Example #1
0
def _CreateFilterFromImagesDescribeArgs(image, args):
    r"""Parses `docker images describe` arguments into a filter to send to containeranalysis API.

  The returned filter will combine the user-provided filter specified by
  the --metadata-filter flag and occurrence kind filters specified by flags
  such as --show-package-vulnerability.

  Returns None if there is no information to fetch from containeranalysis API.

  Args:
    image: the fully-qualified path of a docker image.
    args: user provided command line arguments.

  Returns:
    A filter string to send to the containeranalysis API.

  For example, given a user input:
  gcloud docker images describe \
    us-west1-docker.pkg.dev/my-project/my-repo/ubuntu@sha256:abc \
    --show-package-vulnerability \
    --show-image-basis \
    --metadata-filter='createTime>"2019-04-10T"'

  this method will create a filter:

  '''
  ((kind="VULNERABILITY") OR (kind="IMAGE")) AND
  (createTime>"2019-04-10T") AND
  (resourceUrl=us-west1-docker.pkg.dev/my-project/my-repo/ubuntu@sha256:abc'))
  '''
  """

    occ_filter = filter_util.ContainerAnalysisFilter()
    filter_kinds = []
    # We don't need to filter on kinds when showing all metadata
    if not args.show_all_metadata:
        if args.show_build_details:
            filter_kinds.append('BUILD')
        if args.show_package_vulnerability:
            filter_kinds.append('VULNERABILITY')
            filter_kinds.append('DISCOVERY')
        if args.show_image_basis:
            filter_kinds.append('IMAGE')
        if args.show_deployment:
            filter_kinds.append('DEPLOYMENT')

        # args include none of the occurrence types, there's no need to call the
        # containeranalysis API.
        if not filter_kinds:
            return None

    occ_filter.WithKinds(filter_kinds)
    occ_filter.WithCustomFilter(args.metadata_filter)
    occ_filter.WithResources([image])
    return occ_filter.GetFilter()
Example #2
0
def _CreateFilterForImages(repo_or_image, custom_filter, images):
    """Creates a list of filters from a docker image prefix, a custom filter and fully-qualified image URLs.

  Args:
    repo_or_image: an instance of DockerImage or DockerRepo.
    custom_filter: user provided filter string.
    images: fully-qualified docker image URLs. Only metadata of these images
      will be retrieved.

  Returns:
    A filter string to send to the containeranalysis API.
  """
    occ_filter = filter_util.ContainerAnalysisFilter()
    occ_filter.WithResourcePrefix(repo_or_image.GetDockerString())
    occ_filter.WithResources(images)
    occ_filter.WithCustomFilter(custom_filter)
    return occ_filter.GetChunkifiedFilters()
Example #3
0
def _CreateFilterForImages(prefix, custom_filter, images):
    """Creates a list of filters from a docker image prefix, a custom filter and fully-qualified image URLs.

  Args:
    prefix: an URL prefix. Only metadata of images with this prefix will be
      retrieved.
    custom_filter: user provided filter string.
    images: fully-qualified docker image URLs. Only metadata of these images
      will be retrieved.

  Returns:
    A filter string to send to the containeranalysis API.
  """
    occ_filter = filter_util.ContainerAnalysisFilter()
    occ_filter.WithResourcePrefix(prefix)
    occ_filter.WithResources(images)
    occ_filter.WithCustomFilter(custom_filter)
    return occ_filter.GetChunkifiedFilters()
Example #4
0
def GetContainerAnalysisMetadata(docker_version, args):
    """Retrieves metadata for a docker image."""
    metadata = ContainerAnalysisMetadata()
    docker_str = docker_version.GetDockerString()
    occ_filter = _CreateFilterFromImagesDescribeArgs(docker_str, args)
    if occ_filter is None:
        return metadata
    occurrences = ca_requests.ListOccurrences(docker_version.project,
                                              occ_filter)
    for occ in occurrences:
        metadata.AddOccurrence(occ)

    if metadata.vulnerability.vulnerabilities:
        vuln_summary = ca_requests.GetVulnerabilitySummary(
            docker_version.project,
            filter_util.ContainerAnalysisFilter().WithResources(
                [docker_str]).GetFilter())
        metadata.vulnerability.AddSummary(vuln_summary)
    return metadata
Example #5
0
def GetContainerAnalysisMetadataForImages(repo_or_image, occurrence_filter,
                                          images):
    """Retrieves metadata for all images with a given path prefix."""
    metadata = collections.defaultdict(ContainerAnalysisMetadata)
    prefix = 'https://{}'.format(repo_or_image.GetDockerString())
    occ_filters = _CreateFilterForImages(prefix, occurrence_filter, images)
    occurrences = ca_requests.ListOccurrencesWithFilters(
        repo_or_image.project, occ_filters)
    for occ in occurrences:
        metadata.setdefault(occ.resourceUri,
                            ContainerAnalysisMetadata()).AddOccurrence(occ)

    summary_filters = filter_util.ContainerAnalysisFilter().WithResourcePrefix(
        prefix).WithResources(images).GetChunkifiedFilters()
    summaries = ca_requests.GetVulnerabilitySummaryWithFilters(
        repo_or_image.project, summary_filters)
    for summary in summaries:
        for count in summary.counts:
            metadata.setdefault(
                count.resourceUri,
                ContainerAnalysisMetadata()).vulnerability.AddCount(count)

    return metadata