Skip to content

Commit

Permalink
fix: sbom secret size limit
Browse files Browse the repository at this point in the history 
Signed-off-by: chenk <hen.keinan@gmail.com>
  • Loading branch information
@chen-keinan
chen-keinan committed Dec 7, 2023
1 parent fc9412c commit 100b369
Show file tree
Hide file tree
Showing 2 changed files with 298 additions and 0 deletions.
44 changes: 44 additions & 0 deletions pkg/vulnerabilityreport/controller/helper_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
package controller

import (
"encoding/json"
"github.com/aquasecurity/trivy-operator/pkg/apis/aquasecurity/v1alpha1"
"github.com/stretchr/testify/assert"
"os"
"testing"
)

func TestIsSbomExceededSecretSizeLimit(t *testing.T) {
testCases := []struct {
name string
bomFilePath string
size int
want bool
}{
{
name: "bom with valid size",
bomFilePath: "./testdata/sbom.json",
size: 5000,
want: false,
},
{
name: "bom with bad size",
bomFilePath: "./testdata/sbom.json",
size: 4900,
want: true,
},
}

for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
b, err := os.ReadFile(tc.bomFilePath)
assert.NoError(t, err)
var sbom v1alpha1.ClusterSbomReport
err = json.Unmarshal(b, &sbom)
assert.NoError(t, err)
got := isSbomExceededSecretSizeLimit(sbom.Report.Bom, tc.size)
assert.Equal(t, tc.want, got)

