gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-05 20:40:16 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
8f5b56005a4e8752976524750089dc9ea2c91e40
trivy/pkg/fanal/image/daemon/docker.go
Teppei Fukuda 8f5b56005a chore: implement process-safe temp file cleanup (#9241) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@users.noreply.github.com>
2025-07-28 13:49:03 +00:00

78 lines
2.1 KiB
Go
Raw Blame History

package daemon
import (
"context"
"os"
"github.com/docker/docker/client"
"github.com/google/go-containerregistry/pkg/name"
"golang.org/x/xerrors"
xos "github.com/aquasecurity/trivy/pkg/x/os"
)
// DockerImage implements v1.Image by extending daemon.Image.
// The caller must call cleanup() to remove a temporary file.
func DockerImage(ref name.Reference, host string) (Image, func(), error) {
cleanup := func() {}
// Resolve Docker host based on priority: --docker-host > DOCKER_HOST > DOCKER_CONTEXT > current context
resolvedHost, err := resolveDockerHost(host)
if err != nil {
return nil, cleanup, xerrors.Errorf("failed to resolve Docker host: %w", err)
}
opts := []client.Opt{
client.FromEnv,
client.WithAPIVersionNegotiation(),
}
if resolvedHost != "" {
opts = append(opts, client.WithHost(resolvedHost))
}
c, err := client.NewClientWithOpts(opts...)
if err != nil {
return nil, cleanup, xerrors.Errorf("failed to initialize a docker client: %w", err)
}
defer func() {
if err != nil {
_ = c.Close()
}
}()
// <image_name>:<tag> pattern like "alpine:3.15"
// or
// <image_name>@<digest> pattern like "alpine@sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300"
imageID := ref.Name()
inspect, err := c.ImageInspect(context.Background(), imageID)
if err != nil {
imageID = ref.String() // <image_id> pattern like `5ac716b05a9c`
inspect, err = c.ImageInspect(context.Background(), imageID)
if err != nil {
return nil, cleanup, xerrors.Errorf("unable to inspect the image (%s): %w", imageID, err)
}
}
history, err := c.ImageHistory(context.Background(), imageID)
if err != nil {
return nil, cleanup, xerrors.Errorf("unable to get history (%s): %w", imageID, err)
}
f, err := xos.CreateTemp("", "docker-export-")
if err != nil {
return nil, cleanup, xerrors.Errorf("failed to create a temporary file: %w", err)
}
cleanup = func() {
_ = c.Close()
_ = f.Close()
_ = os.Remove(f.Name())
}
return &image{
opener: imageOpener(context.Background(), imageID, f, c.ImageSave),
inspect: inspect,
history: configHistory(history),
}, cleanup, nil
}
Reference in New Issue View Git Blame Copy Permalink