Add SBOM protocol buffer definitions

[L3n41c]

Reviewers: please see the review guidelines.

Define the SBOM message to be sent by the agent to the sbom EVP track.

This payload is further described in the “Container images vulnerabilities” RFC.

This PR is built on top of #213.

Generating the upstream CycloneDX .proto file with the current versions of protoc and gogo/protobuf doesn’t work.

• The .proto file isn’t considered valid. protoc complains about the optional keyword for ex.

  proto/deps/github.com/CycloneDX/specification/schema/bom-1.4.proto:9:12: Explicit 'optional' labels are disallowed in the Proto3 syntax. To define 'optional' fields in Proto3, simply remove the 'optional' label, as fields are 'optional' by default.
  proto/deps/github.com/CycloneDX/specification/schema/bom-1.4.proto:11:12: Explicit 'optional' labels are disallowed in the Proto3 syntax. To define 'optional' fields in Proto3, simply remove the 'optional' label, as fields are 'optional' by default.
  …
  

• Even if the .proto file is “fixed”, the generated code doesn’t work because the use of “well-know” types like google.protobuf.Timestamp generates use of external GO modules (github.com/golang/protobuf/ptypes/timestamp) that don’t implement the interface expected by the generated code.

  cyclonedx_v1_4/bom-1.4.pb.go:3522:55: m.Timestamp.Size undefined (type *timestamppb.Timestamp has no field or method Size)
  cyclonedx_v1_4/bom-1.4.pb.go:3523:26: m.Timestamp.MarshalTo undefined (type *timestamppb.Timestamp has no field or method MarshalTo)
  …
  

Upgrading the version of the ProtocolBuffer compiler for all the messages doesn’t work because it adds some state, sizeCache and unknownFields google.golang.org/protobuf/runtime/protoimpl unexported fields which are making the generated struct unsuitable for:

• comparison inside unit tests;
• use as keys in map[…]…;

  pkg/process/net/resolver/resolver.go:51:18: cannot use *networkAddr (variable of type process.ContainerAddr) as type process.ContainerAddr in map index
  

• being copied (go vet complains each time a generated struct is copied (either passed by value as a function argument or as a function return value) because one of the protoimpl unexported field contains a sync.Mutex which cannot be copied.

  pkg/network/encoding/encoding.go:97:9: copylocks: range var v copies lock: github.com/DataDog/datadog-agent/pkg/network/encoding.RouteIdx contains github.com/DataDog/agent-payload/v5/process.Route contains google.golang.org/protobuf/internal/impl.MessageState contains sync.Mutex (govet)
  	for _, v := range routeIndex {
  	       ^
  pkg/network/encoding/format.go:233:16: copylocks: assignment copies lock value to idx: (github.com/DataDog/datadog-agent/pkg/network/encoding.RouteIdx, bool) contains github.com/DataDog/datadog-agent/pkg/network/encoding.RouteIdx contains github.com/DataDog/agent-payload/v5/process.Route contains google.golang.org/protobuf/internal/impl.MessageState contains sync.Mutex (govet)
  	if idx, ok := routes[k]; ok {
  	              ^
  pkg/network/encoding/format_test.go:75:11: copylocks: range var v copies lock: github.com/DataDog/datadog-agent/pkg/network/encoding.RouteIdx contains github.com/DataDog/agent-payload/v5/process.Route contains google.golang.org/protobuf/internal/impl.MessageState contains sync.Mutex (govet)
  			for k, v := range te.routesOut {
  			       ^
  pkg/network/encoding/format_test.go:76:19: copylocks: assignment copies lock value to otherv: (github.com/DataDog/datadog-agent/pkg/network/encoding.RouteIdx, bool) contains github.com/DataDog/datadog-agent/pkg/network/encoding.RouteIdx contains github.com/DataDog/agent-payload/v5/process.Route contains google.golang.org/protobuf/internal/impl.MessageState contains sync.Mutex (govet)
  				otherv, ok := te.routesIn[k]
  				              ^
  pkg/network/encoding/format_test.go:78:22: copylocks: call of require.Equal copies lock value: github.com/DataDog/datadog-agent/pkg/network/encoding.RouteIdx contains github.com/DataDog/agent-payload/v5/process.Route contains google.golang.org/protobuf/internal/impl.MessageState contains sync.Mutex (govet)
  				require.Equal(t, v, otherv, "routes in and out are not equal, expected: %v, actual: %v", te.routesOut, te.routesIn)
  				                 ^
  

That’s why I had to use different version of protoc depending on the message.

[rtfpessoa]

In what cases can it be UNSPECIFIED. Can this be useful?

[L3n41c]

It’s just that 0 is the default value when a field isn’t explicitly set or present in the encoded buffer.
Having a dedicated value for 0 allows to make the distinction between a bug where we forgot to set the field and a functionally relevant value.
I basically only mimicked the samples of the enum documentation.

[L3n41c]

I’ve extracted the protoc upgrade in a dedicated PR: #213.

[L3n41c]

I’ve rebased this PR on top of #213, which allowed me to undo the hack I had to apply on top of the upstream CycloneDX .proto file to make it accepted by the deprecated gogo/protobuf compiler.
In order to review only the SBOM related changes, you should have a look at ba62413.

[truthbk]

There are a number of things wrong with the repository but none of them are caused by this PR; I know you are just trying to work around the pertinent issues. I have to admit I'm not thrilled about you having to implement all those workarounds/hacks to be able to introduce the sbom definitions, but I understand we really have to tackle addressing all those issues in a separate effort. 😞