Also filter supported artefact types for ClamAV extension

open-component-model · Feb 4, 2025 · b818611 · b818611
1 parent 6ed16fa
commit b818611
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 5 deletions.
diff --git a/malware/__main__.py b/malware/__main__.py
@@ -129,7 +129,10 @@ def scan_resource(
         aws_secret = secret_factory.aws(aws_secret_name)
         s3_client = aws_secret.session.resource('s3')
 
-        if not resource.type.startswith('application/tar'):
+        if (
+            not resource.type.startswith('application/tar')
+            and not resource.type.startswith('application/x-tar')
+        ):
             raise NotImplementedError(resource.type)
 
         fileobj = s3_client.Object(
@@ -231,13 +234,17 @@ def scan_and_upload(
         component_descriptor_lookup=component_descriptor_lookup,
         artefact=artefact,
     )
-    access = resource_node.resource.access
+    access_type = resource_node.resource.access.type
+    resource_type = resource_node.resource.type
 
-    if not clamav_cfg.is_supported(access_type=access.type):
+    if not clamav_cfg.is_supported(
+        access_type=access_type,
+        artefact_type=resource_type,
+    ):
         if clamav_cfg.on_unsupported is odg.scan_cfg.WarningVerbosities.FAIL:
             raise TypeError(
-                f'{access.type} is not supported by the ClamAV extension, maybe the filter '
-                'configurations have to be adjusted to filter out this access type'
+                f'{access_type=} with {resource_type=} is not supported by the ClamAV extension, '
+                'maybe the filter configurations have to be adjusted to filter out these types'
             )
         return
 

diff --git a/odg/scan_cfg.py b/odg/scan_cfg.py
@@ -322,6 +322,7 @@ def is_supported(
         self,
         artefact_kind: dso.model.ArtefactKind | None=None,
         access_type: ocm.AccessType | None=None,
+        artefact_type: str | None=None,
     ) -> bool:
         supported_artefact_kinds = (
             dso.model.ArtefactKind.RESOURCE,
@@ -331,6 +332,9 @@ def is_supported(
             ocm.AccessType.LOCAL_BLOB,
             ocm.AccessType.S3,
         )
+        supported_artefact_types_by_access_type = {
+            ocm.AccessType.S3: ('application/tar', 'application/x-tar'),
+        }
 
         is_supported = True
 
@@ -349,6 +353,22 @@ def is_supported(
                     f'{access_type=} is not supported for ClamAV scans, {supported_access_types=}'
                 )
 
+        if (
+            artefact_type
+            and access_type
+            and (artefact_types := supported_artefact_types_by_access_type.get(access_type))
+        ):
+            if not any(
+                artefact_type.startswith(supported_artefact_type)
+                for supported_artefact_type in artefact_types
+            ):
+                is_supported = False
+                if self.on_unsupported is WarningVerbosities.WARNING:
+                    logger.warning(
+                        f'{artefact_type=} is not supported for ClamAV scans with {access_type=}, '
+                        f'{supported_artefact_types_by_access_type=}'
+                    )
+
         return is_supported