def testImageString(self): correct_strings = [ 'image@digest_type:digest', 'image:tag', 'debian:buster', 'golang:1.12-alpine', ('p12/test@sha256:737aaa0caf3b8f64baa41ebf78c6cd0c43f34fadccc1275' 'a32b8ab5d5b75c344') ] incorrect_strings = ['debian', 'image', 'debian@sha', 'test/v1.56'] for image_str in correct_strings: self.assertTrue(general.check_image_string(image_str)) for image_str in incorrect_strings: self.assertFalse(general.check_image_string(image_str))
def do_main(args): """Execute according to subcommands""" # Set up environment if not args.quiet: # set up console logs global logger global console logger.addHandler(console) logger.debug("Starting...") prep.setup(args.working_dir) if args.clear_cache: logger.debug('Clearing cache...') cache.clear() if hasattr(args, 'name'): if args.name == 'lock': run.execute_dockerfile(args) elif args.name == 'report': if args.dockerfile: run.execute_dockerfile(args) elif args.docker_image: # Check if the image string is a tarball if general.check_tar(args.docker_image): logger.critical(errors.incorrect_raw_option) sys.exit(1) # Check if the image string has the right format if not check_image_string(args.docker_image): logger.critical(errors.incorrect_image_string_format) sys.exit(1) # If the checks are OK, execute for docker image run.execute_docker_image(args) # Tear down the environment prep.teardown(args.keep_wd) logger.debug('Finished')
def check_image_input(options): """If the option is a raw image tarball then check if it is a tar file. If the option is a image string, check if it is in the right format""" # Check if the option is a tarball if options.raw_image: if not general.check_tar(options.raw_image): logger.critical(errors.incorrect_raw_option) sys.exit(1) # Check if the image string has the right format if options.docker_image: if not check_image_string(options.docker_image): logger.critical(errors.incorrect_image_string_format) sys.exit(1)
def get_dockerfile_base(): '''Get the base image object from the dockerfile base instructions 1. get the instructions around FROM 2. get the base image and tag 3. Make notes based on what the image and tag rules are 4. Return an image object and the base instructions string NOTE: Potential ARG values in the Dockerfile object have already been expanded at this point. However, Dockerfile rules say that if no --build-arg is passed during docker build and ARG has no default, the build will fail. We assume for now that we will not be passing build arguments in which case if there is no default ARG, we will raise an exception indicating that since the build arguments are determined by the user we will not be able to determine what the user wanted''' try: # Get the base image tag. # NOTE: ARG values have already been expanded. base_image_string, from_line = get_base_image_tag(docker_commands) # check for scratch if base_image_string == 'scratch': # there is no base image to pull raise ValueError("Cannot pull 'scratch' base image.") # there should be some image object here base_image = DockerImage(base_image_string) base_image.origins.add_notice_origin(from_line) base_image.name = base_image_string.split(':')[0] # check if there is a tag if not check_image_string(base_image_string): message_string = errors.dockerfile_no_tag.format( dockerfile_line=from_line) base_image.origins.add_notice_to_origins( docker_commands, Notice(message_string, 'warning')) base_image.tag = 'latest' else: base_image.tag = base_image_string.split(':')[1] # check if the tag is 'latest' if base_image.tag == 'latest': message_string = errors.dockerfile_using_latest.format( dockerfile_line=from_line) base_image.origins.add_notice_to_origins( docker_commands, Notice(message_string, 'warning')) return base_image, from_line except ValueError as e: logger.fatal( "%s", errors.cannot_parse_base_image.format(dockerfile=dockerfile_global, error_msg=e)) sys.exit(1)
def do_main(args): '''Execute according to subcommands''' # set bind mount location if working in a container rootfs.set_mount_dir(args.bind_mount, args.working_dir) # create working directory create_top_dir(args.working_dir) if not args.quiet: # set up console logs global logger global console logger.addHandler(console) logger.debug('Starting...') if args.clear_cache: logger.debug('Clearing cache...') cache.clear() if hasattr(args, 'name') and (args.name == 'report' or args.name == 'lock'): if args.name == 'lock': run.execute_dockerfile(args) elif args.dockerfile: run.execute_dockerfile(args) elif args.docker_image: # Check if the image is of image:tag # or image@digest_type:digest format if not check_image_string(args.docker_image): sys.stderr.write('Error running Tern\n' 'Please provide docker image ' 'string in image:tag or ' 'image@digest_type:digest format\n') sys.exit(1) if general.check_tar(args.docker_image): logger.error("%s", errors.incorrect_raw_option) else: run.execute_docker_image(args) logger.debug('Report completed.') if args.name == 'report': if args.raw_image: if not general.check_tar(args.raw_image): logger.error( "%s", errors.invalid_raw_image.format(image=args.raw_image)) else: run.execute_docker_image(args) logger.debug('Report completed.') logger.debug('Finished')
def get_dockerfile_base(): '''Get the base image object from the dockerfile base instructions 1. get the instructions around FROM 2. get the base image and tag 3. Make notes based on what the image and tag rules are 4. Return an image object and the base instructions string NOTE: Potential ARG values in the Dockerfile object have already been expanded at this point. However, Dockerfile rules say that if no --build-arg is passed during docker build and ARG has no default, the build will fail. We assume for now that we will not be passing build arguments in which case if there is no default ARG, we will raise an exception indicating that since the build arguments are determined by the user we will not be able to determine what the user wanted''' try: dockerfile_lines = docker_commands base_image_string = '' from_line = '' # Get the base image tag. # NOTE: ARG values have already been expanded. for i, cmd_dict in enumerate(dockerfile_lines): if cmd_dict['instruction'] == 'FROM': # Account for "as" keyword in FROM line base_image_string = re.split(" as", cmd_dict['value'], flags=re.IGNORECASE)[0] from_line = 'FROM' + base_image_string # Check that potential ARG values has default if i != 0 and dockerfile_lines[i - 1]['instruction'] == 'ARG': if len(dockerfile_lines[i - 1]['value'].split('=')) == 1: raise ValueError('No ARG default value to pass to ' 'FROM command in Dockerfile.') break # check for scratch if base_image_string == 'scratch': # there is no base image to pull raise ValueError("Cannot pull 'scratch' base image.") # there should be some image object here base_image = DockerImage(base_image_string) base_image.origins.add_notice_origin(from_line) base_image.name = base_image_string.split(':')[0] # check if there is a tag if not check_image_string(base_image_string): message_string = errors.dockerfile_no_tag.format( dockerfile_line=from_line) base_image.origins.add_notice_to_origins( dockerfile_lines, Notice(message_string, 'warning')) base_image.tag = 'latest' else: base_image.tag = base_image_string.split(':')[1] # check if the tag is 'latest' if base_image.tag == 'latest': message_string = errors.dockerfile_using_latest.format( dockerfile_line=from_line) base_image.origins.add_notice_to_origins( dockerfile_lines, Notice(message_string, 'warning')) return base_image, from_line except ValueError as e: logger.fatal( "%s", errors.cannot_parse_base_image.format(dockerfile=dockerfile_global, error_msg=e)) sys.exit(1)