mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-23 15:37:50 -08:00
refact import cycle in docker package
This commit is contained in:
Tomoya AMACHI
@@ -5,13 +5,13 @@ import (
|
|||||||
"io"
|
"io"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/knqyf263/fanal/types"
|
||||||
|
|
||||||
"golang.org/x/xerrors"
|
"golang.org/x/xerrors"
|
||||||
|
|
||||||
"github.com/knqyf263/fanal/extractor"
|
"github.com/knqyf263/fanal/extractor"
|
||||||
"github.com/knqyf263/fanal/extractor/docker"
|
"github.com/knqyf263/fanal/extractor/docker"
|
||||||
_ "github.com/knqyf263/fanal/extractor/docker/token/ecr"
|
godeptypes "github.com/knqyf263/go-dep-parser/pkg/types"
|
||||||
_ "github.com/knqyf263/fanal/extractor/docker/token/gcr"
|
|
||||||
"github.com/knqyf263/go-dep-parser/pkg/types"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@@ -38,7 +38,7 @@ type PkgAnalyzer interface {
|
|||||||
type FilePath string
|
type FilePath string
|
||||||
|
|
||||||
type LibraryAnalyzer interface {
|
type LibraryAnalyzer interface {
|
||||||
Analyze(extractor.FileMap) (map[FilePath][]types.Library, error)
|
Analyze(extractor.FileMap) (map[FilePath][]godeptypes.Library, error)
|
||||||
RequiredFiles() []string
|
RequiredFiles() []string
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -92,13 +92,13 @@ func RequiredFilenames() []string {
|
|||||||
return filenames
|
return filenames
|
||||||
}
|
}
|
||||||
|
|
||||||
func Analyze(ctx context.Context, imageName string, opts ...docker.DockerOption) (filesMap extractor.FileMap, err error) {
|
func Analyze(ctx context.Context, imageName string, opts ...types.DockerOption) (filesMap extractor.FileMap, err error) {
|
||||||
var opt docker.DockerOption
|
var opt types.DockerOption
|
||||||
if len(opts) > 0 {
|
if len(opts) > 0 {
|
||||||
opt = opts[0]
|
opt = opts[0]
|
||||||
} else {
|
} else {
|
||||||
// default docker option
|
// default docker option
|
||||||
opt = docker.DockerOption{
|
opt = types.DockerOption{
|
||||||
Timeout: 600 * time.Second,
|
Timeout: 600 * time.Second,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -122,7 +122,7 @@ func Analyze(ctx context.Context, imageName string, opts ...docker.DockerOption)
|
|||||||
}
|
}
|
||||||
|
|
||||||
func AnalyzeFromFile(ctx context.Context, r io.ReadCloser) (filesMap extractor.FileMap, err error) {
|
func AnalyzeFromFile(ctx context.Context, r io.ReadCloser) (filesMap extractor.FileMap, err error) {
|
||||||
e := docker.NewDockerExtractor(docker.DockerOption{})
|
e := docker.NewDockerExtractor(types.DockerOption{})
|
||||||
filesMap, err = e.ExtractFromFile(ctx, r, RequiredFilenames())
|
filesMap, err = e.ExtractFromFile(ctx, r, RequiredFilenames())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, xerrors.Errorf("failed to extract files from tar: %w", err)
|
return nil, xerrors.Errorf("failed to extract files from tar: %w", err)
|
||||||
@@ -157,8 +157,8 @@ func CheckPackage(pkg *Package) bool {
|
|||||||
return pkg.Name != "" && pkg.Version != ""
|
return pkg.Name != "" && pkg.Version != ""
|
||||||
}
|
}
|
||||||
|
|
||||||
func GetLibraries(filesMap extractor.FileMap) (map[FilePath][]types.Library, error) {
|
func GetLibraries(filesMap extractor.FileMap) (map[FilePath][]godeptypes.Library, error) {
|
||||||
results := map[FilePath][]types.Library{}
|
results := map[FilePath][]godeptypes.Library{}
|
||||||
for _, analyzer := range libAnalyzers {
|
for _, analyzer := range libAnalyzers {
|
||||||
libMap, err := analyzer.Analyze(filesMap)
|
libMap, err := analyzer.Analyze(filesMap)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@@ -10,9 +10,11 @@ import (
|
|||||||
"log"
|
"log"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/knqyf263/fanal/extractor"
|
"github.com/knqyf263/fanal/extractor"
|
||||||
|
"github.com/knqyf263/fanal/extractor/docker/token/ecr"
|
||||||
