From 068ae006fe9ff2ea0f15b3eb395f868fb2d739ec Mon Sep 17 00:00:00 2001 From: MinerYang Date: Fri, 10 May 2024 17:17:47 +0800 Subject: [PATCH 1/2] Update scan job request log for enabled_capabilities (#20414) update scan job request log Signed-off-by: yminer --- src/pkg/scan/job.go | 1 + 1 file changed, 1 insertion(+) diff --git a/src/pkg/scan/job.go b/src/pkg/scan/job.go index 171e0c307429..c386628724c7 100644 --- a/src/pkg/scan/job.go +++ b/src/pkg/scan/job.go @@ -419,6 +419,7 @@ func removeScanAuthInfo(sr *v1.ScanRequest) string { URL: sr.Registry.URL, Authorization: "[HIDDEN]", }, + RequestType: sr.RequestType, } str, err := req.ToJSON() From 65e266fecf7001f32018e2ef9878d620520e4ba4 Mon Sep 17 00:00:00 2001 From: Wang Yan Date: Mon, 13 May 2024 14:44:51 +0800 Subject: [PATCH 2/2] fix issue 20407 (#20416) fixes #20407 It needs to specify the insecure option on parsing the reference Signed-off-by: wang yan --- src/pkg/scan/rest/v1/models.go | 2 ++ src/pkg/scan/sbom/sbom.go | 13 +++++++------ src/pkg/scan/sbom/sbom_test.go | 4 ++-- src/pkg/scan/util.go | 3 +++ 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/src/pkg/scan/rest/v1/models.go b/src/pkg/scan/rest/v1/models.go index 9c25c16ea76e..06e6fb0a1c77 100644 --- a/src/pkg/scan/rest/v1/models.go +++ b/src/pkg/scan/rest/v1/models.go @@ -206,6 +206,8 @@ type Registry struct { // An optional value of the HTTP Authorization header sent with each request to the Docker Registry for getting or exchanging token. // For example, `Basic: Base64(username:password)`. Authorization string `json:"authorization"` + // Insecure is an indicator of https or http. + Insecure bool `json:"insecure"` } // ScanRequest represents a structure that is sent to a Scanner Adapter to initiate artifact scanning. diff --git a/src/pkg/scan/sbom/sbom.go b/src/pkg/scan/sbom/sbom.go index f8e6d2e43e8a..9a819d1236ff 100644 --- a/src/pkg/scan/sbom/sbom.go +++ b/src/pkg/scan/sbom/sbom.go @@ -43,13 +43,13 @@ const ( ) func init() { - scan.RegisterScanHanlder(v1.ScanTypeSbom, &scanHandler{GenAccessoryFunc: scan.GenAccessoryArt, RegistryServer: registryFQDN}) + scan.RegisterScanHanlder(v1.ScanTypeSbom, &scanHandler{GenAccessoryFunc: scan.GenAccessoryArt, RegistryServer: registry}) } // ScanHandler defines the Handler to generate sbom type scanHandler struct { GenAccessoryFunc func(scanRep v1.ScanRequest, sbomContent []byte, labels map[string]string, mediaType string, robot *model.Robot) (string, error) - RegistryServer func(ctx context.Context) string + RegistryServer func(ctx context.Context) (string, bool) } // RequestProducesMineTypes defines the mine types produced by the scan handler @@ -96,7 +96,7 @@ func (v *scanHandler) PostScan(ctx job.Context, sr *v1.ScanRequest, _ *scanModel Artifact: sr.Artifact, } // the registry server url is core by default, need to replace it with real registry server url - scanReq.Registry.URL = v.RegistryServer(ctx.SystemContext()) + scanReq.Registry.URL, scanReq.Registry.Insecure = v.RegistryServer(ctx.SystemContext()) if len(scanReq.Registry.URL) == 0 { return "", fmt.Errorf("empty registry server") } @@ -139,15 +139,16 @@ func (v *scanHandler) generateReport(startTime time.Time, repository, digest, st } // extract server name from config, and remove the protocol prefix -func registryFQDN(ctx context.Context) string { +func registry(ctx context.Context) (string, bool) { cfgMgr, ok := config.FromContext(ctx) if ok { extURL := cfgMgr.Get(context.Background(), common.ExtEndpoint).GetString() + insecure := strings.HasPrefix(extURL, "http://") server := strings.TrimPrefix(extURL, "https://") server = strings.TrimPrefix(server, "http://") - return server + return server, insecure } - return "" + return "", false } // retrieveSBOMContent retrieves the "sbom" field from the raw report diff --git a/src/pkg/scan/sbom/sbom_test.go b/src/pkg/scan/sbom/sbom_test.go index cf56b3bbb689..c1e0cd9721c5 100644 --- a/src/pkg/scan/sbom/sbom_test.go +++ b/src/pkg/scan/sbom/sbom_test.go @@ -89,8 +89,8 @@ func Test_scanHandler_RequestProducesMineTypes(t *testing.T) { } } -func mockGetRegistry(ctx context.Context) string { - return "myharbor.example.com" +func mockGetRegistry(ctx context.Context) (string, bool) { + return "myharbor.example.com", false } func mockGenAccessory(scanRep v1.ScanRequest, sbomContent []byte, labels map[string]string, mediaType string, robot *model.Robot) (string, error) { diff --git a/src/pkg/scan/util.go b/src/pkg/scan/util.go index efec3eb61360..e66e657f403e 100644 --- a/src/pkg/scan/util.go +++ b/src/pkg/scan/util.go @@ -86,6 +86,9 @@ func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[str return "", err } accRef, err := name.ParseReference(fmt.Sprintf("%s/%s@%s", sq.Registry.URL, sq.Artifact.Repository, dgst.String())) + if sq.Registry.Insecure { + accRef, err = name.ParseReference(fmt.Sprintf("%s/%s@%s", sq.Registry.URL, sq.Artifact.Repository, dgst.String()), name.Insecure) + } if err != nil { return "", err }