From 6b59d8d09a6427471a66b58da3547ca1789d0b7b Mon Sep 17 00:00:00 2001 From: afdesk Date: Wed, 30 Oct 2024 17:08:54 +0600 Subject: [PATCH 1/3] refactor(k8s): add prefix `v` --- pkg/k8s/scanner/scanner_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/k8s/scanner/scanner_test.go b/pkg/k8s/scanner/scanner_test.go index 3de4f0429ef5..cd2557fe8307 100644 --- a/pkg/k8s/scanner/scanner_test.go +++ b/pkg/k8s/scanner/scanner_test.go @@ -87,7 +87,7 @@ func TestScanner_Scan(t *testing.T) { { Type: core.TypeApplication, Name: "github.com/containerd/containerd", - Version: "1.5.2", + Version: "v1.5.2", Properties: []core.Property{ { Name: k8sComponentName, @@ -104,7 +104,7 @@ func TestScanner_Scan(t *testing.T) { PURL: &packageurl.PackageURL{ Type: "golang", Name: "github.com/containerd/containerd", - Version: "1.5.2", + Version: "v1.5.2", Qualifiers: packageurl.Qualifiers{}, }, BOMRef: "pkg:golang/github.com%2Fcontainerd%2Fcontainerd@1.5.2", @@ -113,12 +113,12 @@ func TestScanner_Scan(t *testing.T) { { Type: core.TypeApplication, Name: "k8s.io/apiserver", - Version: "1.21.1", + Version: "v1.21.1", PkgIdentifier: ftypes.PkgIdentifier{ PURL: &packageurl.PackageURL{ Type: purl.TypeK8s, Name: "k8s.io/apiserver", - Version: "1.21.1", + Version: "v1.21.1", }, BOMRef: "pkg:k8s/k8s.io%2Fapiserver@1.21.1", }, From 13dbcbaed094886e81159c70fa27e8ab35cb4b49 Mon Sep 17 00:00:00 2001 From: afdesk Date: Mon, 25 Nov 2024 16:21:55 +0600 Subject: [PATCH 2/3] chore: unified k8s version --- pkg/k8s/scanner/scanner.go | 31 +++++++++++++++++++------------ pkg/k8s/scanner/scanner_test.go | 24 ++++++++++++------------ 2 files changed, 31 insertions(+), 24 deletions(-) diff --git a/pkg/k8s/scanner/scanner.go b/pkg/k8s/scanner/scanner.go index 70debfe6a85f..6ac3ff05aba0 100644 --- a/pkg/k8s/scanner/scanner.go +++ b/pkg/k8s/scanner/scanner.go @@ -242,8 +242,9 @@ func (s *Scanner) scanK8sVulns(ctx context.Context, artifactsData []*artifacts.A if err != nil { return nil, err } + cpcVersion := unifiedVersion(comp.Version) - lang := k8sNamespace(comp.Version, nodeName) + lang := k8sNamespace(cpcVersion, nodeName) results, _, err := k8sScanner.Scan(ctx, types.ScanTarget{ Applications: []ftypes.Application{ { @@ -252,7 +253,7 @@ func (s *Scanner) scanK8sVulns(ctx context.Context, artifactsData []*artifacts.A Packages: []ftypes.Package{ { Name: comp.Name, - Version: comp.Version, + Version: cpcVersion, }, }, }, @@ -277,7 +278,7 @@ func (s *Scanner) scanK8sVulns(ctx context.Context, artifactsData []*artifacts.A if err != nil { return nil, err } - kubeletVersion := sanitizedVersion(nf.KubeletVersion) + kubeletVersion := unifiedVersion(nf.KubeletVersion) lang := k8sNamespace(kubeletVersion, nodeName) runtimeName, runtimeVersion := runtimeNameVersion(nf.ContainerRuntimeVersion) results, _, err := k8sScanner.Scan(ctx, types.ScanTarget{ @@ -387,14 +388,15 @@ func (s *Scanner) clusterInfoToReportResources(allArtifact []*artifacts.Artifact if err := ms.Decode(artifact.RawResource, &comp); err != nil { return nil, err } + cVersion := unifiedVersion(comp.Version) controlPlane := &core.Component{ Name: comp.Name, - Version: comp.Version, + Version: cVersion, Type: core.TypeApplication, Properties: toProperties(comp.Properties, k8sCoreComponentNamespace), PkgIdentifier: ftypes.PkgIdentifier{ - PURL: generatePURL(comp.Name, comp.Version, nodeName), + PURL: generatePURL(comp.Name, cVersion, nodeName), }, } coreComponents = append(coreComponents, controlPlane) @@ -405,7 +407,7 @@ func (s *Scanner) clusterInfoToReportResources(allArtifact []*artifacts.Artifact if !strings.Contains(c.Digest, string(digest.SHA256)) { cDigest = fmt.Sprintf("%s:%s", string(digest.SHA256), cDigest) } - ver := sanitizedVersion(c.Version) + ver := unifiedVersion(c.Version) imagePURL, err := purl.New(purl.TypeOCI, types.Metadata{ RepoDigests: []string{ @@ -448,13 +450,15 @@ func (s *Scanner) clusterInfoToReportResources(allArtifact []*artifacts.Artifact if err := ms.Decode(artifact.RawResource, &cf); err != nil { return nil, err } + cVersion := unifiedVersion(cf.Version) + rootComponent = &core.Component{ Type: core.TypePlatform, Name: cf.Name, - Version: cf.Version, + Version: cVersion, Properties: toProperties(cf.Properties, k8sCoreComponentNamespace), PkgIdentifier: ftypes.PkgIdentifier{ - PURL: generatePURL(cf.Name, cf.Version, nodeName), + PURL: