def execute_docker_image(args):
'''Execution path if given a Docker image'''
logger.debug('Setting up...')
image_string = args.docker_image
if not args.raw_image:
# don't check docker daemon for raw images
container.check_docker_setup()
else:
image_string = args.raw_image
report.setup(image_tag_string=image_string)
# attempt to get built image metadata
full_image = report.load_full_image(image_string)
if full_image.origins.is_empty():
# image loading was successful
# Add an image origin here
full_image.origins.add_notice_origin(
formats.docker_image.format(imagetag=image_string))
# analyze image
analyze(full_image, args)
# generate report
report.report_out(args, full_image)
else:
# we cannot load the full image
logger.warning('Cannot retrieve full image metadata')
if not args.keep_wd:
report.clean_image_tars(full_image)
logger.debug('Teardown...')
report.teardown()
if not args.keep_wd:
report.clean_working_dir()
def setUp(self):
'''Using a specific image here. If this test fails due to the image
not being found anymore, pick a different image to test against
For now use Docker to pull the image from Dockerhub'''
set_mount_dir()
create_top_dir()
check_docker_setup()
if not check_image('vmware/tern@sha256:20b32a9a20752aa1ad'
'7582c667704fda9f004cc4bfd8601fac7f2656c7567bb4'):
try:
container.pull_image('vmware/tern@sha256:20b32a9a20'
'752aa1ad7582c667704fda9f004cc4'
'bfd8601fac7f2656c7567bb4')
except subprocess.CalledProcessError as error:
print(error.output)
self.image = DockerImage('vmware/tern@sha256:20b32'
'a9a20752aa1ad7582c667704fda9f00'
'4cc4bfd8601fac7f2656c7567bb4')
# constants for this image
self.image_id = ('acb194ad84d0f9734e794fbbdbb65fb'
'7db6eda83f33e9e817bcc75b1bdd99f5e')
self.layer = ('c1c3a87012e7ff5791b31e94515b661'
'cdf06f6d5dc2f9a6245eda8774d257a13')
self.no_layers = 1
self.created_by = ('/bin/sh -c #(nop) ADD '
'file:92137e724f46c720d8083a11290c67'
'd9daa387e523336b1757a0e3c4f5867cd5 '
'in / ')
def setUp(self):
'''Using a specific image here. If this test fails due to the image
not being found anymore, pick a different image to test against
For now use Docker to pull the image from Dockerhub'''
set_mount_dir()
create_top_dir()
check_docker_setup()
if not check_image('vmware/tern@sha256:20b32a9a20752aa1ad'
'7582c667704fda9f004cc4bfd8601fac7f2656c7567bb4'):
try:
container.pull_image('vmware/tern@sha256:20b32a9a20'
'752aa1ad7582c667704fda9f004cc4'
'bfd8601fac7f2656c7567bb4')
except subprocess.CalledProcessError as error:
print(error.output)
self.image = DockerImage('vmware/tern@sha256:20b32'
'a9a20752aa1ad7582c667704fda9f00'
'4cc4bfd8601fac7f2656c7567bb4')
# constants for this image
self.image_id = ('acb194ad84d0f9734e794fbbdbb65fb'
'7db6eda83f33e9e817bcc75b1bdd99f5e')
self.layer = ('c1c3a87012e7ff5791b31e94515b661'
'cdf06f6d5dc2f9a6245eda8774d257a13')
self.no_layers = 1
self.created_by = ('/bin/sh -c #(nop) ADD '
'file:92137e724f46c720d8083a11290c67'
'd9daa387e523336b1757a0e3c4f5867cd5 '
'in / ')
self.file_info = [
('file2.txt', 'documents/test/file2.txt',
'9710f003d924890c7677b4dd91fd753f6ed71cc57d4f'
'9482261b6786d81957fa',
'sha256'),
('file2.txt', 'documents/test/test2/file2.txt',
'885000512dee8ac814641bbf6a7c887012ec23a2fb3e'
'3b2cff583c45a611317d',
'sha256'),
('file1.txt', 'documents/test/test2/file1.txt',
'885000512dee8ac814641bbf6a7c887012ec'
'23a2fb3e3b2cff583c45a611317d',
'sha256'),
('file1.txt', 'documents/test/file1.txt',
'a3cccbc52486d50a86ff0bc1e6ea0e0b701ac'
'4bb139f8713fa136ef9ec68e97e',
'sha256')
]
def execute_dockerfile(args): # noqa C901,R0912
'''Execution path if given a dockerfile'''
container.check_docker_setup()
logger.debug('Setting up...')
dfile = ''
dfile_lock = False
if args.name == 'report':
dfile = args.dockerfile
else:
dfile = args.lock
dfile_lock = True
dfobj = dockerfile.get_dockerfile_obj(dfile)
# expand potential ARG values so base image tag is correct
dockerfile.expand_arg(dfobj)
dockerfile.expand_vars(dfobj)
report.setup(dfobj=dfobj)
# attempt to build the image
logger.debug('Building Docker image...')