|
"github.com/knqyf263/fanal/extractor/docker/token/gcr"
|
||||||
|
"github.com/knqyf263/fanal/types"
|
||||||
|
|
||||||
"github.com/docker/distribution/manifest/schema2"
|
"github.com/docker/distribution/manifest/schema2"
|
||||||
"github.com/docker/docker/client"
|
"github.com/docker/docker/client"
|
||||||
@@ -40,26 +42,14 @@ type layer struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type opqDirs []string
|
type opqDirs []string
|
||||||
|
|
||||||
type DockerExtractor struct {
|
type DockerExtractor struct {
|
||||||
Option DockerOption
|
Option types.DockerOption
|
||||||
}
|
}
|
||||||
|
|
||||||
type DockerOption struct {
|
func NewDockerExtractor(option types.DockerOption) DockerExtractor {
|
||||||
AuthURL string
|
RegisterRegistry(&gcr.GCR{})
|
||||||
UserName string
|
RegisterRegistry(&ecr.ECR{})
|
||||||
Password string
|
|
||||||
GcpCredPath string
|
|
||||||
AwsAccessKey string
|
|
||||||
AwsSecretKey string
|
|
||||||
AwsRegion string
|
|
||||||
Insecure bool
|
|
||||||
Debug bool
|
|
||||||
SkipPing bool
|
|
||||||
NonSSL bool
|
|
||||||
Timeout time.Duration
|
|
||||||
}
|
|
||||||
|
|
||||||
func NewDockerExtractor(option DockerOption) DockerExtractor {
|
|
||||||
return DockerExtractor{Option: option}
|
return DockerExtractor{Option: option}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -269,6 +259,7 @@ func (d DockerExtractor) ExtractFromFile(ctx context.Context, r io.Reader, filen
|
|||||||
|
|
||||||
return applyLayers(manifests[0].Layers, filesInLayers, opqInLayers)
|
return applyLayers(manifests[0].Layers, filesInLayers, opqInLayers)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d DockerExtractor) ExtractFiles(layer io.Reader, filenames []string) (extractor.FileMap, opqDirs, error) {
|
func (d DockerExtractor) ExtractFiles(layer io.Reader, filenames []string) (extractor.FileMap, opqDirs, error) {
|
||||||
data := make(map[string][]byte)
|
data := make(map[string][]byte)
|
||||||
opqDirs := opqDirs{}
|
opqDirs := opqDirs{}
|
||||||
|
|||||||
@@ -3,8 +3,9 @@ package docker
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
|
||||||
"github.com/docker/docker/api/types"
|
dockertypes "github.com/docker/docker/api/types"
|
||||||
"github.com/genuinetools/reg/repoutils"
|
"github.com/genuinetools/reg/repoutils"
|
||||||
|
"github.com/knqyf263/fanal/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@@ -12,7 +13,7 @@ var (
|
|||||||
)
|
)
|
||||||
|
|
||||||
type Registry interface {
|
type Registry interface {
|
||||||
CheckOptions(domain string, option DockerOption) error
|
CheckOptions(domain string, option types.DockerOption) error
|
||||||
GetCredential(ctx context.Context) (string, string, error)
|
GetCredential(ctx context.Context) (string, string, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -20,7 +21,7 @@ func RegisterRegistry(registry Registry) {
|
|||||||
registries = append(registries, registry)
|
registries = append(registries, registry)
|
||||||
}
|
}
|
||||||
|
|
||||||
func GetToken(ctx context.Context, domain string, opt DockerOption) (auth types.AuthConfig, err error) {
|
func GetToken(ctx context.Context, domain string, opt types.DockerOption) (auth dockertypes.AuthConfig, err error) {
|
||||||
authDomain := opt.AuthURL
|
authDomain := opt.AuthURL
|
||||||
if authDomain == "" {
|
if authDomain == "" {
|
||||||
authDomain = domain
|
authDomain = domain
|
||||||
|
|||||||
@@ -5,11 +5,11 @@ import (
|
|||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/knqyf263/fanal/types"
|
||||||
|
|
||||||
"github.com/aws/aws-sdk-go/aws"
|
"github.com/aws/aws-sdk-go/aws"
|
||||||
"github.com/aws/aws-sdk-go/aws/credentials"
|
"github.com/aws/aws-sdk-go/aws/credentials"
|
||||||
|
|
||||||
"github.com/knqyf263/fanal/extractor/docker"
|
|
||||||
|
|
||||||
"github.com/aws/aws-sdk-go/aws/session"
|
"github.com/aws/aws-sdk-go/aws/session"
