Assume latest tag when not provided (#10)

wagoodman · web-flow · commit 552f9160e88c · 2022-03-30T10:26:42.000-04:00
diff --git a/cmd/clean_image_reference.go b/cmd/clean_image_reference.go
@@ -0,0 +1,31 @@
+package cmd
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/google/go-containerregistry/pkg/name"
+)
+
+func cleanImageReference(userInput string) (string, error) {
+	ref, err := name.ParseReference(userInput, name.WeakValidation, name.WithDefaultTag("latest"))
+	if err != nil {
+		return "", fmt.Errorf("unable to parse image reference: %w", err)
+	}
+
+	if t, ok := ref.(name.Tag); ok {
+		if !strings.HasSuffix(userInput, t.Identifier()) {
+			return userInput + ":" + t.Identifier(), nil
+		}
+		return userInput, nil
+	}
+
+	if d, ok := ref.(name.Digest); ok {
+		if !strings.HasSuffix(userInput, d.Identifier()) {
+			return userInput + "@" + d.Identifier(), nil
+		}
+		return userInput, nil
+	}
+
+	return ref.Name(), nil
+}
diff --git a/cmd/clean_image_reference_test.go b/cmd/clean_image_reference_test.go
@@ -0,0 +1,77 @@
+package cmd
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_cleanImageReference(t *testing.T) {
+	tests := []struct {
+		input   string
+		want    string
+		wantErr require.ErrorAssertionFunc
+	}{
+		{
+			input: "alpine:latest",
+			want:  "alpine:latest",
+		},
+		{
+			input: "alpine",
+			want:  "alpine:latest",
+		},
+		{
+			input: "docker",
+			want:  "docker:latest",
+		},
+		{
+			input: "anchore/syft:latest",
+			want:  "anchore/syft:latest",
+		},
+		{
+			input: "anchore/syft:v1.4.5",
+			want:  "anchore/syft:v1.4.5",
+		},
+		{
+			input: "anchore/syft",
+			want:  "anchore/syft:latest",
+		},
+		{
+			input: "docker.io/anchore/syft",
+			want:  "docker.io/anchore/syft:latest",
+		},
+		{
+			input: "registry.upbound.io/crossplane/provider-gcp:stable",
+			want:  "registry.upbound.io/crossplane/provider-gcp:stable",
+		},
+		{
+			input: "registry.upbound.io/crossplane/provider-gcp",
+			want:  "registry.upbound.io/crossplane/provider-gcp:latest",
+		},
+		{
+			input: "anchore/syft@sha256:dba09c285770f58d6685b25a0606d72420b0a7525a2338080807d138a258c671",
+			want:  "anchore/syft@sha256:dba09c285770f58d6685b25a0606d72420b0a7525a2338080807d138a258c671",
+		},
+		{
+			// mix tag and digest
+			input: "anchore/syft:latest@sha256:8bbaebbd4bfc3fed46227eba1d49643fc1bb79b23378956f96cff4c5d69dd42b",
+			want:  "anchore/syft:latest@sha256:8bbaebbd4bfc3fed46227eba1d49643fc1bb79b23378956f96cff4c5d69dd42b",
+		},
+		{
+			// mix tag and digest
+			input: "registry.upbound.io/crossplane/provider-gcp:v0.2.0@sha256:8bbaebbd4bfc3fed46227eba1d49643fc1bb79b23378956f96cff4c5d69dd42b",
+			want:  "registry.upbound.io/crossplane/provider-gcp:v0.2.0@sha256:8bbaebbd4bfc3fed46227eba1d49643fc1bb79b23378956f96cff4c5d69dd42b",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.input, func(t *testing.T) {
+			if tt.wantErr == nil {
+				tt.wantErr = require.NoError
+			}
+			got, err := cleanImageReference(tt.input)
+			tt.wantErr(t, err)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
diff --git a/cmd/root.go b/cmd/root.go
@@ -207,8 +207,13 @@ func (r runner) run(_ *cobra.Command, args []string) error {
 		}
 	}
 
+	cleanImageName, err := cleanImageReference(args[0])
+	if err != nil {
+		return nil
+	}
+
 	return eventLoop(
-		sbomExecWorker(args[0], r.client, platform, writer),
+		sbomExecWorker(cleanImageName, r.client, platform, writer),
 		setupSignals(),
 		eventSubscription,
 		stereoscope.Cleanup,
@@ -249,13 +254,13 @@ func generateSBOM(src *source.Source) (*sbom.SBOM, error) {
 	return &s, nil
 }
 
-func sbomExecWorker(userInput string, dockerCli command.Cli, platform *image.Platform, writer sbom.Writer) <-chan error {
+func sbomExecWorker(imageName string, dockerCli command.Cli, platform *image.Platform, writer sbom.Writer) <-chan error {
 	errs := make(chan error)
 	go func() {
 		defer close(errs)
 
 		provider := stereoscopeDocker.NewProviderFromDaemon(
-			userInput,
+			imageName,
 			file.NewTempDirGenerator(internal.ApplicationName),
 			dockerCli.Client(),
 			platform,
@@ -267,19 +272,19 @@ func sbomExecWorker(userInput string, dockerCli command.Cli, platform *image.Pla
 			}
 		}()
 		if err != nil {
-			errs <- fmt.Errorf("failed to fetch the image %q: %w", userInput, err)
+			errs <- fmt.Errorf("failed to fetch the image %q: %w", imageName, err)
 			return
 		}
 
 		err = img.Read()
 		if err != nil {
-			errs <- fmt.Errorf("failed to read the image %q: %w", userInput, err)
+			errs <- fmt.Errorf("failed to read the image %q: %w", imageName, err)
 			return
 		}
 
-		src, err := source.NewFromImage(img, userInput)
+		src, err := source.NewFromImage(img, imageName)
 		if err != nil {
-			errs <- fmt.Errorf("failed to construct source from user input %q: %w", userInput, err)
+			errs <- fmt.Errorf("failed to construct source from user input %q: %w", imageName, err)
 			return
 		}
 		src.Exclusions = appConfig.Exclusions
diff --git a/go.mod b/go.mod
@@ -31,6 +31,8 @@ require (
 	gotest.tools/v3 v3.1.0 // indirect
 )
 
+require github.com/google/go-containerregistry v0.8.1-0.20220209165246-a44adc326839
+
 require (
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/CycloneDX/cyclonedx-go v0.5.0 // indirect
@@ -63,7 +65,6 @@ require (
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/go-cmp v0.5.7 // indirect
-	github.com/google/go-containerregistry v0.8.1-0.20220209165246-a44adc326839 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
