def execute_docker_image(args):
'''Execution path if given a Docker image'''
logger.debug('Setting up...')
image_string = args.docker_image
if not args.raw_image:
# don't check docker daemon for raw images
container.check_docker_setup()
else:
image_string = args.raw_image
report.setup(image_tag_string=image_string)
# attempt to get built image metadata
full_image = report.load_full_image(image_string)
if full_image.origins.is_empty():
# image loading was successful
# Add an image origin here
full_image.origins.add_notice_origin(
formats.docker_image.format(imagetag=image_string))
# analyze image
analyze(full_image, args)
# generate report
report.report_out(args, full_image)
else:
# we cannot load the full image
logger.warning('Cannot retrieve full image metadata')
if not args.keep_wd:
report.clean_image_tars(full_image)
logger.debug('Teardown...')
report.teardown()
if not args.keep_wd:
report.clean_working_dir()
def execute_dockerfile(args): # noqa C901,R0912
'''Execution path if given a dockerfile'''
container.check_docker_setup()
logger.debug('Setting up...')
dfile = ''
dfile_lock = False
if args.name == 'report':
dfile = args.dockerfile
else:
dfile = args.lock
dfile_lock = True
dfobj = dockerfile.get_dockerfile_obj(dfile)
# expand potential ARG values so base image tag is correct
dockerfile.expand_arg(dfobj)
dockerfile.expand_vars(dfobj)
report.setup(dfobj=dfobj)
# attempt to build the image
logger.debug('Building Docker image...')
# placeholder to check if we can analyze the full image
completed = True
build, _ = dhelper.is_build()
if build:
# attempt to get built image metadata
image_tag_string = dhelper.get_dockerfile_image_tag()
full_image = report.load_full_image(image_tag_string)
if full_image.origins.is_empty():
# image loading was successful
# Add an image origin here
full_image.origins.add_notice_origin(
formats.dockerfile_image.format(dockerfile=dfile))
# analyze image
analyze(full_image, args, dfile_lock, dfobj)
else:
# we cannot load the full image
logger.warning('Cannot retrieve full image metadata')
completed = False
# clean up image
container.remove_image(full_image.repotag)
if not args.keep_wd:
report.clean_image_tars(full_image)
else:
# cannot build the image
logger.warning('Cannot build image')
completed = False
# check if we have analyzed the full image or not
if not completed:
# get the base image
logger.debug('Loading base image...')
base_image = report.load_base_image()
if base_image.origins.is_empty():
# image loading was successful
# add a notice stating failure to build image
base_image.origins.add_notice_to_origins(
dfile, Notice(formats.image_build_failure, 'warning'))
# analyze image
analyze(base_image, args, dfile_lock, dfobj)
else:
# we cannot load the base image
logger.warning('Cannot retrieve base image metadata')
stub_image = get_dockerfile_packages()
if args.name == 'report':
if not args.keep_wd:
report.clean_image_tars(base_image)
# generate report based on what images were created
if not dfile_lock:
if completed:
report.report_out(args, full_image)
else:
report.report_out(args, base_image, stub_image)
else:
logger.debug('Parsing Dockerfile to generate report...')
output = dockerfile.create_locked_dockerfile(dfobj)
dockerfile.write_locked_dockerfile(output, args.output_file)
logger.debug('Teardown...')
report.teardown()
if args.name == 'report':
if not args.keep_wd:
report.clean_working_dir()
def execute_dockerfile(args):
'''Execution path if given a dockerfile'''
container.check_docker_setup()
logger.debug('Setting up...')
report.setup(dockerfile=args.dockerfile)
# attempt to build the image
logger.debug('Building Docker image...')
# placeholder to check if we can analyze the full image
completed = True
build, _ = dhelper.is_build()
if build:
# attempt to get built image metadata
image_tag_string = dhelper.get_dockerfile_image_tag()
full_image = report.load_full_image(image_tag_string)
if full_image.origins.is_empty():
# image loading was successful
# Add an image origin here
full_image.origins.add_notice_origin(
formats.dockerfile_image.format(dockerfile=args.dockerfile))
# analyze image
analyze(full_image, args, True)
else:
# we cannot load the full image
logger.warning('Cannot retrieve full image metadata')
completed = False
# clean up image
container.remove_image(full_image.repotag)
if not args.keep_wd:
report.clean_image_tars(full_image)
else:
# cannot build the image
logger.warning('Cannot build image')
completed = False
# check if we have analyzed the full image or not
if not completed:
# get the base image
logger.debug('Loading base image...')
