From af1d257730422d238871beb674767f8f83c5d06a Mon Sep 17 00:00:00 2001
From: Bob Callaway <bobcallaway@users.noreply.github.com>
Date: Tue, 3 Sep 2024 01:47:21 -0400
Subject: [PATCH] feat(sbom): set User-Agent header on requests to Rekor
 (#7396)

Signed-off-by: Bob Callaway <bcallaway@google.com>
---
 go.mod                   |  4 ++--
 pkg/rekor/client.go      | 15 +++++----------
 pkg/rekor/client_test.go |  7 +++++++
 3 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index 844135ff79f8..2e8f5c7ad25c 100644
--- a/go.mod
+++ b/go.mod
@@ -47,8 +47,8 @@ require (
 	github.com/docker/go-connections v0.5.0
 	github.com/fatih/color v1.17.0
 	github.com/go-git/go-git/v5 v5.12.0
-	github.com/go-openapi/runtime v0.28.0
-	github.com/go-openapi/strfmt v0.23.0
+	github.com/go-openapi/runtime v0.28.0 // indirect
+	github.com/go-openapi/strfmt v0.23.0 // indirect
 	github.com/go-redis/redis/v8 v8.11.5
 	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/google/go-containerregistry v0.20.2
diff --git a/pkg/rekor/client.go b/pkg/rekor/client.go
index d748166d6d7f..c6390f9679db 100644
--- a/pkg/rekor/client.go
+++ b/pkg/rekor/client.go
@@ -2,11 +2,10 @@ package rekor
 
 import (
 	"context"
-	"net/url"
+	"fmt"
 	"slices"
 
-	httptransport "github.com/go-openapi/runtime/client"
-	"github.com/go-openapi/strfmt"
+	pkgclient "github.com/sigstore/rekor/pkg/client"
 	"github.com/sigstore/rekor/pkg/generated/client"
 	eclient "github.com/sigstore/rekor/pkg/generated/client/entries"
 	"github.com/sigstore/rekor/pkg/generated/client/index"
@@ -14,6 +13,7 @@ import (
 	"golang.org/x/xerrors"
 
 	"github.com/aquasecurity/trivy/pkg/log"
+	"github.com/aquasecurity/trivy/pkg/version/app"
 )
 
 const (
@@ -64,15 +64,10 @@ type Client struct {
 }
 
 func NewClient(rekorURL string) (*Client, error) {
-	u, err := url.Parse(rekorURL)
+	c, err := pkgclient.GetRekorClient(rekorURL, pkgclient.WithUserAgent(fmt.Sprintf("trivy/%s", app.Version())))
 	if err != nil {
-		return nil, xerrors.Errorf("failed to parse url: %w", err)
+		return nil, xerrors.Errorf("failed to create rekor client: %w", err)
 	}
-
-	c := client.New(
-		httptransport.New(u.Host, client.DefaultBasePath, []string{u.Scheme}),
-		strfmt.Default,
-	)
 	return &Client{Rekor: c}, nil
 }
 
diff --git a/pkg/rekor/client_test.go b/pkg/rekor/client_test.go
index 9ea48d657cc5..f9390122fbf0 100644
--- a/pkg/rekor/client_test.go
+++ b/pkg/rekor/client_test.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"net/http"
 	"net/http/httptest"
+	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -56,6 +57,9 @@ func TestClient_Search(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				if !strings.HasPrefix(r.UserAgent(), "trivy/") {
+					t.Fatalf("User-Agent header was not specified")
+				}
 				http.ServeFile(w, r, tt.mockResponseFile)
 				return
 			}))
@@ -148,6 +152,9 @@ func TestClient_GetEntries(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				if !strings.HasPrefix(r.UserAgent(), "trivy/") {
+					t.Fatalf("User-Agent header was not specified")
+				}
 				http.ServeFile(w, r, tt.mockResponseFile)
 				return
 			}))