def _CreateFilterFromImagesDescribeArgs(image, args): r"""Parses `docker images describe` arguments into a filter to send to containeranalysis API. The returned filter will combine the user-provided filter specified by the --metadata-filter flag and occurrence kind filters specified by flags such as --show-package-vulnerability. Returns None if there is no information to fetch from containeranalysis API. Args: image: the fully-qualified path of a docker image. args: user provided command line arguments. Returns: A filter string to send to the containeranalysis API. For example, given a user input: gcloud docker images describe \ us-west1-docker.pkg.dev/my-project/my-repo/ubuntu@sha256:abc \ --show-package-vulnerability \ --show-image-basis \ --metadata-filter='createTime>"2019-04-10T"' this method will create a filter: ''' ((kind="VULNERABILITY") OR (kind="IMAGE")) AND (createTime>"2019-04-10T") AND (resourceUrl=us-west1-docker.pkg.dev/my-project/my-repo/ubuntu@sha256:abc')) ''' """ occ_filter = filter_util.ContainerAnalysisFilter() filter_kinds = [] # We don't need to filter on kinds when showing all metadata if not args.show_all_metadata: if args.show_build_details: filter_kinds.append('BUILD') if args.show_package_vulnerability: filter_kinds.append('VULNERABILITY') filter_kinds.append('DISCOVERY') if args.show_image_basis: filter_kinds.append('IMAGE') if args.show_deployment: filter_kinds.append('DEPLOYMENT') # args include none of the occurrence types, there's no need to call the # containeranalysis API. if not filter_kinds: return None occ_filter.WithKinds(filter_kinds) occ_filter.WithCustomFilter(args.metadata_filter) occ_filter.WithResources([image]) return occ_filter.GetFilter()
def _CreateFilterForImages(repo_or_image, custom_filter, images): """Creates a list of filters from a docker image prefix, a custom filter and fully-qualified image URLs. Args: repo_or_image: an instance of DockerImage or DockerRepo. custom_filter: user provided filter string. images: fully-qualified docker image URLs. Only metadata of these images will be retrieved. Returns: A filter string to send to the containeranalysis API. """ occ_filter = filter_util.ContainerAnalysisFilter() occ_filter.WithResourcePrefix(repo_or_image.GetDockerString()) occ_filter.WithResources(images) occ_filter.WithCustomFilter(custom_filter) return occ_filter.GetChunkifiedFilters()
def _CreateFilterForImages(prefix, custom_filter, images): """Creates a list of filters from a docker image prefix, a custom filter and fully-qualified image URLs. Args: prefix: an URL prefix. Only metadata of images with this prefix will be retrieved. custom_filter: user provided filter string. images: fully-qualified docker image URLs. Only metadata of these images will be retrieved. Returns: A filter string to send to the containeranalysis API. """ occ_filter = filter_util.ContainerAnalysisFilter() occ_filter.WithResourcePrefix(prefix) occ_filter.WithResources(images) occ_filter.WithCustomFilter(custom_filter) return occ_filter.GetChunkifiedFilters()
def GetContainerAnalysisMetadata(docker_version, args): """Retrieves metadata for a docker image.""" metadata = ContainerAnalysisMetadata() docker_str = docker_version.GetDockerString() occ_filter = _CreateFilterFromImagesDescribeArgs(docker_str, args) if occ_filter is None: return metadata occurrences = ca_requests.ListOccurrences(docker_version.project, occ_filter) for occ in occurrences: metadata.AddOccurrence(occ) if metadata.vulnerability.vulnerabilities: vuln_summary = ca_requests.GetVulnerabilitySummary( docker_version.project, filter_util.ContainerAnalysisFilter().WithResources( [docker_str]).GetFilter()) metadata.vulnerability.AddSummary(vuln_summary) return metadata
def GetContainerAnalysisMetadataForImages(repo_or_image, occurrence_filter, images): """Retrieves metadata for all images with a given path prefix.""" metadata = collections.defaultdict(ContainerAnalysisMetadata) prefix = 'https://{}'.format(repo_or_image.GetDockerString()) occ_filters = _CreateFilterForImages(prefix, occurrence_filter, images) occurrences = ca_requests.ListOccurrencesWithFilters( repo_or_image.project, occ_filters) for occ in occurrences: metadata.setdefault(occ.resourceUri, ContainerAnalysisMetadata()).AddOccurrence(occ) summary_filters = filter_util.ContainerAnalysisFilter().WithResourcePrefix( prefix).WithResources(images).GetChunkifiedFilters() summaries = ca_requests.GetVulnerabilitySummaryWithFilters( repo_or_image.project, summary_filters) for summary in summaries: for count in summary.counts: metadata.setdefault( count.resourceUri, ContainerAnalysisMetadata()).vulnerability.AddCount(count) return metadata