Commit 6d59e61c authored by Nick Thomas's avatar Nick Thomas

Merge branch 'new-fingerprint-for-cs' into 'master'

Change location fingerprint calculation

See merge request gitlab-org/gitlab!39445
parents f7e790ce 2193c771
---
title: Change location fingerprint calculation for container scanning
merge_request: 39445
author:
type: other
...@@ -18,11 +18,34 @@ module Gitlab ...@@ -18,11 +18,34 @@ module Gitlab
@package_version = package_version @package_version = package_version
end end
# temporary, untill existing data updated in DB
def new_fingerprint
Digest::SHA1.hexdigest("#{docker_image_name_without_tag}:#{package_name}")
end
private private
def fingerprint_data def fingerprint_data
"#{operating_system}:#{package_name}" "#{operating_system}:#{package_name}"
end end
def docker_image_name_without_tag
base_name, version = image.split(':')
return image if version_semver_like?(version)
base_name
end
def version_semver_like?(version)
hash_like = /\A[0-9a-f]{32,128}\z/i
if Gem::Version.correct?(version)
!hash_like.match?(version)
else
false
end
end
end end
end end
end end
......
...@@ -16,4 +16,45 @@ RSpec.describe Gitlab::Ci::Reports::Security::Locations::ContainerScanning do ...@@ -16,4 +16,45 @@ RSpec.describe Gitlab::Ci::Reports::Security::Locations::ContainerScanning do
let(:expected_fingerprint) { Digest::SHA1.hexdigest('debian:9:glibc') } let(:expected_fingerprint) { Digest::SHA1.hexdigest('debian:9:glibc') }
it_behaves_like 'vulnerability location' it_behaves_like 'vulnerability location'
describe '#new_fingerprint' do
sha1_of = -> (input) { Digest::SHA1.hexdigest(input) }
subject { described_class.new(**params) }
specify do
params[:image] = 'alpine:3.7.3'
expect(subject.new_fingerprint).to eq(sha1_of.call('alpine:3.7.3:glibc'))
end
specify do
params[:image] = 'alpine:3.7'
expect(subject.new_fingerprint).to eq(sha1_of.call('alpine:3.7:glibc'))
end
specify do
params[:image] = 'alpine:8101518288111119448185914762536722131810'
expect(subject.new_fingerprint).to eq(sha1_of.call('alpine:glibc'))
end
specify do
params[:image] = 'alpine:1.0.0-beta'
expect(subject.new_fingerprint).to eq(sha1_of.call('alpine:1.0.0-beta:glibc'))
end
specify do
params[:image] = 'registry.gitlab.com/gitlab-org/security-products/analyzers/klar/tmp:af864bd61230d3d694eb01d6205b268b4ad63ac0'
expect(subject.new_fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/analyzers/klar/tmp:glibc'))
end
specify do
params[:image] = 'registry.gitlab.com/gitlab-org/security-products/tests/container-scanning/master:ec301f43f14a2b477806875e49cfc4d3fa0d22c3'
expect(subject.new_fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/tests/container-scanning/master:glibc'))
end
specify do
params[:image] = 'registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e'
expect(subject.new_fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:glibc'))
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment