def execute_docker_image(args): '''Execution path if given a Docker image''' logger.debug('Setting up...') image_string = args.docker_image if not args.raw_image: # don't check docker daemon for raw images container.check_docker_setup() else: image_string = args.raw_image report.setup(image_tag_string=image_string) # attempt to get built image metadata full_image = report.load_full_image(image_string) if full_image.origins.is_empty(): # image loading was successful # Add an image origin here full_image.origins.add_notice_origin( formats.docker_image.format(imagetag=image_string)) # analyze image analyze(full_image, args) # generate report report.report_out(args, full_image) else: # we cannot load the full image logger.warning('Cannot retrieve full image metadata') if not args.keep_wd: report.clean_image_tars(full_image) logger.debug('Teardown...') report.teardown() if not args.keep_wd: report.clean_working_dir()
action='store_true', help='Clean up the mounts') args = parser.parse_args() # check if we need to clean if args.clean: unmount() cleanup() sys.exit(0) # check if the docker is set up properly first container.check_docker_setup() # first, list all the layers in the image in this format # [<layer number>] created_by report.setup(image_tag_string=args.image) image_obj = report.load_full_image(args.image) if image_obj.origins.is_empty(): # image loading was successful # list all the layers for layer in image_obj.layers: created_by = layer.created_by if layer.created_by else 'unknown' print("[{}] {}".format(image_obj.layers.index(layer), created_by)) try: while True: try: # input is safe in Python3 top_layer = int(input("Pick a layer to debug: ")) # nosec except ValueError: print("Not an integer") continue
def execute_dockerfile(args): # noqa C901,R0912 '''Execution path if given a dockerfile''' container.check_docker_setup() logger.debug('Setting up...') dfile = '' dfile_lock = False if args.name == 'report': dfile = args.dockerfile else: dfile = args.lock dfile_lock = True dfobj = dockerfile.get_dockerfile_obj(dfile) # expand potential ARG values so base image tag is correct dockerfile.expand_arg(dfobj) dockerfile.expand_vars(dfobj) report.setup(dfobj=dfobj) # attempt to build the image logger.debug('Building Docker image...') # placeholder to check if we can analyze the full image completed = True build, _ = dhelper.is_build() if build: # attempt to get built image metadata image_tag_string = dhelper.get_dockerfile_image_tag() full_image = report.load_full_image(image_tag_string) if full_image.origins.is_empty(): # image loading was successful # Add an image origin here full_image.origins.add_notice_origin( formats.dockerfile_image.format(dockerfile=dfile)) # analyze image analyze(full_image, args, dfile_lock, dfobj) else: # we cannot load the full image logger.warning('Cannot retrieve full image metadata') completed = False # clean up image container.remove_image(full_image.repotag) if not args.keep_wd: report.clean_image_tars(full_image) else: # cannot build the image logger.warning('Cannot build image') completed = False # check if we have analyzed the full image or not if not completed: # get the base image logger.debug('Loading base image...') base_image = report.load_base_image() if base_image.origins.is_empty(): # image loading was successful # add a notice stating failure to build image base_image.origins.add_notice_to_origins( dfile, Notice(formats.image_build_failure, 'warning')) # analyze image analyze(base_image, args, dfile_lock, dfobj) else: # we cannot load the base image logger.warning('Cannot retrieve base image metadata') stub_image = get_dockerfile_packages() if args.name == 'report': if not args.keep_wd: report.clean_image_tars(base_image) # generate report based on what images were created if not dfile_lock: if completed: report.report_out(args, full_image) else: report.report_out(args, base_image, stub_image) else: logger.debug('Parsing Dockerfile to generate report...') output = dockerfile.create_locked_dockerfile(dfobj) dockerfile.write_locked_dockerfile(output, args.output_file) logger.debug('Teardown...') report.teardown() if args.name == 'report': if not args.keep_wd: report.clean_working_dir()
def execute_dockerfile(args): '''Execution path if given a dockerfile''' container.check_docker_setup() logger.debug('Setting up...') report.setup(dockerfile=args.dockerfile) # attempt to build the image logger.debug('Building Docker image...') # placeholder to check if we can analyze the full image completed = True build, _ = dhelper.is_build() if build: # attempt to get built image metadata image_tag_string = dhelper.get_dockerfile_image_tag() full_image = report.load_full_image(image_tag_string) if full_image.origins.is_empty(): # image loading was successful # Add an image origin here full_image.origins.add_notice_origin( formats.dockerfile_image.format(dockerfile=args.dockerfile)) # analyze image analyze(full_image, args, True) else: # we cannot load the full image logger.warning('Cannot retrieve full image metadata') completed = False # clean up image container.remove_image(full_image.repotag) if not args.keep_wd: report.clean_image_tars(full_image) else: # cannot build the image logger.warning('Cannot build image') completed = False # check if we have analyzed the full image or not if not completed: # get the base image logger.debug('Loading base image...') base_image = report.load_base_image() if base_image.origins.is_empty(): # image loading was successful # add a notice stating failure to build image base_image.origins.add_notice_to_origins( args.dockerfile, Notice(formats.image_build_failure, 'warning')) # analyze image analyze(base_image, args) else: # we cannot load the base image logger.warning('Cannot retrieve base image metadata') # run through commands in the Dockerfile logger.debug('Parsing Dockerfile to generate report...') stub_image = get_dockerfile_packages() if not args.keep_wd: report.clean_image_tars(base_image) # generate report based on what images were created if completed: report.report_out(args, full_image) else: report.report_out(args, base_image, stub_image) logger.debug('Teardown...') report.teardown() if not args.keep_wd: report.clean_working_dir(args.bind_mount)