rhel: don't consider hyphen as valid in dockerfile ENV var names

crozzy · crozzy · commit 7dd802e8f509 · 2025-01-08T14:54:48.000-08:00
This change means label values like `"$PRODNAME-$COMPNAME-container"` will
be expanded to something like `"rhdh-hub-container"` instead of `""` which I think
is preferred as the security data refers to "rhdh-hub-container" as the
package_name.

Signed-off-by: crozzy &lt;joseph.crosland@gmail.com&gt;
diff --git a/rhel/dockerfile/vars.go b/rhel/dockerfile/vars.go
@@ -209,7 +209,7 @@ func (v *Vars) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error
 
 // ValidName tests whether the rune is valid in a variable name.
 func validName(r rune) bool {
-	return unicode.In(r, unicode.Letter, unicode.Digit) || r == '_' || r == '-'
+	return unicode.In(r, unicode.Letter, unicode.Digit) || r == '_'
 }
 
 // Emit writes out the expanded variable, using state accumulated in the
diff --git a/rhel/dockerfile/vars_test.go b/rhel/dockerfile/vars_test.go
@@ -110,6 +110,15 @@ func TestVars(t *testing.T) {
 			SrcSz:   10,
 			Setup:   setX,
 		},
+		{
+			Name:    "Hyphen",
+			In:      `$X-$X`,
+			Out:     `expand-expand`,
+			SpanSz:  0,
+			SpanErr: transform.ErrEndOfSpan,
+			SrcSz:   5,
+			Setup:   setX,
+		},
 	}
 	// TODO(hank) Need to hit the various corner error cases.
 	t.Run("Span", func(t *testing.T) {
diff --git a/rhel/rhcc/scanner_test.go b/rhel/rhcc/scanner_test.go
@@ -60,6 +60,19 @@ func TestContainerScanner(t *testing.T) {
 		RepositoryHint: "rhcc",
 		Arch:           "x86_64",
 	}
+	rhdhSourceContainer := &claircore.Package{
+		Name:    "rhdh-hub-container",
+		Version: "1.3-100",
+		NormalizedVersion: claircore.Version{
+			Kind: "rhctag",
+			V:    [10]int32{1, 3},
+		},
+		Kind:           claircore.SOURCE,
+		PackageDB:      "root/buildinfo/Dockerfile-rhdh-rhdh-hub-rhel9-1.3-100",
+		RepositoryHint: "rhcc",
+		Arch:           "x86_64",
+	}
+
 	name2reposData := map[string]map[string][]string{
 		"data": {"openshift/ose-logging-elasticsearch6": {"openshift4/ose-logging-elasticsearch6"}},
 	}
@@ -130,6 +143,26 @@ func TestContainerScanner(t *testing.T) {
 				},
 			},
 		},
+		{
+			Name:       "RHDH",
+			Dockerfile: "testdata/Dockerfile-rhdh-rhdh-hub-rhel9-1.3-100",
+			Want: []*claircore.Package{
+				rhdhSourceContainer,
+				{
+					Name:    "rhdh/rhdh-hub-rhel9",
+					Version: "1.3-100",
+					NormalizedVersion: claircore.Version{
+						Kind: "rhctag",
+						V:    [10]int32{1, 3},
+					},
+					Kind:           claircore.BINARY,
+					Source:         rhdhSourceContainer,
+					PackageDB:      "root/buildinfo/Dockerfile-rhdh-rhdh-hub-rhel9-1.3-100",
+					RepositoryHint: "rhcc",
+					Arch:           "x86_64",
+				},
+			},
+		},
 	}
 	mux := http.NewServeMux()
 	mux.HandleFunc("/container-name-repos-map.json", func(w http.ResponseWriter, _ *http.Request) {

Original file line number	Diff line number	Diff line change
`@@ -209,7 +209,7 @@ func (v *Vars) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error`
`209`	`209`
`210`	`210`	`// ValidName tests whether the rune is valid in a variable name.`
`211`	`211`	`func validName(r rune) bool {`
`212`		`- return unicode.In(r, unicode.Letter, unicode.Digit) \|\| r == '_' \|\| r == '-'`
	`212`	`+ return unicode.In(r, unicode.Letter, unicode.Digit) \|\| r == '_'`
`213`	`213`	`}`
`214`	`214`
`215`	`215`	`// Emit writes out the expanded variable, using state accumulated in the`