nil - } + componentID = scancomponent.ComponentIDV2(imageComponent, imageID, index) } else { componentID = scancomponent.ComponentID(scanComponent.GetName(), scanComponent.GetVersion(), os) } diff --git a/central/sensor/service/pipeline/nodeindex/three_pipelines_test.go b/central/sensor/service/pipeline/nodeindex/three_pipelines_test.go index 144ab58c54e11..557cd2f086d5e 100644 --- a/central/sensor/service/pipeline/nodeindex/three_pipelines_test.go +++ b/central/sensor/service/pipeline/nodeindex/three_pipelines_test.go @@ -603,7 +603,7 @@ func (m *mockComponentScorer) Score(_ context.Context, _ scancomponent.ScanCompo type mockImageComponentScorer struct{} -func (m *mockImageComponentScorer) Score(_ context.Context, _ scancomponent.ScanComponent, _ string, _ *storage.EmbeddedImageScanComponent, _ string) *storage.Risk { +func (m *mockImageComponentScorer) Score(_ context.Context, _ scancomponent.ScanComponent, _ string, _ *storage.EmbeddedImageScanComponent, _ string, _ int) *storage.Risk { return getDummyRisk() } diff --git a/central/sensor/service/pipeline/nodeinventory/two_pipelines_test.go b/central/sensor/service/pipeline/nodeinventory/two_pipelines_test.go index 800a220a760b0..78d3bd17a72af 100644 --- a/central/sensor/service/pipeline/nodeinventory/two_pipelines_test.go +++ b/central/sensor/service/pipeline/nodeinventory/two_pipelines_test.go @@ -385,7 +385,7 @@ func (m *mockComponentScorer) Score(_ context.Context, _ scancomponent.ScanCompo type mockImageComponentScorer struct{} -func (m *mockImageComponentScorer) Score(_ context.Context, _ scancomponent.ScanComponent, _ string, _ *storage.EmbeddedImageScanComponent, _ string) *storage.Risk { +func (m *mockImageComponentScorer) Score(_ context.Context, _ scancomponent.ScanComponent, _ string, _ *storage.EmbeddedImageScanComponent, _ string, _ int) *storage.Risk { return getDummyRisk() } diff --git a/central/views/imagecveflat/view_test.go b/central/views/imagecveflat/view_test.go index c7b4c2fa6e532..ba7b9aac600c3 100644 --- a/central/views/imagecveflat/view_test.go +++ b/central/views/imagecveflat/view_test.go @@ -525,7 +525,7 @@ func (s *ImageCVEFlatViewTestSuite) testCases() []testCase { Source: storage.SourceType_OS, Location: "", Architecture: "", - }, "sha256:05dd8ed5c76ad3c9f06481770828cf17b8c89f1e406c91d548426dd70fe94560"))}, + }, "sha256:05dd8ed5c76ad3c9f06481770828cf17b8c89f1e406c91d548426dd70fe94560", 0), 0)}, Level: v1.SearchCategory_IMAGE_VULNERABILITIES, }, }), @@ -904,16 +904,12 @@ func standardizeImages(images ...*storage.Image) { } } -func getTestComponentID(testComponent *storage.EmbeddedImageScanComponent, imageID string) string { - id, _ := scancomponent.ComponentIDV2(testComponent, imageID) - - return id +func getTestComponentID(testComponent *storage.EmbeddedImageScanComponent, imageID string, index int) string { + return scancomponent.ComponentIDV2(testComponent, imageID, index) } -func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string) string { - id, _ := cve.IDV2(testCVE, componentID) - - return id +func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string, index int) string { + return cve.IDV2(testCVE, componentID, index) } func getTestCVE() *storage.EmbeddedVulnerability { diff --git a/pkg/cve/cve.go b/pkg/cve/cve.go index 7af6609c77bdd..32086230d5ba3 100644 --- a/pkg/cve/cve.go +++ b/pkg/cve/cve.go @@ -3,7 +3,6 @@ package cve import ( "strconv" - "github.com/mitchellh/hashstructure/v2" "github.com/stackrox/rox/generated/storage" pgSearch "github.com/stackrox/rox/pkg/search/postgres" ) @@ -25,13 +24,10 @@ func ID(cve, os string) string { } // IDV2 creates a CVE ID from the given cve name, component id and index of CVE within the component. -func IDV2(cve *storage.EmbeddedVulnerability, componentID string) (string, error) { - hash, err := hashstructure.Hash(cve, hashstructure.FormatV2, &hashstructure.HashOptions{ZeroNil: true}) - if err != nil { - return "", err - } - - return pgSearch.IDFromPks([]string{cve.GetCve(), strconv.FormatUint(hash, 10), componentID}), nil +func IDV2(cve *storage.EmbeddedVulnerability, componentID string, index int) string { + // The index it occurs in the component list is sufficient for uniqueness. We do not need to be able to + // rebuild this ID at query time from an embedded object. + return pgSearch.IDFromPks([]string{cve.GetCve(), strconv.Itoa(index), componentID}) } // IDToParts return the CVE ID parts—cve and operating system. diff --git a/pkg/scancomponent/component_id.go b/pkg/scancomponent/component_id.go index 33cc3caff91b0..063389ea8c100 100644 --- a/pkg/scancomponent/component_id.go +++ b/pkg/scancomponent/component_id.go @@ -3,7 +3,6 @@ package scancomponent import ( "strconv" - "github.com/mitchellh/hashstructure/v2" "github.com/stackrox/rox/generated/storage" pgSearch "github.com/stackrox/rox/pkg/search/postgres" ) @@ -14,19 +13,8 @@ func ComponentID(name, version, os string) string { } // ComponentIDV2 creates a component ID from the given name and version and architecture and imageID. -func ComponentIDV2(component *storage.EmbeddedImageScanComponent, imageID string) (string, error) { - // A little future proofing here. Just hashing the component to ensure uniqueness. If a field is added, the data - // will be replaced anyway. We just need to ensure uniqueness within the scan since we tack on the imageID. - // We must make a clone of the incoming object to use in our hash. The `SetTopCvss` must be set to nil before hashing - // as that is added by the enricher and may vary. So we want to ignore it. Since it is - // a oneof we cannot simply flag it as ignore in the proto, sadly. - clonedComponent := component.CloneVT() - clonedComponent.SetTopCvss = nil - - hash, err := hashstructure.Hash(clonedComponent, hashstructure.FormatV2, &hashstructure.HashOptions{ZeroNil: true}) - if err != nil { - return "", err - } - - return pgSearch.IDFromPks([]string{component.GetName(), strconv.FormatUint(hash, 10), imageID}), nil +func ComponentIDV2(component *storage.EmbeddedImageScanComponent, imageID string, index int) string { + // The index it occurs in the component list is sufficient for uniqueness. We do not need to be able to + // rebuild this ID at query time from an embedded object. Which is why we were forced to use a hash before. + return pgSearch.IDFromPks([]string{component.GetName(), strconv.Itoa(index), imageID}) }