Update with fixes and test from main

nais · Oct 31, 2024 · 90d6127 · 90d6127
1 parent 810eeb3
commit 90d6127
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 6 deletions.
diff --git a/internal/v1/vulnerability/dependencytrack.go b/internal/v1/vulnerability/dependencytrack.go
@@ -74,7 +74,7 @@ func NewDependencyTrackClient(cfg DependencyTrackConfig, log logrus.FieldLogger,
 		dependencytrack.WithLogger(log.WithField("client", "dependencytrack")),
 		dependencytrack.WithHttpClient(&http.Client{Transport: otelhttp.NewTransport(http.DefaultTransport)}),
 	)
-	ch := cache.New(5*time.Minute, 5*time.Minute)
+	ch := cache.New(2*time.Minute, 5*time.Minute)
 
 	if cfg.EnableFakes {
 		c = NewFakeDependencyTrackClient(c)
@@ -262,10 +262,7 @@ func (c *dependencyTrackClient) GetAnalysisTrailForImage(ctx context.Context, pr
 // The 'LastBomImportFormat' can be empty even if the project has a BOM.
 // As a fallback, we can check if projects has registered any components, then we assume that if a project has components, it has a BOM.
 func hasSbom(p *dependencytrack.Project) bool {
-	if p == nil {
-		return false
-	}
-	return p.LastBomImportFormat != "" || p.Metrics != nil && p.Metrics.Components > 0
+	return p != nil && p.Metrics != nil
 }
 
 func (c *dependencyTrackClient) retrieveFindings(ctx context.Context, uuid string, suppressed bool) ([]*dependencytrack.Finding, error) {
@@ -388,7 +385,7 @@ func parseComments(trail *dependencytrack.Analysis) []*ImageVulnerabilityAnalysi
 
 func excludeProject(p *dependencytrack.Project) bool {
 	for _, i := range imagesToExclude {
-		if strings.HasPrefix(p.Name, i) {
+		if strings.EqualFold(p.Name, i) {
 			return true
 		}
 	}

diff --git a/internal/v1/vulnerability/dependencytrack_test.go b/internal/v1/vulnerability/dependencytrack_test.go
@@ -91,3 +91,41 @@ func findings() []*dependencytrack.Finding {
 		},
 	}
 }
+
+func Test_ProjectsToExclude(t *testing.T) {
+	tt := []struct {
+		name    string
+		project *dependencytrack.Project
+		want    bool
+	}{
+		{
+			name: "should exclude projects with matching name",
+			project: &dependencytrack.Project{
+				Name: "europe-north1-docker.pkg.dev/nais-io/nais/images/wonderwall",
+			},
+			want: true,
+		},
+		{
+			name: "should exclude projects with matching name",
+			project: &dependencytrack.Project{
+				Name: "europe-north1-docker.pkg.dev/nais-io/nais/images/elector",
+			},
+			want: true,
+		},
+		{
+			name: "should not exclude projects with matching name",
+			project: &dependencytrack.Project{
+				Name: "europe-north1-docker.pkg.dev/nais-io/nais/images/wonderwalled-idporten",
+			},
+			want: false,
+		},
+	}
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			got := excludeProject(tc.project)
+			if got != tc.want {
+				t.Errorf("got %v, want %v", got, tc.want)
+			}
+		})
+	}
+}