Change location fingerprint calculation

Introduce temporary method to calculate location fingerprint

Change location fingerprint calculation
Introduce temporary method to calculate location fingerprint
2193c771 · can eldem · 7491f8b9 · 2193c771 · 2193c771 · 2193c771
Commit 2193c771 authored Aug 13, 2020 by can eldem
3 changed files
--- a/ee/changelogs/unreleased/new-fingerprint-for-cs.yml
+++ b/ee/changelogs/unreleased/new-fingerprint-for-cs.yml
+---
+title: Change location fingerprint calculation for container scanning
+merge_request: 39445
+author:
+type: other
--- a/ee/lib/gitlab/ci/reports/security/locations/container_scanning.rb
+++ b/ee/lib/gitlab/ci/reports/security/locations/container_scanning.rb
@@ -18,11 +18,34 @@ module Gitlab
              @package_version = package_version
            end

+            # temporary, untill existing data updated in DB
+            def new_fingerprint
+              Digest::SHA1.hexdigest("#{docker_image_name_without_tag}:#{package_name}")
+            end
+
            private

            def fingerprint_data
              "#{operating_system}:#{package_name}"
            end
+
+            def docker_image_name_without_tag
+              base_name, version = image.split(':')
+
+              return image if version_semver_like?(version)
+
+              base_name
+            end
+
+            def version_semver_like?(version)
+              hash_like = /\A[0-9a-f]{32,128}\z/i
+
+              if Gem::Version.correct?(version)
+                !hash_like.match?(version)
+              else
+                false
+              end
+            end
          end
        end
      end

--- a/ee/spec/lib/gitlab/ci/reports/security/locations/container_scanning_spec.rb
+++ b/ee/spec/lib/gitlab/ci/reports/security/locations/container_scanning_spec.rb
@@ -16,4 +16,45 @@ RSpec.describe Gitlab::Ci::Reports::Security::Locations::ContainerScanning do
  let(:expected_fingerprint) { Digest::SHA1.hexdigest('debian:9:glibc') }

  it_behaves_like 'vulnerability location'
+
+  describe '#new_fingerprint' do
+    sha1_of = -> (input) { Digest::SHA1.hexdigest(input) }
+
+    subject { described_class.new(**params) }
+
+    specify do
+      params[:image] = 'alpine:3.7.3'
+      expect(subject.new_fingerprint).to eq(sha1_of.call('alpine:3.7.3:glibc'))
+    end
+
+    specify do
+      params[:image] = 'alpine:3.7'
+      expect(subject.new_fingerprint).to eq(sha1_of.call('alpine:3.7:glibc'))
+    end
+
+    specify do
+      params[:image] = 'alpine:8101518288111119448185914762536722131810'
+      expect(subject.new_fingerprint).to eq(sha1_of.call('alpine:glibc'))
+    end
+
+    specify do
+      params[:image] = 'alpine:1.0.0-beta'
+      expect(subject.new_fingerprint).to eq(sha1_of.call('alpine:1.0.0-beta:glibc'))
+    end
+
+    specify do
+      params[:image] = 'registry.gitlab.com/gitlab-org/security-products/analyzers/klar/tmp:af864bd61230d3d694eb01d6205b268b4ad63ac0'
+      expect(subject.new_fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/analyzers/klar/tmp:glibc'))
+    end
+
+    specify do
+      params[:image] = 'registry.gitlab.com/gitlab-org/security-products/tests/container-scanning/master:ec301f43f14a2b477806875e49cfc4d3fa0d22c3'
+      expect(subject.new_fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/tests/container-scanning/master:glibc'))
+    end
+
+    specify do
+      params[:image] = 'registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e'
+      expect(subject.new_fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:glibc'))
+    end
+  end
 end