truncate cname to a max of 63 chars

aquasecurity · Sep 6, 2024 · ba034fb · ba034fb
1 parent 18e40db
commit ba034fb
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 27 deletions.
diff --git a/pkg/plugins/trivy/jobspec.go b/pkg/plugins/trivy/jobspec.go
@@ -241,7 +241,13 @@ func CreateSbomDataAsSecret(bom v1alpha1.BOM, secretName string) (corev1.Secret,
 
 // CreateVolumeSbomFiles creates a volume and volume mount for the sbom data
 func CreateVolumeSbomFiles(volumeMounts *[]corev1.VolumeMount, volumes *[]corev1.Volume, secretName *string, fileName string, mountPath string, cname string) {
-	vname := fmt.Sprintf("sbomvol-%s", cname)
+	vnamePrefix := "sbomvol-"
+	// Truncate cname to ensure that vname fits within 63 characters including the prefix
+	maxCnameLength := 62 - len(vnamePrefix)
+	if len(cname) > maxCnameLength {
+		cname = cname[:maxCnameLength]
+	}
+	vname := fmt.Sprintf("%s%s", vnamePrefix, cname)
 	sbomMount := corev1.VolumeMount{
 		Name:      vname,
 		MountPath: mountPath,

diff --git a/pkg/plugins/trivy/jobspec_test.go b/pkg/plugins/trivy/jobspec_test.go
@@ -51,35 +51,53 @@ func TestCreateSbomDataSecret(t *testing.T) {
 
 func TestCreateVolumes(t *testing.T) {
 	testCases := []struct {
-		name      string
-		vm        []corev1.VolumeMount
-		v         []corev1.Volume
-		cName     string
-		sn        string
-		fn        string
-		mountPath string
+		name         string
+		vm           []corev1.VolumeMount
+		v            []corev1.Volume
+		cName        string
+		sn           string
+		fn           string
+		mountPath    string
+		expectedName string
 	}{
 		{
-			name:      "cretae volumes",
-			vm:        []corev1.VolumeMount{},
-			v:         []corev1.Volume{},
-			sn:        "test",
-			cName:     "cname",
-			mountPath: "/sbom-cname",
-			fn:        "name",
+			name:         "create volumes with normal cname",
+			vm:           []corev1.VolumeMount{},
+			v:            []corev1.Volume{},
+			sn:           "test",
+			cName:        "cname",
+			mountPath:    "/sbom-cname",
+			fn:           "name",
+			expectedName: "sbomvol-cname",
+		},
+		{
+			name:         "create volumes with long cname",
+			vm:           []corev1.VolumeMount{},
+			v:            []corev1.Volume{},
+			sn:           "test",
+			cName:        "averylongcontainername1234567890averylongcontainername1234567890",
+			mountPath:    "/sbom-longname",
+			fn:           "name",
+			expectedName: "sbomvol-averylongcontainername1234567890averylongcontainername",
 		},
 	}
-	tc := testCases[0]
-	t.Run(tc.name, func(t *testing.T) {
-		trivy.CreateVolumeSbomFiles(&tc.vm, &tc.v, &tc.sn, tc.fn, tc.mountPath, tc.cName)
-		assert.Equal(t, len(tc.vm), 1)
-		assert.Equal(t, len(tc.v), 1)
-		assert.Equal(t, tc.vm[0].Name, "sbomvol-cname")
-		assert.Equal(t, tc.vm[0].MountPath, "/sbom-cname")
-		assert.Equal(t, tc.v[0].Name, "sbomvol-cname")
-		assert.Equal(t, tc.v[0].Secret.SecretName, tc.sn)
-		assert.Equal(t, tc.v[0].Secret.Items[0].Key, "bom")
-		assert.Equal(t, tc.v[0].Secret.Items[0].Path, tc.fn)
-	})
 
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			trivy.CreateVolumeSbomFiles(&tc.vm, &tc.v, &tc.sn, tc.fn, tc.mountPath, tc.cName)
+
+			assert.Equal(t, len(tc.vm), 1)
+			assert.Equal(t, len(tc.v), 1)
+
+			assert.Equal(t, tc.vm[0].Name, tc.expectedName)
+			assert.Equal(t, tc.vm[0].MountPath, tc.mountPath)
+			assert.Equal(t, tc.v[0].Name, tc.expectedName)
+			assert.Equal(t, tc.v[0].Secret.SecretName, tc.sn)
+			assert.Equal(t, tc.v[0].Secret.Items[0].Key, "bom")
+			assert.Equal(t, tc.v[0].Secret.Items[0].Path, tc.fn)
+
+			assert.LessOrEqual(t, len(tc.vm[0].Name), 63)
+			assert.LessOrEqual(t, len(tc.v[0].Name), 63)
+		})
+	}
 }