def execute_docker_image(args):
'''Execution path if given a Docker image'''
logger.debug('Setting up...')
image_string = args.docker_image
if not args.raw_image:
# don't check docker daemon for raw images
container.check_docker_setup()
else:
image_string = args.raw_image
report.setup(image_tag_string=image_string)
# attempt to get built image metadata
full_image = report.load_full_image(image_string)
if full_image.origins.is_empty():
# image loading was successful
# Add an image origin here
full_image.origins.add_notice_origin(
formats.docker_image.format(imagetag=image_string))
# analyze image
analyze(full_image, args)
# generate report
report.report_out(args, full_image)
else:
# we cannot load the full image
logger.warning('Cannot retrieve full image metadata')
if not args.keep_wd:
report.clean_image_tars(full_image)
logger.debug('Teardown...')
report.teardown()
if not args.keep_wd:
report.clean_working_dir()
action='store_true',
help='Clean up the mounts')
args = parser.parse_args()
# check if we need to clean
if args.clean:
unmount()
cleanup()
sys.exit(0)
# check if the docker is set up properly first
container.check_docker_setup()
# first, list all the layers in the image in this format
# [<layer number>] created_by
report.setup(image_tag_string=args.image)
image_obj = report.load_full_image(args.image)
if image_obj.origins.is_empty():
# image loading was successful
# list all the layers
for layer in image_obj.layers:
created_by = layer.created_by if layer.created_by else 'unknown'
print("[{}] {}".format(image_obj.layers.index(layer), created_by))
try:
while True:
try:
# input is safe in Python3
top_layer = int(input("Pick a layer to debug: ")) # nosec
except ValueError:
print("Not an integer")
continue
def execute_dockerfile(args): # noqa C901,R0912
'''Execution path if given a dockerfile'''
container.check_docker_setup()
logger.debug('Setting up...')
dfile = ''
dfile_lock = False
if args.name == 'report':
dfile = args.dockerfile
else:
dfile = args.lock
dfile_lock = True
dfobj = dockerfile.get_dockerfile_obj(dfile)
# expand potential ARG values so base image tag is correct
dockerfile.expand_arg(dfobj)
dockerfile.expand_vars(dfobj)
report.setup(dfobj=dfobj)
# attempt to build the image
logger.debug('Building Docker image...')
# placeholder to check if we can analyze the full image
completed = True
build, _ = dhelper.is_build()
if build:
# attempt to get built image metadata
image_tag_string = dhelper.get_dockerfile_image_tag()
full_image = report.load_full_image(image_tag_string)
if full_image.origins.is_empty():
# image loading was successful
# Add an image origin here
full_image.origins.add_notice_origin(
formats.dockerfile_image.format(dockerfile=dfile))
# analyze image
analyze(full_image, args, dfile_lock, dfobj)
else:
# we cannot load the full image
logger.warning('Cannot retrieve full image metadata')
completed = False
# clean up image
container.remove_image(full_image.repotag)
if not args.keep_wd:
report.clean_image_tars(full_image)
else:
# cannot build the image
logger.warning('Cannot build image')
completed = False
# check if we have analyzed the full image or not
if not completed:
# get the base image
logger.debug('Loading base image...')
base_image = report.load_base_image()
if base_image.origins.is_empty():
# image loading was successful
# add a notice stating failure to build image
base_image.origins.add_notice_to_origins(
dfile, Notice(formats.image_build_failure, 'warning'))
# analyze image
analyze(base_image, args, dfile_lock, dfobj)
else:
# we cannot load the base image
logger.warning('Cannot retrieve base image metadata')
stub_image = get_dockerfile_packages()
if args.name == 'report':
if not args.keep_wd:
report.clean_image_tars(base_image)
# generate report based on what images were created
if not dfile_lock:
if completed:
report.report_out(args, full_image)
else:
report.report_out(args, base_image, stub_image)
else:
logger.debug('Parsing Dockerfile to generate report...')
output = dockerfile.create_locked_dockerfile(dfobj)
dockerfile.write_locked_dockerfile(output, args.output_file)
logger.debug('Teardown...')
report.teardown()
if args.name == 'report':
if not args.keep_wd:
report.clean_working_dir()
def execute_dockerfile(args):
'''Execution path if given a dockerfile'''
container.check_docker_setup()
logger.debug('Setting up...')
report.setup(dockerfile=args.dockerfile)
# attempt to build the image
logger.debug('Building Docker image...')
# placeholder to check if we can analyze the full image
completed = True
build, _ = dhelper.is_build()
if build:
# attempt to get built image metadata
image_tag_string = dhelper.get_dockerfile_image_tag()
full_image = report.load_full_image(image_tag_string)
if full_image.origins.is_empty():
# image loading was successful
# Add an image origin here
full_image.origins.add_notice_origin(
formats.dockerfile_image.format(dockerfile=args.dockerfile))
# analyze image
analyze(full_image, args, True)
else:
# we cannot load the full image
logger.warning('Cannot retrieve full image metadata')
completed = False
# clean up image
container.remove_image(full_image.repotag)
if not args.keep_wd:
report.clean_image_tars(full_image)
else:
# cannot build the image
logger.warning('Cannot build image')
completed = False
# check if we have analyzed the full image or not
if not completed:
# get the base image
logger.debug('Loading base image...')
base_image = report.load_base_image()
if base_image.origins.is_empty():
# image loading was successful
# add a notice stating failure to build image
base_image.origins.add_notice_to_origins(
args.dockerfile, Notice(formats.image_build_failure,
'warning'))
# analyze image
analyze(base_image, args)
else:
# we cannot load the base image
logger.warning('Cannot retrieve base image metadata')
# run through commands in the Dockerfile
logger.debug('Parsing Dockerfile to generate report...')
stub_image = get_dockerfile_packages()
if not args.keep_wd:
report.clean_image_tars(base_image)
# generate report based on what images were created
if completed:
report.report_out(args, full_image)
else:
report.report_out(args, base_image, stub_image)
logger.debug('Teardown...')
report.teardown()
if not args.keep_wd:
report.clean_working_dir(args.bind_mount)