From ba034fb8bc9ca3c90e01c7063a7706908fdc440a Mon Sep 17 00:00:00 2001 From: Hacks4Snacks Date: Fri, 6 Sep 2024 15:12:14 -0500 Subject: [PATCH 1/2] truncate cname to a max of 63 chars --- pkg/plugins/trivy/jobspec.go | 8 +++- pkg/plugins/trivy/jobspec_test.go | 70 +++++++++++++++++++------------ 2 files changed, 51 insertions(+), 27 deletions(-) diff --git a/pkg/plugins/trivy/jobspec.go b/pkg/plugins/trivy/jobspec.go index 6ec8163f9..083ad5178 100644 --- a/pkg/plugins/trivy/jobspec.go +++ b/pkg/plugins/trivy/jobspec.go @@ -241,7 +241,13 @@ func CreateSbomDataAsSecret(bom v1alpha1.BOM, secretName string) (corev1.Secret, // CreateVolumeSbomFiles creates a volume and volume mount for the sbom data func CreateVolumeSbomFiles(volumeMounts *[]corev1.VolumeMount, volumes *[]corev1.Volume, secretName *string, fileName string, mountPath string, cname string) { - vname := fmt.Sprintf("sbomvol-%s", cname) + vnamePrefix := "sbomvol-" + // Truncate cname to ensure that vname fits within 63 characters including the prefix + maxCnameLength := 62 - len(vnamePrefix) + if len(cname) > maxCnameLength { + cname = cname[:maxCnameLength] + } + vname := fmt.Sprintf("%s%s", vnamePrefix, cname) sbomMount := corev1.VolumeMount{ Name: vname, MountPath: mountPath, diff --git a/pkg/plugins/trivy/jobspec_test.go b/pkg/plugins/trivy/jobspec_test.go index 0f59d73ac..d910e413d 100644 --- a/pkg/plugins/trivy/jobspec_test.go +++ b/pkg/plugins/trivy/jobspec_test.go @@ -51,35 +51,53 @@ func TestCreateSbomDataSecret(t *testing.T) { func TestCreateVolumes(t *testing.T) { testCases := []struct { - name string - vm []corev1.VolumeMount - v []corev1.Volume - cName string - sn string - fn string - mountPath string + name string + vm []corev1.VolumeMount + v []corev1.Volume + cName string + sn string + fn string + mountPath string + expectedName string }{ { - name: "cretae volumes", - vm: []corev1.VolumeMount{}, - v: []corev1.Volume{}, - sn: "test", - cName: "cname", - mountPath: "/sbom-cname", - fn: "name", + name: "create volumes with normal cname", + vm: []corev1.VolumeMount{}, + v: []corev1.Volume{}, + sn: "test", + cName: "cname", + mountPath: "/sbom-cname", + fn: "name", + expectedName: "sbomvol-cname", + }, + { + name: "create volumes with long cname", + vm: []corev1.VolumeMount{}, + v: []corev1.Volume{}, + sn: "test", + cName: "averylongcontainername1234567890averylongcontainername1234567890", + mountPath: "/sbom-longname", + fn: "name", + expectedName: "sbomvol-averylongcontainername1234567890averylongcontainername", }, } - tc := testCases[0] - t.Run(tc.name, func(t *testing.T) { - trivy.CreateVolumeSbomFiles(&tc.vm, &tc.v, &tc.sn, tc.fn, tc.mountPath, tc.cName) - assert.Equal(t, len(tc.vm), 1) - assert.Equal(t, len(tc.v), 1) - assert.Equal(t, tc.vm[0].Name, "sbomvol-cname") - assert.Equal(t, tc.vm[0].MountPath, "/sbom-cname") - assert.Equal(t, tc.v[0].Name, "sbomvol-cname") - assert.Equal(t, tc.v[0].Secret.SecretName, tc.sn) - assert.Equal(t, tc.v[0].Secret.Items[0].Key, "bom") - assert.Equal(t, tc.v[0].Secret.Items[0].Path, tc.fn) - }) + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + trivy.CreateVolumeSbomFiles(&tc.vm, &tc.v, &tc.sn, tc.fn, tc.mountPath, tc.cName) + + assert.Equal(t, len(tc.vm), 1) + assert.Equal(t, len(tc.v), 1) + + assert.Equal(t, tc.vm[0].Name, tc.expectedName) + assert.Equal(t, tc.vm[0].MountPath, tc.mountPath) + assert.Equal(t, tc.v[0].Name, tc.expectedName) + assert.Equal(t, tc.v[0].Secret.SecretName, tc.sn) + assert.Equal(t, tc.v[0].Secret.Items[0].Key, "bom") + assert.Equal(t, tc.v[0].Secret.Items[0].Path, tc.fn) + + assert.LessOrEqual(t, len(tc.vm[0].Name), 63) + assert.LessOrEqual(t, len(tc.v[0].Name), 63) + }) + } } From ae1f8956ad1dce469ee7e4a5519f8b59b45d8dd4 Mon Sep 17 00:00:00 2001 From: Hacks4Snacks Date: Fri, 6 Sep 2024 15:27:46 -0500 Subject: [PATCH 2/2] create new copy of tc struct for each iteration --- pkg/plugins/trivy/jobspec_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/plugins/trivy/jobspec_test.go b/pkg/plugins/trivy/jobspec_test.go index d910e413d..e5f782953 100644 --- a/pkg/plugins/trivy/jobspec_test.go +++ b/pkg/plugins/trivy/jobspec_test.go @@ -83,6 +83,7 @@ func TestCreateVolumes(t *testing.T) { } for _, tc := range testCases { + tc := tc t.Run(tc.name, func(t *testing.T) { trivy.CreateVolumeSbomFiles(&tc.vm, &tc.v, &tc.sn, tc.fn, tc.mountPath, tc.cName)