base_image = report.load_base_image()
if base_image.origins.is_empty():
# image loading was successful
# add a notice stating failure to build image
base_image.origins.add_notice_to_origins(
args.dockerfile, Notice(formats.image_build_failure,
'warning'))
# analyze image
analyze(base_image, args)
else:
# we cannot load the base image
logger.warning('Cannot retrieve base image metadata')
# run through commands in the Dockerfile
logger.debug('Parsing Dockerfile to generate report...')
stub_image = get_dockerfile_packages()
if not args.keep_wd:
report.clean_image_tars(base_image)
# generate report based on what images were created
if completed:
report.report_out(args, full_image)
else:
report.report_out(args, base_image, stub_image)
logger.debug('Teardown...')
report.teardown()
if not args.keep_wd:
report.clean_working_dir(args.bind_mount)
rootfs.prep_rootfs(target)
# invoke commands in chroot
# if we're looking up the snippets library
# we should see 'snippets' in the keys
if 'snippets' in args.keys and 'packages' in args.keys:
# get the package info that corresponds to the package name
# or get the default
last = args.keys.pop()
info_list = look_up_lib(args.keys)
info_dict = command_lib.check_for_unique_package(
info_list, args.package)[last]
else:
info_dict = look_up_lib(args.keys)
# try to invoke the commands
try:
result = command_lib.get_pkg_attr_list(args.shell, info_dict,
args.package)
print('Output list: ' + ' '.join(result[0]))
print('Error messages: ' + result[1])
print('Number of elements: ' + str(len(result[0])))
except subprocess.CalledProcessError as error:
print(error.output)
# undo the mounts
rootfs.undo_mount()
rootfs.unmount_rootfs()
else:
print("Something when wrong in loading the image")
report.teardown()
report.clean_image_tars(image_obj)
report.clean_working_dir()
def execute_dockerfile(args): # noqa C901,R0912
'''Execution path if given a dockerfile'''
dfile = ''
dfile_lock = False
if args.name == 'report':
dfile = args.dockerfile
else:
dfile = args.lock
dfile_lock = True
logger.debug("Parsing Dockerfile...")
dfobj = dockerfile.get_dockerfile_obj(dfile)
# expand potential ARG values so base image tag is correct
dockerfile.expand_arg(dfobj)
dockerfile.expand_vars(dfobj)
# Store dockerfile path and commands so we can access it during execution
dhelper.load_docker_commands(dfobj)
# attempt to build the image
logger.debug('Building Docker image...')
image_info = docker_api.build_and_dump(dfile)
if image_info:
# attempt to load the built image metadata
full_image = report.load_full_image(dfile, '')
if full_image.origins.is_empty():
# image loading was successful
# Add an image origin here
full_image.origins.add_notice_origin(
formats.dockerfile_image.format(dockerfile=dfile))
# analyze image
analyze(full_image, args, dfile_lock, dfobj)
completed = True
else:
# we cannot analyze the full image, but maybe we can
# analyze the base image
logger.warning('Cannot retrieve full image metadata')
# clean up image tarballs
if not args.keep_wd:
prep.clean_image_tars(full_image)
else:
# cannot build the image
logger.warning('Cannot build image')
# check if we have analyzed the full image or not
if not completed:
# Try to analyze the base image
logger.debug('Analyzing base image...')
base_image = report.load_base_image()
if base_image.origins.is_empty():
# image loading was successful
# add a notice stating failure to build image
base_image.origins.add_notice_to_origins(
dfile, Notice(
formats.image_build_failure, 'warning'))
# analyze image
analyze(base_image, args, dfile_lock, dfobj)
else:
# we cannot load the base image
logger.warning('Cannot retrieve base image metadata')
stub_image = get_dockerfile_packages()
if args.name == 'report':
if not args.keep_wd:
report.clean_image_tars(base_image)
# generate report based on what images were created
if not dfile_lock:
if completed:
report.report_out(args, full_image)
else:
report.report_out(args, base_image, stub_image)
else:
logger.debug('Parsing Dockerfile to generate report...')
output = dockerfile.create_locked_dockerfile(dfobj)
dockerfile.write_locked_dockerfile(output, args.output_file)
# cleanup
if not args.keep_wd:
prep.clean_image_tars(full_image)
