mirror of
https://github.com/project-zot/zot.git
synced 2026-06-18 21:48:04 +08:00
Luca Muscariello
2402296e9a
* fix: migrate to Go module v2 for proper semantic versioning This change updates the module path from 'zotregistry.dev/zot' to 'zotregistry.dev/zot/v2' to comply with Go's semantic versioning rules. According to Go's module versioning requirements, major version v2+ must include the major version in the module path. The current module path 'zotregistry.dev/zot' only supports v0.x.x and v1.x.x versions, making existing v2.x.x tags (like v2.1.8) unusable. Changes: - Updated go.mod module path to zotregistry.dev/zot/v2 - Updated all internal import paths across 280+ Go source files - Updated configuration files (golangcilint.yaml, gqlgen.yml) - Updated README.md Go reference badge This fix enables proper use of existing v2.x.x Git tags and allows external packages to import zot v2+ versions without compatibility errors. Resolves: Go module import compatibility for v2+ versions Fixes: #3071 Signed-off-by: Luca Muscariello <muscariello@ieee.org> * fix: regenerate GraphQL files with updated v2 import paths The gqlgen tool needs to regenerate the GraphQL schema files after the module path change to use the new v2 imports. Signed-off-by: Luca Muscariello <muscariello@ieee.org> --------- Signed-off-by: Luca Muscariello <muscariello@ieee.org>
130 lines
4.1 KiB
Go
130 lines
4.1 KiB
Go
package convert
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/99designs/gqlgen/graphql"
|
|
ispec "github.com/opencontainers/image-spec/specs-go/v1"
|
|
"github.com/vektah/gqlparser/v2/gqlerror"
|
|
|
|
cveinfo "zotregistry.dev/zot/v2/pkg/extensions/search/cve"
|
|
cvemodel "zotregistry.dev/zot/v2/pkg/extensions/search/cve/model"
|
|
"zotregistry.dev/zot/v2/pkg/extensions/search/gql_generated"
|
|
)
|
|
|
|
func updateRepoSummaryVulnerabilities(
|
|
ctx context.Context,
|
|
repoSummary *gql_generated.RepoSummary,
|
|
skip SkipQGLField,
|
|
cveInfo cveinfo.CveInfo,
|
|
) {
|
|
if repoSummary == nil {
|
|
return
|
|
}
|
|
|
|
updateImageSummaryVulnerabilities(ctx, repoSummary.NewestImage, skip, cveInfo)
|
|
}
|
|
|
|
func updateImageSummaryVulnerabilities(
|
|
ctx context.Context,
|
|
imageSummary *gql_generated.ImageSummary,
|
|
skip SkipQGLField,
|
|
cveInfo cveinfo.CveInfo,
|
|
) {
|
|
if imageSummary == nil {
|
|
return
|
|
}
|
|
|
|
imageCveSummary := cvemodel.ImageCVESummary{}
|
|
|
|
imageSummary.Vulnerabilities = &gql_generated.ImageVulnerabilitySummary{
|
|
MaxSeverity: &imageCveSummary.MaxSeverity,
|
|
UnknownCount: &imageCveSummary.UnknownCount,
|
|
LowCount: &imageCveSummary.LowCount,
|
|
MediumCount: &imageCveSummary.MediumCount,
|
|
HighCount: &imageCveSummary.HighCount,
|
|
CriticalCount: &imageCveSummary.CriticalCount,
|
|
Count: &imageCveSummary.Count,
|
|
}
|
|
|
|
// Check if vulnerability scanning is disabled
|
|
if cveInfo == nil || skip.Vulnerabilities {
|
|
return
|
|
}
|
|
|
|
imageCveSummary, err := cveInfo.GetCVESummaryForImageMedia(ctx, *imageSummary.RepoName, *imageSummary.Digest,
|
|
*imageSummary.MediaType)
|
|
if err != nil {
|
|
// Log the error, but we should still include the image in results
|
|
graphql.AddError(
|
|
ctx,
|
|
gqlerror.Errorf(
|
|
"unable to run vulnerability scan on tag %s in repo %s: error: %s",
|
|
*imageSummary.Tag, *imageSummary.RepoName, err.Error(),
|
|
),
|
|
)
|
|
}
|
|
|
|
imageSummary.Vulnerabilities.MaxSeverity = &imageCveSummary.MaxSeverity
|
|
imageSummary.Vulnerabilities.UnknownCount = &imageCveSummary.UnknownCount
|
|
imageSummary.Vulnerabilities.LowCount = &imageCveSummary.LowCount
|
|
imageSummary.Vulnerabilities.MediumCount = &imageCveSummary.MediumCount
|
|
imageSummary.Vulnerabilities.HighCount = &imageCveSummary.HighCount
|
|
imageSummary.Vulnerabilities.CriticalCount = &imageCveSummary.CriticalCount
|
|
imageSummary.Vulnerabilities.Count = &imageCveSummary.Count
|
|
|
|
for _, manifestSummary := range imageSummary.Manifests {
|
|
updateManifestSummaryVulnerabilities(ctx, manifestSummary, *imageSummary.RepoName, skip, cveInfo)
|
|
}
|
|
}
|
|
|
|
func updateManifestSummaryVulnerabilities(
|
|
ctx context.Context,
|
|
manifestSummary *gql_generated.ManifestSummary,
|
|
repoName string,
|
|
skip SkipQGLField,
|
|
cveInfo cveinfo.CveInfo,
|
|
) {
|
|
if manifestSummary == nil {
|
|
return
|
|
}
|
|
|
|
imageCveSummary := cvemodel.ImageCVESummary{}
|
|
|
|
manifestSummary.Vulnerabilities = &gql_generated.ImageVulnerabilitySummary{
|
|
MaxSeverity: &imageCveSummary.MaxSeverity,
|
|
UnknownCount: &imageCveSummary.UnknownCount,
|
|
LowCount: &imageCveSummary.LowCount,
|
|
MediumCount: &imageCveSummary.MediumCount,
|
|
HighCount: &imageCveSummary.HighCount,
|
|
CriticalCount: &imageCveSummary.CriticalCount,
|
|
Count: &imageCveSummary.Count,
|
|
}
|
|
|
|
// Check if vulnerability scanning is disabled
|
|
if cveInfo == nil || skip.Vulnerabilities {
|
|
return
|
|
}
|
|
|
|
imageCveSummary, err := cveInfo.GetCVESummaryForImageMedia(ctx, repoName, *manifestSummary.Digest,
|
|
ispec.MediaTypeImageManifest)
|
|
if err != nil {
|
|
// Log the error, but we should still include the manifest in results
|
|
graphql.AddError(
|
|
ctx,
|
|
gqlerror.Errorf(
|
|
"unable to run vulnerability scan in repo %s: manifest digest: %s, error: %s",
|
|
repoName, *manifestSummary.Digest, err.Error(),
|
|
),
|
|
)
|
|
}
|
|
|
|
manifestSummary.Vulnerabilities.MaxSeverity = &imageCveSummary.MaxSeverity
|
|
manifestSummary.Vulnerabilities.UnknownCount = &imageCveSummary.UnknownCount
|
|
manifestSummary.Vulnerabilities.LowCount = &imageCveSummary.LowCount
|
|
manifestSummary.Vulnerabilities.MediumCount = &imageCveSummary.MediumCount
|
|
manifestSummary.Vulnerabilities.HighCount = &imageCveSummary.HighCount
|
|
manifestSummary.Vulnerabilities.CriticalCount = &imageCveSummary.CriticalCount
|
|
manifestSummary.Vulnerabilities.Count = &imageCveSummary.Count
|
|
}
|