})
}
}
254 changes: 254 additions & 0 deletions pkg/vulnerabilityreport/controller/testdata/sbom.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,254 @@
{
"apiVersion": "aquasecurity.github.io/v1alpha1",
"kind": "ClusterSbomReport",
"metadata": {
"annotations": {
"trivy-operator.aquasecurity.github.io/report-ttl": "120h0m0s"
},
"creationTimestamp": "2023-12-07T11:55:24Z",
"generation": 1,
"labels": {
"resource-image-id": "5ccdbfb7c6"
},
"name": "5ccdbfb7c6",
"resourceVersion": "898",
"uid": "d78ec67b-67c7-4939-825e-337668a1bc24"
},
"report": {
"artifact": {
"digest": "sha256:a4183b88f6e65972c4b176b43ca59de31868635a7e43805f4c6e26203de1742f",
"repository": "kube-scheduler",
"tag": "v1.21.1"
},
"components": {
"bomFormat": "CycloneDX",
"components": [
{
"bom-ref": "1de40114-83f9-4983-8ca3-c31014cd393a",
"name": "debian",
"properties": [
{
"name": "aquasecurity:trivy:Class",
"value": "os-pkgs"
},
{
"name": "aquasecurity:trivy:Type",
"value": "debian"
}
],
"supplier": {},
"type": "operating-system",
"version": "10.9"
},
{
"bom-ref": "pkg:deb/debian/base-files@10.3%2Bdeb10u9?arch=amd64\u0026distro=debian-10.9",
"licenses": [
{
"license": {
"name": "GPL-3.0"
}
}
],
"name": "base-files",
"properties": [
{
"name": "aquasecurity:trivy:LayerDiffID",
"value": "sha256:417cb9b79adeec55f58b890dc9831e252e3523d8de5fd28b4ee2abb151b7dc8b"
},
{
"name": "aquasecurity:trivy:LayerDigest",
"value": "sha256:5dea5ec2316d4a067b946b15c3c4f140b4f2ad607e73e9bc41b673ee5ebb99a3"
},
{
"name": "aquasecurity:trivy:PkgID",
"value": "base-files@10.3+deb10u9"
},
{
"name": "aquasecurity:trivy:PkgType",
"value": "debian"
},
{
"name": "aquasecurity:trivy:SrcName",
"value": "base-files"
},
{
"name": "aquasecurity:trivy:SrcVersion",
"value": "10.3+deb10u9"
}
],
"purl": "pkg:deb/debian/base-files@10.3%2Bdeb10u9?arch=amd64\u0026distro=debian-10.9",
"supplier": {
"name": "Santiago Vila \u003csanvila@debian.org\u003e"
},
"type": "library",
"version": "10.3+deb10u9"
},
{
"bom-ref": "pkg:deb/debian/netbase@5.6?arch=all\u0026distro=debian-10.9",
"licenses": [
{
"license": {
"name": "GPL-2.0"
}
}
],
"name": "netbase",
"properties": [
{
"name": "aquasecurity:trivy:LayerDiffID",
"value": "sha256:417cb9b79adeec55f58b890dc9831e252e3523d8de5fd28b4ee2abb151b7dc8b"
},
{
"name": "aquasecurity:trivy:LayerDigest",
"value": "sha256:5dea5ec2316d4a067b946b15c3c4f140b4f2ad607e73e9bc41b673ee5ebb99a3"
},
{
"name": "aquasecurity:trivy:PkgID",
"value": "netbase@5.6"
},
{
"name": "aquasecurity:trivy:PkgType",
"value": "debian"
},
{
"name": "aquasecurity:trivy:SrcName",
"value": "netbase"
},
{
"name": "aquasecurity:trivy:SrcVersion",
"value": "5.6"
}
],
"purl": "pkg:deb/debian/netbase@5.6?arch=all\u0026distro=debian-10.9",
"supplier": {
"name": "Marco d'Itri \u003cmd@linux.it\u003e"
},
"type": "library",
"version": "5.6"
},
{
"bom-ref": "pkg:deb/debian/tzdata@2021a-0%2Bdeb10u1?arch=all\u0026distro=debian-10.9",
"name": "tzdata",
"properties": [
{
"name": "aquasecurity:trivy:LayerDiffID",
"value": "sha256:417cb9b79adeec55f58b890dc9831e252e3523d8de5fd28b4ee2abb151b7dc8b"
},
{
"name": "aquasecurity:trivy:LayerDigest",
"value": "sha256:5dea5ec2316d4a067b946b15c3c4f140b4f2ad607e73e9bc41b673ee5ebb99a3"
},
{
"name": "aquasecurity:trivy:PkgID",
"value": "tzdata@2021a-0+deb10u1"
},
{
"name": "aquasecurity:trivy:PkgType",
"value": "debian"
},
{
"name": "aquasecurity:trivy:SrcName",
"value": "tzdata"
},
{
"name": "aquasecurity:trivy:SrcRelease",
"value": "0+deb10u1"
},
{
"name": "aquasecurity:trivy:SrcVersion",
"value": "2021a"
}
],
"purl": "pkg:deb/debian/tzdata@2021a-0%2Bdeb10u1?arch=all\u0026distro=debian-10.9",
"supplier": {
"name": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e"
},
"type": "library",
"version": "2021a-0+deb10u1"
}
],
"dependencies": [
{
"dependsOn": [
"pkg:deb/debian/base-files@10.3%2Bdeb10u9?arch=amd64\u0026distro=debian-10.9",
"pkg:deb/debian/netbase@5.6?arch=all\u0026distro=debian-10.9",
"pkg:deb/debian/tzdata@2021a-0%2Bdeb10u1?arch=all\u0026distro=debian-10.9"
],
"ref": "1de40114-83f9-4983-8ca3-c31014cd393a"
},
{
"dependsOn": [],
"ref": "pkg:deb/debian/base-files@10.3%2Bdeb10u9?arch=amd64\u0026distro=debian-10.9"
},
{
"dependsOn": [],
"ref": "pkg:deb/debian/netbase@5.6?arch=all\u0026distro=debian-10.9"
},
{
"dependsOn": [],
"ref": "pkg:deb/debian/tzdata@2021a-0%2Bdeb10u1?arch=all\u0026distro=debian-10.9"
},
{
"dependsOn": [
"1de40114-83f9-4983-8ca3-c31014cd393a"
],
"ref": "pkg:oci/kube-scheduler@sha256%3Aa8c4084db3b381f0806ea563c7ec842cc3604c57722a916c91fb59b00ff67d63?arch=amd64\u0026repository_url=k8s.gcr.io%2Fkube-scheduler"
}
],
"metadata": {
"component": {
"bom-ref": "pkg:oci/kube-scheduler@sha256%3Aa8c4084db3b381f0806ea563c7ec842cc3604c57722a916c91fb59b00ff67d63?arch=amd64\u0026repository_url=k8s.gcr.io%2Fkube-scheduler",
"name": "k8s.gcr.io/kube-scheduler:v1.21.1",
"properties": [
{
"name": "aquasecurity:trivy:DiffID",
"value": "sha256:417cb9b79adeec55f58b890dc9831e252e3523d8de5fd28b4ee2abb151b7dc8b,sha256:b50131762317bbe47def2d426d5c78a353a08b966d36bed4a04aee99dde4e12b,sha256:077075ef272387d39052301c630012e134f13efda231eae8cbd2d227b661a326"
},
{
"name": "aquasecurity:trivy:ImageID",
"value": "sha256:a4183b88f6e65972c4b176b43ca59de31868635a7e43805f4c6e26203de1742f"
},
{
"name": "aquasecurity:trivy:RepoDigest",
"value": "k8s.gcr.io/kube-scheduler@sha256:a8c4084db3b381f0806ea563c7ec842cc3604c57722a916c91fb59b00ff67d63"
},
{
"name": "aquasecurity:trivy:RepoTag",
"value": "k8s.gcr.io/kube-scheduler:v1.21.1"
},
{
"name": "aquasecurity:trivy:SchemaVersion",
"value": "2"
}
],
"purl": "pkg:oci/kube-scheduler@sha256%3Aa8c4084db3b381f0806ea563c7ec842cc3604c57722a916c91fb59b00ff67d63?arch=amd64\u0026repository_url=k8s.gcr.io%2Fkube-scheduler",
"supplier": {},
"type": "container"
},
"timestamp": "2023-12-07T11:55:24+00:00",
"tools": [
{
"name": "trivy",
"vendor": "aquasecurity"
}
]
},
"serialNumber": "urn:uuid:0f50dc25-0378-41f6-b7f4-196f7dc96e8a",
"specVersion": "1.5",
"version": 1
},
"registry": {
"server": "k8s.gcr.io"
},
"scanner": {
"name": "Trivy",
"vendor": "Aqua Security",
"version": "0.47.0"
},
"summary": {
"componentsCount": 5,
"dependenciesCount": 5
},
"updateTimestamp": "2023-12-07T11:55:24Z"
}
}

0 comments on commit 100b369

Please sign in to comment.