generatePURL(cf.Name, cVersion, nodeName), }, Root: true, } @@ -474,7 +478,7 @@ func (s *Scanner) clusterInfoToReportResources(allArtifact []*artifacts.Artifact func (s *Scanner) nodeComponent(b *core.BOM, nf bom.NodeInfo) *core.Component { osName, osVersion := osNameVersion(nf.OsImage) runtimeName, runtimeVersion := runtimeNameVersion(nf.ContainerRuntimeVersion) - kubeletVersion := sanitizedVersion(nf.KubeletVersion) + kubeletVersion := unifiedVersion(nf.KubeletVersion) properties := toProperties(nf.Properties, "") properties = append(properties, toProperties(map[string]string{ k8sComponentType: k8sComponentNode, @@ -557,8 +561,11 @@ func (s *Scanner) nodeComponent(b *core.BOM, nf bom.NodeInfo) *core.Component { return nodeComponent } -func sanitizedVersion(ver string) string { - return strings.TrimPrefix(ver, "v") +func unifiedVersion(ver string) string { + if strings.HasPrefix(ver, "v") { + return ver + } + return "v" + ver } func osNameVersion(name string) (string, string) { @@ -592,7 +599,7 @@ func runtimeNameVersion(name string) (string, string) { case "cri-dockerd": name = "github.com/Mirantis/cri-dockerd" } - return name, ver + return name, unifiedVersion(ver) } func toProperties(props map[string]string, namespace string) []core.Property { diff --git a/pkg/k8s/scanner/scanner_test.go b/pkg/k8s/scanner/scanner_test.go index cd2557fe8307..fcf1c5f10a11 100644 --- a/pkg/k8s/scanner/scanner_test.go +++ b/pkg/k8s/scanner/scanner_test.go @@ -107,7 +107,7 @@ func TestScanner_Scan(t *testing.T) { Version: "v1.5.2", Qualifiers: packageurl.Qualifiers{}, }, - BOMRef: "pkg:golang/github.com%2Fcontainerd%2Fcontainerd@1.5.2", + BOMRef: "pkg:golang/github.com%2Fcontainerd%2Fcontainerd@v1.5.2", }, }, { @@ -120,13 +120,13 @@ func TestScanner_Scan(t *testing.T) { Name: "k8s.io/apiserver", Version: "v1.21.1", }, - BOMRef: "pkg:k8s/k8s.io%2Fapiserver@1.21.1", + BOMRef: "pkg:k8s/k8s.io%2Fapiserver@v1.21.1", }, }, { Type: core.TypeApplication, Name: "k8s.io/kubelet", - Version: "1.21.1", + Version: "v1.21.1", Properties: []core.Property{ { Name: k8sComponentName, @@ -143,9 +143,9 @@ func TestScanner_Scan(t *testing.T) { PURL: &packageurl.PackageURL{ Type: "k8s", Name: "k8s.io/kubelet", - Version: "1.21.1", + Version: "v1.21.1", }, - BOMRef: "pkg:k8s/k8s.io%2Fkubelet@1.21.1", + BOMRef: "pkg:k8s/k8s.io%2Fkubelet@v1.21.1", }, }, { @@ -176,7 +176,7 @@ func TestScanner_Scan(t *testing.T) { Properties: []core.Property{ { Name: core.PropertyPkgID, - Value: "k8s.gcr.io/kube-apiserver:1.21.1", + Value: "k8s.gcr.io/kube-apiserver:v1.21.1", }, { Name: core.PropertyPkgType, @@ -208,7 +208,7 @@ func TestScanner_Scan(t *testing.T) { Type: core.TypePlatform, Root: true, Name: "k8s.io/kubernetes", - Version: "1.21.1", + Version: "v1.21.1", Properties: []core.Property{ { Name: "Name", @@ -225,9 +225,9 @@ func TestScanner_Scan(t *testing.T) { PURL: &packageurl.PackageURL{ Type: purl.TypeK8s, Name: "k8s.io/kubernetes", - Version: "1.21.1", + Version: "v1.21.1", }, - BOMRef: "pkg:k8s/k8s.io%2Fkubernetes@1.21.1", + BOMRef: "pkg:k8s/k8s.io%2Fkubernetes@v1.21.1", }, }, { @@ -464,19 +464,19 @@ func TestRuntimeVersion(t *testing.T) { name: "containerd", runtimeVersion: "containerd://1.5.2", wantName: "github.com/containerd/containerd", - wantVersion: "1.5.2", + wantVersion: "v1.5.2", }, { name: "cri-o", runtimeVersion: "cri-o://1.5.2", wantName: "github.com/cri-o/cri-o", - wantVersion: "1.5.2", + wantVersion: "v1.5.2", }, { name: "cri-dockerd", runtimeVersion: "cri-dockerd://1.5.2", wantName: "github.com/Mirantis/cri-dockerd", - wantVersion: "1.5.2", + wantVersion: "v1.5.2", }, { name: "na runtime", From 0648c4cf232c7a26ddb94b0cbe25108320372463 Mon Sep 17 00:00:00 2001 From: afdesk Date: Tue, 26 Nov 2024 01:25:01 +0600 Subject: [PATCH 3/3] fix: don't unify an empty version --- pkg/k8s/scanner/scanner.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/k8s/scanner/scanner.go b/pkg/k8s/scanner/scanner.go index 6ac3ff05aba0..0fdb48b9afe7 100644 --- a/pkg/k8s/scanner/scanner.go +++ b/pkg/k8s/scanner/scanner.go @@ -562,7 +562,7 @@ func (s *Scanner) nodeComponent(b *core.BOM, nf bom.NodeInfo) *core.Component { } func unifiedVersion(ver string) string { - if strings.HasPrefix(ver, "v") { + if strings.HasPrefix(ver, "v") || ver == "" { return ver } return "v" + ver