def setUp(self):
'''Using a specific image here. If this test fails due to the image
not being found anymore, pick a different image to test against
For now use Docker to pull the image from Dockerhub'''
create_working_dir()
rootfs.set_working_dir()
# this should check if the docker image extraction is successful
dump_docker_image('vmware/tern@sha256:20b32a9a20752aa1ad7582c667704f'
'da9f004cc4bfd8601fac7f2656c7567bb4')
self.image = DockerImage('vmware/tern@sha256:20b32a9a20752aa1ad7582c6'
'67704fda9f004cc4bfd8601fac7f2656c7567bb4')
# constants for this image
self.layer = ('c1c3a87012e7ff5791b31e94515b661'
'cdf06f6d5dc2f9a6245eda8774d257a13')
self.no_layers = 1
self.created_by = ('/bin/sh -c #(nop) ADD '
'file:92137e724f46c720d8083a11290c67'
'd9daa387e523336b1757a0e3c4f5867cd5 '
'in / ')
self.file_info = [('file2.txt', 'documents/test/file2.txt',
'9710f003d924890c7677b4dd91fd753f6ed71cc57d4f'
'9482261b6786d81957fa', 'sha256'),
('file2.txt', 'documents/test/test2/file2.txt',
'885000512dee8ac814641bbf6a7c887012ec23a2fb3e'
'3b2cff583c45a611317d', 'sha256'),
('file1.txt', 'documents/test/test2/file1.txt',
'885000512dee8ac814641bbf6a7c887012ec'
'23a2fb3e3b2cff583c45a611317d', 'sha256'),
('file1.txt', 'documents/test/file1.txt',
'a3cccbc52486d50a86ff0bc1e6ea0e0b701ac'
'4bb139f8713fa136ef9ec68e97e', 'sha256')]
def extract_image(args):
"""The image can either be downloaded from a container registry or provided
as an image tarball. Extract the image into a working directory accordingly
Return an image name and tag and an image digest if it exists"""
if args.docker_image:
# extract the docker image
image_attrs = docker_api.dump_docker_image(args.docker_image)
if image_attrs:
# repo name and digest is preferred, but if that doesn't exist
# the repo name and tag will do. If neither exist use repo Id.
if image_attrs['Id']:
image_string = image_attrs['Id']
if image_attrs['RepoTags']:
image_string = image_attrs['RepoTags'][0]
if image_attrs['RepoDigests']:
image_string = image_attrs['RepoDigests'][0]
return image_string
logger.critical("Cannot extract Docker image")
if args.raw_image:
# for now we assume that the raw image tarball is always
# the product of "docker save", hence it will be in
# the docker style layout
if rootfs.extract_tarfile(args.raw_image, rootfs.get_working_dir()):
return args.raw_image
logger.critical("Cannot extract raw image")
return None
def load_base_image():
'''Create base image from dockerfile instructions and return the image'''
base_image, dockerfile_lines = dhelper.get_dockerfile_base()
# try to get image metadata
if docker_api.dump_docker_image(base_image.repotag):
# now see if we can load the image
try:
base_image.load_image()
except (NameError, subprocess.CalledProcessError, IOError,
docker.errors.APIError, ValueError, EOFError) as error:
logger.warning('Error in loading base image: %s', str(error))
base_image.origins.add_notice_to_origins(
dockerfile_lines, Notice(str(error), 'error'))
return base_image
def execute_docker_image(args): # pylint: disable=too-many-branches
'''Execution path if given a Docker image'''
logger.debug('Starting analysis...')
image_string = ''
image_digest = ''
if args.docker_image:
# extract the docker image
image_attrs = docker_api.dump_docker_image(args.docker_image)
if image_attrs:
if image_attrs['RepoTags']:
image_string = image_attrs['RepoTags'][0]
if image_attrs['RepoDigests']:
image_digest = image_attrs['RepoDigests'][0]
else:
logger.critical("Cannot extract Docker image")
elif args.raw_image:
# for now we assume that the raw image tarball is always
# the product of "docker save", hence it will be in
# the docker style layout
if rootfs.extract_tarfile(args.raw_image, rootfs.get_working_dir()):
image_string = args.raw_image
else:
logger.critical("Cannot extract raw image")
# If the image has been extracted, load the metadata
if image_string:
full_image = report.load_full_image(image_string, image_digest)
# check if the image was loaded successfully
if full_image.origins.is_empty():
# Add an image origin here
full_image.origins.add_notice_origin(
formats.docker_image.format(imagetag=image_string))
# analyze image
analyze(full_image, args)
# report out
report.report_out(args, full_image)
else:
# we cannot load the full image
logger.error('Cannot retrieve full image metadata')
# cleanup
if not args.keep_wd:
prep.clean_image_tars(full_image)