Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(image): prevent scanning oversized container images #8178

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Prev Previous commit
Next Next commit
test: add tests for image flags
Signed-off-by: nikpivkin <[email protected]>
  • Loading branch information
nikpivkin committed Dec 26, 2024
commit adaea747a3cb61c63b860cb572f511ac3e2545a6
91 changes: 91 additions & 0 deletions pkg/flag/image_flags_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
package flag_test

import (
"testing"

"github.com/docker/go-units"
v1 "github.com/google/go-containerregistry/pkg/v1"
"github.com/spf13/viper"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"

"github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/flag"
)

func TestImageFlagGroup_ToOptions(t *testing.T) {
type fields struct {
maxImgSize string
platform string
}
tests := []struct {
name string
fields fields
want flag.ImageOptions
wantErr string
}{
{
name: "happy default (without flags)",
fields: fields{},
want: flag.ImageOptions{},
},
{
name: "happy path with max image size",
fields: fields{
maxImgSize: "10mb",
},
want: flag.ImageOptions{
MaxImageSize: units.MB * 10,
},
},
{
name: "invalid max image size",
fields: fields{
maxImgSize: "10foo",
},
wantErr: "invalid max image size",
},
{
name: "happy path with platform",
fields: fields{
platform: "linux/amd64",
},
want: flag.ImageOptions{
Platform: types.Platform{
Platform: &v1.Platform{
OS: "linux",
Architecture: "amd64",
},
},
},
},
{
name: "invalid platform",
fields: fields{
platform: "unknown/unknown/unknown/unknown",
},
wantErr: "unable to parse platform",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
t.Cleanup(viper.Reset)

setValue(flag.MaxImageSize.ConfigName, tt.fields.maxImgSize)
setValue(flag.PlatformFlag.ConfigName, tt.fields.platform)

f := &flag.ImageFlagGroup{
MaxImageSize: flag.MaxImageSize.Clone(),
Platform: flag.PlatformFlag.Clone(),
}

got, err := f.ToOptions()
if tt.wantErr != "" {
assert.ErrorContains(t, err, tt.wantErr)
return
}
require.NoError(t, err)
assert.EqualExportedValues(t, tt.want, got)
})
}
}