From 745eea09e84ed6225a5554fdf06490e3a8b9c258 Mon Sep 17 00:00:00 2001 From: James Carnegie Date: Mon, 20 May 2024 09:37:53 +0100 Subject: [PATCH] Fix image detection based on platform (#33) --- pkg/oci/oci.go | 2 +- pkg/oci/oci_test.go | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/pkg/oci/oci.go b/pkg/oci/oci.go index 89af78c..8183c2b 100644 --- a/pkg/oci/oci.go +++ b/pkg/oci/oci.go @@ -329,7 +329,7 @@ func ExtractEnvelopes(ia *AttestationManifest, predicateType string) ([]*att.Env func imageDigestForPlatform(ix *v1.IndexManifest, platform *v1.Platform) (string, error) { for _, m := range ix.Manifests { - if m.MediaType == ocispec.MediaTypeImageManifest || m.MediaType == "application/vnd.docker.distribution.manifest.v2+json" && m.Platform.Equals(*platform) { + if (m.MediaType == ocispec.MediaTypeImageManifest || m.MediaType == "application/vnd.docker.distribution.manifest.v2+json") && m.Platform.Equals(*platform) { return m.Digest.String(), nil } } diff --git a/pkg/oci/oci_test.go b/pkg/oci/oci_test.go index 7392af2..ad41a0b 100644 --- a/pkg/oci/oci_test.go +++ b/pkg/oci/oci_test.go @@ -1,8 +1,10 @@ package oci import ( + "path/filepath" "testing" + "github.com/google/go-containerregistry/pkg/v1/layout" "github.com/stretchr/testify/assert" ) @@ -47,3 +49,36 @@ func TestRefToPurl(t *testing.T) { assert.Equal(t, "pkg:docker/localhost%3A5001/alpine?digest=sha256%3Ac5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b&platform=arm64%2Flinux", purl) assert.True(t, canonical) } + +var ( + UnsignedTestImage = filepath.Join("..", "..", "test", "testdata", "unsigned-test-image") +) + +// Test fix for https://github.com/docker/secure-artifacts-team-issues/issues/202 +func TestImageDigestForPlatform(t *testing.T) { + idx, err := layout.ImageIndexFromPath(UnsignedTestImage) + assert.NoError(t, err) + + idxm, err := idx.IndexManifest() + assert.NoError(t, err) + + idxDescriptor := idxm.Manifests[0] + idxDigest := idxDescriptor.Digest + + mfs, err := idx.ImageIndex(idxDigest) + assert.NoError(t, err) + mfs2, err := mfs.IndexManifest() + assert.NoError(t, err) + + p, err := parsePlatform("linux/amd64") + assert.NoError(t, err) + digest, err := imageDigestForPlatform(mfs2, p) + assert.NoError(t, err) + assert.Equal(t, "sha256:da8b190665956ea07890a0273e2a9c96bfe291662f08e2860e868eef69c34620", digest) + + p, err = parsePlatform("linux/arm64") + assert.NoError(t, err) + digest, err = imageDigestForPlatform(mfs2, p) + assert.NoError(t, err) + assert.Equal(t, "sha256:7a76cec943853f9f7105b1976afa1bf7cd5bb6afc4e9d5852dd8da7cf81ae86e", digest) +}