From ea485ae6ee64013f06afd7f8027b9cca3122b0ea Mon Sep 17 00:00:00 2001 From: Samreet Singh Date: Thu, 13 Feb 2025 14:48:29 +0100 Subject: [PATCH 1/2] #2706 Remove underscore in container name since it is allowed in image names Container and images follow different naming conventions and for a valid image with an underscore a scheduledscan could not be created Signed-off-by: Samreet Singh --- .../kubernetes/controllers/container_scan_controller.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/auto-discovery/kubernetes/controllers/container_scan_controller.go b/auto-discovery/kubernetes/controllers/container_scan_controller.go index b77b7d4c73..b17f3adf09 100644 --- a/auto-discovery/kubernetes/controllers/container_scan_controller.go +++ b/auto-discovery/kubernetes/controllers/container_scan_controller.go @@ -180,6 +180,8 @@ func getScanName(imageID string, scanConfig config.ScanConfig) string { result = strings.ReplaceAll(result, ".", "-") result = strings.ReplaceAll(result, "/", "-") + result = strings.ReplaceAll(result, "_", "-") + //limit scan name length to kubernetes limits return result[:62] From 39d81e3f6be02cbf0a8c8727414a3906d4db7f66 Mon Sep 17 00:00:00 2001 From: Samreet Singh Date: Thu, 6 Mar 2025 13:27:30 +0100 Subject: [PATCH 2/2] Add unit-test for image with underscore Signed-off-by: Samreet Singh --- .../controllers/container_scan_controller.go | 1 - .../container_scan_controller_test.go | 24 +++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/auto-discovery/kubernetes/controllers/container_scan_controller.go b/auto-discovery/kubernetes/controllers/container_scan_controller.go index b17f3adf09..b997889dcb 100644 --- a/auto-discovery/kubernetes/controllers/container_scan_controller.go +++ b/auto-discovery/kubernetes/controllers/container_scan_controller.go @@ -182,7 +182,6 @@ func getScanName(imageID string, scanConfig config.ScanConfig) string { result = strings.ReplaceAll(result, "/", "-") result = strings.ReplaceAll(result, "_", "-") - //limit scan name length to kubernetes limits return result[:62] } diff --git a/auto-discovery/kubernetes/controllers/container_scan_controller_test.go b/auto-discovery/kubernetes/controllers/container_scan_controller_test.go index 055757414a..85ac789723 100644 --- a/auto-discovery/kubernetes/controllers/container_scan_controller_test.go +++ b/auto-discovery/kubernetes/controllers/container_scan_controller_test.go @@ -141,6 +141,30 @@ var _ = Describe("ContainerScan controller", func() { !checkIfScanExists(ctx, juiceShopScanName2, namespace, juiceShopScanGoTemplate) }, timeout, interval).Should(BeTrue()) }) + + It("Should create a scan for an image with underscores", func() { + fakeDeployment2 := map[string]string{"test_image": "1237b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31"} + + createPodWithMultipleContainers(ctx, "fake-deployment-pod3", namespace, fakeDeployment2) + testScanName1 := "test-image-test-scan-at-1237b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31" + testScanName1 = testScanName1[:62] + + testScanGoTemplate := scanGoTemplate{ + map[string]string{"testAnnotation": namespace}, + map[string]string{ + "testLabel": namespace, + "app.kubernetes.io/managed-by": "securecodebox-autodiscovery", + }, + []string{"-p", namespace}, + nil, + nil, + nil, + } + Eventually(func() bool { + return checkIfScanExists(ctx, testScanName1, namespace, testScanGoTemplate) + }, timeout, interval).Should(BeTrue()) + }) + }) Context("Container autodiscovery with imagePullSecrets", func() { namespace := "container-autodiscovery-imagepullsecrets"