fix issue 20407 (#20416)

fixes #20407 It needs to specify the insecure option on parsing the reference Signed-off-by: wang yan <[email protected]>
goharbor · May 13, 2024 · 65e266f · 65e266f
1 parent 068ae00
commit 65e266f
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 8 deletions.
diff --git a/src/pkg/scan/rest/v1/models.go b/src/pkg/scan/rest/v1/models.go
@@ -206,6 +206,8 @@ type Registry struct {
  // An optional value of the HTTP Authorization header sent with each request to the Docker Registry for getting or exchanging token.
  // For example, `Basic: Base64(username:password)`.
  Authorization string `json:"authorization"`
+ // Insecure is an indicator of https or http.
+ Insecure bool `json:"insecure"`
 }
 
 // ScanRequest represents a structure that is sent to a Scanner Adapter to initiate artifact scanning.

diff --git a/src/pkg/scan/sbom/sbom.go b/src/pkg/scan/sbom/sbom.go
@@ -43,13 +43,13 @@ const (
 )
 
 func init() {
- scan.RegisterScanHanlder(v1.ScanTypeSbom, &scanHandler{GenAccessoryFunc: scan.GenAccessoryArt, RegistryServer: registryFQDN})
+ scan.RegisterScanHanlder(v1.ScanTypeSbom, &scanHandler{GenAccessoryFunc: scan.GenAccessoryArt, RegistryServer: registry})
 }
 
 // ScanHandler defines the Handler to generate sbom
 type scanHandler struct {
  GenAccessoryFunc func(scanRep v1.ScanRequest, sbomContent []byte, labels map[string]string, mediaType string, robot *model.Robot) (string, error)
- RegistryServer func(ctx context.Context) string
+ RegistryServer func(ctx context.Context) (string, bool)
 }
 
 // RequestProducesMineTypes defines the mine types produced by the scan handler
@@ -96,7 +96,7 @@ func (v *scanHandler) PostScan(ctx job.Context, sr *v1.ScanRequest, _ *scanModel
  Artifact: sr.Artifact,
  }
  // the registry server url is core by default, need to replace it with real registry server url
- scanReq.Registry.URL = v.RegistryServer(ctx.SystemContext())
+ scanReq.Registry.URL, scanReq.Registry.Insecure = v.RegistryServer(ctx.SystemContext())
  if len(scanReq.Registry.URL) == 0 {
  return "", fmt.Errorf("empty registry server")
  }
@@ -139,15 +139,16 @@ func (v *scanHandler) generateReport(startTime time.Time, repository, digest, st
 }
 
 // extract server name from config, and remove the protocol prefix
-func registryFQDN(ctx context.Context) string {
+func registry(ctx context.Context) (string, bool) {
  cfgMgr, ok := config.FromContext(ctx)
  if ok {
  extURL := cfgMgr.Get(context.Background(), common.ExtEndpoint).GetString()
+ insecure := strings.HasPrefix(extURL, "http://")
  server := strings.TrimPrefix(extURL, "https://")
  server = strings.TrimPrefix(server, "http://")
- return server
+ return server, insecure
  }
- return ""
+ return "", false
 }
 
 // retrieveSBOMContent retrieves the "sbom" field from the raw report

diff --git a/src/pkg/scan/sbom/sbom_test.go b/src/pkg/scan/sbom/sbom_test.go
@@ -89,8 +89,8 @@ func Test_scanHandler_RequestProducesMineTypes(t *testing.T) {
  }
 }
 
-func mockGetRegistry(ctx context.Context) string {
- return "myharbor.example.com"
+func mockGetRegistry(ctx context.Context) (string, bool) {
+ return "myharbor.example.com", false
 }
 
 func mockGenAccessory(scanRep v1.ScanRequest, sbomContent []byte, labels map[string]string, mediaType string, robot *model.Robot) (string, error) {

diff --git a/src/pkg/scan/util.go b/src/pkg/scan/util.go
@@ -86,6 +86,9 @@ func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[str
  return "", err
  }
  accRef, err := name.ParseReference(fmt.Sprintf("%s/%s@%s", sq.Registry.URL, sq.Artifact.Repository, dgst.String()))
+ if sq.Registry.Insecure {
+ accRef, err = name.ParseReference(fmt.Sprintf("%s/%s@%s", sq.Registry.URL, sq.Artifact.Repository, dgst.String()), name.Insecure)
+ }
  if err != nil {
  return "", err
  }