feat(materials): add support for tar.gz junit bundles (#1659)

Signed-off-by: Jose I. Paris <[email protected]>

Author: jiparis

pkg/attestation/crafter/materials/junit/junit.go

@@ -16,15 +16,16 @@
 package junit
 
 import (
+	"archive/tar"
 	"archive/zip"
 	"bufio"
+	"compress/gzip"
 	"errors"
 	"fmt"
 	"io"
 	"io/fs"
 	"net/http"
 	"os"
-	"path/filepath"
 	"strings"
 
 	"github.com/joshdk/go-junit"
@@ -51,9 +52,14 @@ func Ingest(filePath string) ([]junit.Suite, error) {
 	mime := http.DetectContentType(buf)
 	switch strings.Split(mime, ";")[0] {
 	case "application/zip":
-		suites, err = ingestArchive(filePath)
+		suites, err = ingestZipArchive(filePath)
 		if err != nil {
-			return nil, fmt.Errorf("could not ingest JUnit XML: %w", err)
+			return nil, fmt.Errorf("could not ingest Zip archive : %w", err)
+		}
+	case "application/x-gzip":
+		suites, err = ingestGzipArchive(filePath)
+		if err != nil {
+			return nil, fmt.Errorf("could not ingest GZip archive: %w", err)
 		}
 	case "text/xml", "application/xml":
 		suites, err = junit.IngestFile(filePath)
@@ -70,52 +76,74 @@ func Ingest(filePath string) ([]junit.Suite, error) {
 	return suites, nil
 }
 
-func ingestArchive(filename string) ([]junit.Suite, error) {
-	archive, err := zip.OpenReader(filename)
+func ingestGzipArchive(filename string) ([]junit.Suite, error) {
+	result := make([]junit.Suite, 0)
+
+	f, err := os.Open(filename)
 	if err != nil {
-		return nil, fmt.Errorf("could not open zip archive: %w", err)
+		return nil, fmt.Errorf("can't open the file: %w", err)
 	}
-	defer archive.Close()
-	dir, err := os.MkdirTemp("", "junit")
+	defer f.Close()
+
+	// Decompress the file if possible
+	uncompressedStream, err := gzip.NewReader(f)
 	if err != nil {
-		return nil, fmt.Errorf("could not create temporary directory: %w", err)
+		return nil, fmt.Errorf("can't uncompress file, unexpected material type: %w", err)
 	}
-	for _, zf := range archive.File {
-		if zf.FileInfo().IsDir() {
-			continue
-		}
-		// extract file to dir
-		// nolint: gosec
-		path := filepath.Join(dir, zf.Name)
 
-		// Check for ZipSlip (Directory traversal)
-		if !strings.HasPrefix(path, filepath.Clean(dir)+string(os.PathSeparator)) {
-			return nil, fmt.Errorf("illegal file path: %s", path)
+	// Create a tar reader
+	tarReader := tar.NewReader(uncompressedStream)
+	for {
+		header, err := tarReader.Next()
+		if err != nil {
+			if errors.Is(err, io.EOF) {
+				// Reached the end of tar archive
+				break
+			}
+			return nil, fmt.Errorf("can't read tar header: %w", err)
+		}
+		// Check if the file is a regular file
+		if header.Typeflag != tar.TypeReg || !strings.HasSuffix(header.Name, ".xml") {
+			continue // Skip if it's not a regular file
 		}
 
-		f, err := os.Create(path)
+		suites, err := junit.IngestReader(tarReader)
 		if err != nil {
-			return nil, fmt.Errorf("could not open file %s: %w", path, err)
+			return nil, fmt.Errorf("can't ingest JUnit XML file %q: %w", header.Name, err)
+		}
+		result = append(result, suites...)
+	}
+
+	return result, nil
+}
+
+func ingestZipArchive(filename string) ([]junit.Suite, error) {
+	result := make([]junit.Suite, 0)
+
+	archive, err := zip.OpenReader(filename)
+	if err != nil {
+		return nil, fmt.Errorf("could not open zip archive: %w", err)
+	}
+	defer archive.Close()
+
+	for _, zf := range archive.File {
+		if zf.FileInfo().IsDir() || !strings.HasSuffix(zf.Name, ".xml") {
+			continue
 		}
 
 		rc, err := zf.Open()
 		if err != nil {
-			return nil, fmt.Errorf("could not open file %s: %w", path, err)
+			return nil, fmt.Errorf("could not open file %q: %w", zf.Name, err)
 		}
 
-		_, err = f.ReadFrom(rc)
+		suites, err := junit.IngestReader(rc)
 		if err != nil {
-			return nil, fmt.Errorf("could not read file %s: %w", path, err)
+			return nil, fmt.Errorf("could not ingest JUnit XML file %q: %w", zf.Name, err)
 		}
 
-		rc.Close()
-		f.Close()
+		result = append(result, suites...)
+		_ = rc.Close()
 	}
 
-	suites, err := junit.IngestDir(dir)
-	if err != nil {
-		return nil, fmt.Errorf("could not ingest JUnit XML: %w", err)
-	}
-
-	return suites, nil
+	return result, nil
 }

pkg/attestation/crafter/materials/junit/junit_test.go

@@ -0,0 +1,64 @@
+//
+// Copyright 2024 The Chainloop Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package junit
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIngest(t *testing.T) {
+	cases := []struct {
+		name      string
+		filename  string
+		nSuites   int
+		expectErr bool
+	}{
+		{
+			name:     "single junit report",
+			filename: "../testdata/junit.xml",
+			nSuites:  2,
+		},
+		{
+			name:     "zipped reports",
+			filename: "../testdata/tests.zip",
+			nSuites:  13,
+		},
+		{
+			name:     "gzipped reports",
+			filename: "../testdata/tests.tar.gz",
+			nSuites:  13,
+		},
+		{
+			name:      "invalid xml",
+			filename:  "../testdata/junit-invalid.xml",
+			expectErr: true,
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			suites, err := Ingest(tc.filename)
+			if tc.expectErr {
+				assert.Error(t, err)
+				return
+			}
+			assert.NoError(t, err)
+			assert.Equal(t, tc.nSuites, len(suites))
+		})
+	}
+}