|
||||||
"github.com/aws/aws-sdk-go/service/ecr"
|
"github.com/aws/aws-sdk-go/service/ecr"
|
||||||
"github.com/aws/aws-sdk-go/service/ecr/ecriface"
|
"github.com/aws/aws-sdk-go/service/ecr/ecriface"
|
||||||
@@ -18,15 +18,11 @@ import (
|
|||||||
|
|
||||||
const ecrURL = "amazonaws.com"
|
const ecrURL = "amazonaws.com"
|
||||||
|
|
||||||
func init() {
|
|
||||||
docker.RegisterRegistry(&ECR{})
|
|
||||||
}
|
|
||||||
|
|
||||||
type ECR struct {
|
type ECR struct {
|
||||||
Client ecriface.ECRAPI
|
Client ecriface.ECRAPI
|
||||||
}
|
}
|
||||||
|
|
||||||
func getSession(option docker.DockerOption) (*session.Session, error) {
|
func getSession(option types.DockerOption) (*session.Session, error) {
|
||||||
// create custom credential information if option is valid
|
// create custom credential information if option is valid
|
||||||
if option.AwsSecretKey != "" && option.AwsAccessKey != "" && option.AwsRegion != "" {
|
if option.AwsSecretKey != "" && option.AwsAccessKey != "" && option.AwsRegion != "" {
|
||||||
return session.NewSessionWithOptions(
|
return session.NewSessionWithOptions(
|
||||||
@@ -48,7 +44,7 @@ func getSession(option docker.DockerOption) (*session.Session, error) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e *ECR) CheckOptions(domain string, option docker.DockerOption) error {
|
func (e *ECR) CheckOptions(domain string, option types.DockerOption) error {
|
||||||
if !strings.HasSuffix(domain, ecrURL) {
|
if !strings.HasSuffix(domain, ecrURL) {
|
||||||
return xerrors.New("invalid ECR url pattern")
|
return xerrors.New("invalid ECR url pattern")
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -4,34 +4,27 @@ import (
|
|||||||
"context"
|
"context"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/knqyf263/fanal/types"
|
||||||
|
|
||||||
"golang.org/x/xerrors"
|
"golang.org/x/xerrors"
|
||||||
|
|
||||||
"github.com/knqyf263/fanal/extractor/docker"
|
|
||||||
|
|
||||||
"github.com/docker/docker/api/types"
|
|
||||||
|
|
||||||
"github.com/GoogleCloudPlatform/docker-credential-gcr/config"
|
"github.com/GoogleCloudPlatform/docker-credential-gcr/config"
|
||||||
"github.com/GoogleCloudPlatform/docker-credential-gcr/credhelper"
|
"github.com/GoogleCloudPlatform/docker-credential-gcr/credhelper"
|
||||||
"github.com/GoogleCloudPlatform/docker-credential-gcr/store"
|
"github.com/GoogleCloudPlatform/docker-credential-gcr/store"
|
||||||
)
|
)
|
||||||
|
|
||||||
type GCR struct {
|
type GCR struct {
|
||||||
Store store.GCRCredStore
|
Store store.GCRCredStore
|
||||||
Auth types.AuthConfig
|
domain string
|
||||||
}
|
}
|
||||||
|
|
||||||
const gcrURL = "gcr.io"
|
const gcrURL = "gcr.io"
|
||||||
|
|
||||||
func init() {
|
func (g *GCR) CheckOptions(domain string, d types.DockerOption) error {
|
||||||
docker.RegisterRegistry(&GCR{})
|
|
||||||
}
|
|
||||||
|
|
||||||
func (g *GCR) CheckOptions(domain string, d docker.DockerOption) error {
|
|
||||||
if !strings.HasSuffix(domain, gcrURL) {
|
if !strings.HasSuffix(domain, gcrURL) {
|
||||||
return xerrors.New("invalid GCR url pattern")
|
return xerrors.New("invalid GCR url pattern")
|
||||||
}
|
}
|
||||||
|
g.domain = domain
|
||||||
g.Auth = types.AuthConfig{}
|
|
||||||
if d.GcpCredPath != "" {
|
if d.GcpCredPath != "" {
|
||||||
g.Store = store.NewGCRCredStore(d.GcpCredPath)
|
g.Store = store.NewGCRCredStore(d.GcpCredPath)
|
||||||
}
|
}
|
||||||
@@ -53,5 +46,5 @@ func (g *GCR) GetCredential(ctx context.Context) (username, password string, err
|
|||||||
return "", "", err
|
return "", "", err
|
||||||
}
|
}
|
||||||
helper := credhelper.NewGCRCredentialHelper(credStore, userCfg)
|
helper := credhelper.NewGCRCredentialHelper(credStore, userCfg)
|
||||||
return helper.Get(g.Auth.ServerAddress)
|
return helper.Get(g.domain)
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user