Skip to content

Commit

Permalink
tls support for pushing sbom
Browse files Browse the repository at this point in the history 
Make it supports the tls configuration for the client for pushing sbom object

Signed-off-by: wang yan <[email protected]>
  • Loading branch information
@wy65701436
wy65701436 committed May 29, 2024
1 parent 1f0c828 commit 3cef2f7
Showing 1 changed file with 13 additions and 10 deletions.
23 changes: 13 additions & 10 deletions src/pkg/scan/util.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,24 +30,27 @@ import (
"github.com/opencontainers/go-digest"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"

commonhttp "github.com/goharbor/harbor/src/common/http"
"github.com/goharbor/harbor/src/lib/log"
"github.com/goharbor/harbor/src/pkg/robot/model"
v1sq "github.com/goharbor/harbor/src/pkg/scan/rest/v1"
)

// Insecure ...
type Insecure bool

// RemoteOptions ...
func (i Insecure) RemoteOptions() []remote.Option {
func RemoteOptions() []remote.Option {
tr := http.DefaultTransport.(*http.Transport).Clone()
tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: bool(i)}
tlsConfig := &tls.Config{InsecureSkipVerify: true}

Check failure

Code scanning / CodeQL

Disabled TLS certificate check High

InsecureSkipVerify should not be used in production code.
var err error
if commonhttp.InternalEnableVerifyClientCert() {
tlsConfig, err = commonhttp.GetInternalTLSConfig()
if err != nil {
log.Errorf("SBOM client load cert file with err: %v", err)
}
tr.TLSClientConfig = tlsConfig
}
return []remote.Option{remote.WithTransport(tr)}
}

type referrer struct {
Insecure
}

// GenAccessoryArt composes the accessory oci object and push it back to harbor core as an accessory of the scanned artifact.
func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[string]string, mediaType string, robot *model.Robot) (string, error) {
accArt, err := mutate.Append(empty.Image, mutate.Addendum{
Expand Down Expand Up @@ -92,7 +95,7 @@ func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[str
if err != nil {
return "", err
}
opts := append(referrer{Insecure: true}.RemoteOptions(), remote.WithAuth(&authn.Basic{Username: robot.Name, Password: robot.Secret}))
opts := append(RemoteOptions(), remote.WithAuth(&authn.Basic{Username: robot.Name, Password: robot.Secret}))
if err := remote.Write(accRef, accArt, opts...); err != nil {
return "", err
}
Expand Down

0 comments on commit 3cef2f7

Please sign in to comment.