fix issue 20407 (#20416)

fixes #20407 It needs to specify the insecure option on parsing the reference Signed-off-by: wang yan <wangyan@vmware.com>
2024-11-22 02:05:41 +01:00 · 2024-05-13 14:44:51 +08:00 · 2024-05-13 14:44:51 +08:00 · 65e266fecf
commit 65e266fecf
parent 068ae006fe
4 changed files with 14 additions and 8 deletions
--- a/src/pkg/scan/rest/v1/models.go
+++ b/src/pkg/scan/rest/v1/models.go
@ -206,6 +206,8 @@ type Registry struct {
 	// An optional value of the HTTP Authorization header sent with each request to the Docker Registry for getting or exchanging token.
 	// For example, `Basic: Base64(username:password)`.
 	Authorization string `json:"authorization"`
+	// Insecure is an indicator of https or http.
+	Insecure bool `json:"insecure"`
 }

 // ScanRequest represents a structure that is sent to a Scanner Adapter to initiate artifact scanning.
--- a/src/pkg/scan/sbom/sbom.go
+++ b/src/pkg/scan/sbom/sbom.go
@ -43,13 +43,13 @@ const (
 )

 func init() {
-	scan.RegisterScanHanlder(v1.ScanTypeSbom, &scanHandler{GenAccessoryFunc: scan.GenAccessoryArt, RegistryServer: registryFQDN})
+	scan.RegisterScanHanlder(v1.ScanTypeSbom, &scanHandler{GenAccessoryFunc: scan.GenAccessoryArt, RegistryServer: registry})
 }

 // ScanHandler defines the Handler to generate sbom
 type scanHandler struct {
 	GenAccessoryFunc func(scanRep v1.ScanRequest, sbomContent []byte, labels map[string]string, mediaType string, robot *model.Robot) (string, error)
-	RegistryServer   func(ctx context.Context) string
+	RegistryServer   func(ctx context.Context) (string, bool)
 }

 // RequestProducesMineTypes defines the mine types produced by the scan handler
@ -96,7 +96,7 @@ func (v *scanHandler) PostScan(ctx job.Context, sr *v1.ScanRequest, _ *scanModel
 		Artifact: sr.Artifact,
 	}
 	// the registry server url is core by default, need to replace it with real registry server url
-	scanReq.Registry.URL = v.RegistryServer(ctx.SystemContext())
+	scanReq.Registry.URL, scanReq.Registry.Insecure = v.RegistryServer(ctx.SystemContext())
 	if len(scanReq.Registry.URL) == 0 {
 		return "", fmt.Errorf("empty registry server")
 	}
@ -139,15 +139,16 @@ func (v *scanHandler) generateReport(startTime time.Time, repository, digest, st
 }

 // extract server name from config, and remove the protocol prefix
-func registryFQDN(ctx context.Context) string {
+func registry(ctx context.Context) (string, bool) {
 	cfgMgr, ok := config.FromContext(ctx)
 	if ok {
 		extURL := cfgMgr.Get(context.Background(), common.ExtEndpoint).GetString()
+		insecure := strings.HasPrefix(extURL, "http://")
 		server := strings.TrimPrefix(extURL, "https://")
 		server = strings.TrimPrefix(server, "http://")
-		return server
+		return server, insecure
 	}
-	return ""
+	return "", false
 }

 // retrieveSBOMContent retrieves the "sbom" field from the raw report
--- a/src/pkg/scan/sbom/sbom_test.go
+++ b/src/pkg/scan/sbom/sbom_test.go
@ -89,8 +89,8 @@ func Test_scanHandler_RequestProducesMineTypes(t *testing.T) {
 	}
 }

-func mockGetRegistry(ctx context.Context) string {
-	return "myharbor.example.com"
+func mockGetRegistry(ctx context.Context) (string, bool) {
+	return "myharbor.example.com", false
 }

 func mockGenAccessory(scanRep v1.ScanRequest, sbomContent []byte, labels map[string]string, mediaType string, robot *model.Robot) (string, error) {
--- a/src/pkg/scan/util.go
+++ b/src/pkg/scan/util.go
@ -86,6 +86,9 @@ func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[str
 		return "", err
 	}
 	accRef, err := name.ParseReference(fmt.Sprintf("%s/%s@%s", sq.Registry.URL, sq.Artifact.Repository, dgst.String()))
+	if sq.Registry.Insecure {
+		accRef, err = name.ParseReference(fmt.Sprintf("%s/%s@%s", sq.Registry.URL, sq.Artifact.Repository, dgst.String()), name.Insecure)
+	}
 	if err != nil {
 		return "", err
 	}