# placeholder to check if we can analyze the full image
completed = True
build, _ = dhelper.is_build()
if build:
# attempt to get built image metadata
image_tag_string = dhelper.get_dockerfile_image_tag()
full_image = report.load_full_image(image_tag_string)
if full_image.origins.is_empty():
# image loading was successful
# Add an image origin here
full_image.origins.add_notice_origin(
formats.dockerfile_image.format(dockerfile=dfile))
# analyze image
analyze(full_image, args, dfile_lock, dfobj)
else:
# we cannot load the full image
logger.warning('Cannot retrieve full image metadata')
completed = False
# clean up image
container.remove_image(full_image.repotag)
if not args.keep_wd:
report.clean_image_tars(full_image)
else:
# cannot build the image
logger.warning('Cannot build image')
completed = False
# check if we have analyzed the full image or not
if not completed:
# get the base image
logger.debug('Loading base image...')
base_image = report.load_base_image()
if base_image.origins.is_empty():
# image loading was successful
# add a notice stating failure to build image
base_image.origins.add_notice_to_origins(
dfile, Notice(formats.image_build_failure, 'warning'))
# analyze image
analyze(base_image, args, dfile_lock, dfobj)
else:
# we cannot load the base image
logger.warning('Cannot retrieve base image metadata')
stub_image = get_dockerfile_packages()
if args.name == 'report':
if not args.keep_wd:
report.clean_image_tars(base_image)
# generate report based on what images were created
if not dfile_lock:
if completed:
report.report_out(args, full_image)
else:
report.report_out(args, base_image, stub_image)
else:
logger.debug('Parsing Dockerfile to generate report...')
output = dockerfile.create_locked_dockerfile(dfobj)
dockerfile.write_locked_dockerfile(output, args.output_file)
logger.debug('Teardown...')
report.teardown()
if args.name == 'report':
if not args.keep_wd:
report.clean_working_dir()
parser.add_argument('--keys',
nargs='+',
help='List of keys to look up in the command '
'library. Eg: base dpkg names')
parser.add_argument('--shell',
default='/bin/sh',
help='The shell executable that the image uses')
parser.add_argument('--package',
default='',
help='A package name that the command needs to '
'execute with. Useful when testing commands in the '
'snippet library')
args = parser.parse_args()
# do initial setup to analyze docker image
container.check_docker_setup()
# set some global variables
rootfs.set_mount_dir()
# try to load the image
image_obj = report.load_full_image(args.image)
if image_obj.origins.is_empty():
# image loading was successful
# proceed mounting diff filesystems
rootfs.set_up()
if len(image_obj.layers) == 1:
# mount only one layer
target = rootfs.mount_base_layer(image_obj.layers[0].tar_file)
else:
target = analyze.mount_overlay_fs(image_obj,
len(image_obj.layers) - 1)
rootfs.prep_rootfs(target)
def execute_dockerfile(args):
'''Execution path if given a dockerfile'''
container.check_docker_setup()
logger.debug('Setting up...')
report.setup(dockerfile=args.dockerfile)
# attempt to build the image
logger.debug('Building Docker image...')
# placeholder to check if we can analyze the full image
completed = True
build, _ = dhelper.is_build()
if build:
# attempt to get built image metadata
image_tag_string = dhelper.get_dockerfile_image_tag()
full_image = report.load_full_image(image_tag_string)
if full_image.origins.is_empty():
# image loading was successful
# Add an image origin here
full_image.origins.add_notice_origin(
formats.dockerfile_image.format(dockerfile=args.dockerfile))
# analyze image
analyze(full_image, args, True)
else:
# we cannot load the full image
logger.warning('Cannot retrieve full image metadata')
completed = False
# clean up image
container.remove_image(full_image.repotag)
if not args.keep_wd:
report.clean_image_tars(full_image)
else:
# cannot build the image
logger.warning('Cannot build image')
completed = False
# check if we have analyzed the full image or not
if not completed:
# get the base image
logger.debug('Loading base image...')
base_image = report.load_base_image()
if base_image.origins.is_empty():
# image loading was successful
# add a notice stating failure to build image
base_image.origins.add_notice_to_origins(
args.dockerfile, Notice(formats.image_build_failure,
'warning'))
# analyze image
analyze(base_image, args)
else:
# we cannot load the base image
logger.warning('Cannot retrieve base image metadata')
# run through commands in the Dockerfile
logger.debug('Parsing Dockerfile to generate report...')
stub_image = get_dockerfile_packages()
if not args.keep_wd:
report.clean_image_tars(base_image)
# generate report based on what images were created
if completed:
report.report_out(args, full_image)
else:
report.report_out(args, base_image, stub_image)
logger.debug('Teardown...')
report.teardown()
if not args.keep_wd:
report.clean_working_dir(args.bind_mount)
