def execute_docker_image(args): '''Execution path if given a Docker image''' logger.debug('Setting up...') image_string = args.docker_image if not args.raw_image: # don't check docker daemon for raw images container.check_docker_setup() else: image_string = args.raw_image report.setup(image_tag_string=image_string) # attempt to get built image metadata full_image = report.load_full_image(image_string) if full_image.origins.is_empty(): # image loading was successful # Add an image origin here full_image.origins.add_notice_origin( formats.docker_image.format(imagetag=image_string)) # analyze image analyze(full_image, args) # generate report report.report_out(args, full_image) else: # we cannot load the full image logger.warning('Cannot retrieve full image metadata') if not args.keep_wd: report.clean_image_tars(full_image) logger.debug('Teardown...') report.teardown() if not args.keep_wd: report.clean_working_dir()
def setUp(self): '''Using a specific image here. If this test fails due to the image not being found anymore, pick a different image to test against For now use Docker to pull the image from Dockerhub''' set_mount_dir() create_top_dir() check_docker_setup() if not check_image('vmware/tern@sha256:20b32a9a20752aa1ad' '7582c667704fda9f004cc4bfd8601fac7f2656c7567bb4'): try: container.pull_image('vmware/tern@sha256:20b32a9a20' '752aa1ad7582c667704fda9f004cc4' 'bfd8601fac7f2656c7567bb4') except subprocess.CalledProcessError as error: print(error.output) self.image = DockerImage('vmware/tern@sha256:20b32' 'a9a20752aa1ad7582c667704fda9f00' '4cc4bfd8601fac7f2656c7567bb4') # constants for this image self.image_id = ('acb194ad84d0f9734e794fbbdbb65fb' '7db6eda83f33e9e817bcc75b1bdd99f5e') self.layer = ('c1c3a87012e7ff5791b31e94515b661' 'cdf06f6d5dc2f9a6245eda8774d257a13') self.no_layers = 1 self.created_by = ('/bin/sh -c #(nop) ADD ' 'file:92137e724f46c720d8083a11290c67' 'd9daa387e523336b1757a0e3c4f5867cd5 ' 'in / ')
def setUp(self): '''Using a specific image here. If this test fails due to the image not being found anymore, pick a different image to test against For now use Docker to pull the image from Dockerhub''' set_mount_dir() create_top_dir() check_docker_setup() if not check_image('vmware/tern@sha256:20b32a9a20752aa1ad' '7582c667704fda9f004cc4bfd8601fac7f2656c7567bb4'): try: container.pull_image('vmware/tern@sha256:20b32a9a20' '752aa1ad7582c667704fda9f004cc4' 'bfd8601fac7f2656c7567bb4') except subprocess.CalledProcessError as error: print(error.output) self.image = DockerImage('vmware/tern@sha256:20b32' 'a9a20752aa1ad7582c667704fda9f00' '4cc4bfd8601fac7f2656c7567bb4') # constants for this image self.image_id = ('acb194ad84d0f9734e794fbbdbb65fb' '7db6eda83f33e9e817bcc75b1bdd99f5e') self.layer = ('c1c3a87012e7ff5791b31e94515b661' 'cdf06f6d5dc2f9a6245eda8774d257a13') self.no_layers = 1 self.created_by = ('/bin/sh -c #(nop) ADD ' 'file:92137e724f46c720d8083a11290c67' 'd9daa387e523336b1757a0e3c4f5867cd5 ' 'in / ') self.file_info = [ ('file2.txt', 'documents/test/file2.txt', '9710f003d924890c7677b4dd91fd753f6ed71cc57d4f' '9482261b6786d81957fa', 'sha256'), ('file2.txt', 'documents/test/test2/file2.txt', '885000512dee8ac814641bbf6a7c887012ec23a2fb3e' '3b2cff583c45a611317d', 'sha256'), ('file1.txt', 'documents/test/test2/file1.txt', '885000512dee8ac814641bbf6a7c887012ec' '23a2fb3e3b2cff583c45a611317d', 'sha256'), ('file1.txt', 'documents/test/file1.txt', 'a3cccbc52486d50a86ff0bc1e6ea0e0b701ac' '4bb139f8713fa136ef9ec68e97e', 'sha256') ]
def execute_dockerfile(args): # noqa C901,R0912 '''Execution path if given a dockerfile''' container.check_docker_setup() logger.debug('Setting up...') dfile = '' dfile_lock = False if args.name == 'report': dfile = args.dockerfile else: dfile = args.lock dfile_lock = True dfobj = dockerfile.get_dockerfile_obj(dfile) # expand potential ARG values so base image tag is correct dockerfile.expand_arg(dfobj) dockerfile.expand_vars(dfobj) report.setup(dfobj=dfobj) # attempt to build the image logger.debug('Building Docker image...') # placeholder to check if we can analyze the full image completed = True build, _ = dhelper.is_build() if build: # attempt to get built image metadata image_tag_string = dhelper.get_dockerfile_image_tag() full_image = report.load_full_image(image_tag_string) if full_image.origins.is_empty(): # image loading was successful # Add an image origin here full_image.origins.add_notice_origin( formats.dockerfile_image.format(dockerfile=dfile)) # analyze image analyze(full_image, args, dfile_lock, dfobj) else: # we cannot load the full image logger.warning('Cannot retrieve full image metadata') completed = False # clean up image container.remove_image(full_image.repotag) if not args.keep_wd: report.clean_image_tars(full_image) else: # cannot build the image logger.warning('Cannot build image') completed = False # check if we have analyzed the full image or not if not completed: # get the base image logger.debug('Loading base image...') base_image = report.load_base_image() if base_image.origins.is_empty(): # image loading was successful # add a notice stating failure to build image base_image.origins.add_notice_to_origins( dfile, Notice(formats.image_build_failure, 'warning')) # analyze image analyze(base_image, args, dfile_lock, dfobj) else: # we cannot load the base image logger.warning('Cannot retrieve base image metadata') stub_image = get_dockerfile_packages() if args.name == 'report': if not args.keep_wd: report.clean_image_tars(base_image) # generate report based on what images were created if not dfile_lock: if completed: report.report_out(args, full_image) else: report.report_out(args, base_image, stub_image) else: logger.debug('Parsing Dockerfile to generate report...') output = dockerfile.create_locked_dockerfile(dfobj) dockerfile.write_locked_dockerfile(output, args.output_file) logger.debug('Teardown...') report.teardown() if args.name == 'report': if not args.keep_wd: report.clean_working_dir()
parser.add_argument('--keys', nargs='+', help='List of keys to look up in the command ' 'library. Eg: base dpkg names') parser.add_argument('--shell', default='/bin/sh', help='The shell executable that the image uses') parser.add_argument('--package', default='', help='A package name that the command needs to ' 'execute with. Useful when testing commands in the ' 'snippet library') args = parser.parse_args() # do initial setup to analyze docker image container.check_docker_setup() # set some global variables rootfs.set_mount_dir() # try to load the image image_obj = report.load_full_image(args.image) if image_obj.origins.is_empty(): # image loading was successful # proceed mounting diff filesystems rootfs.set_up() if len(image_obj.layers) == 1: # mount only one layer target = rootfs.mount_base_layer(image_obj.layers[0].tar_file) else: target = analyze.mount_overlay_fs(image_obj, len(image_obj.layers) - 1) rootfs.prep_rootfs(target)
def execute_dockerfile(args): '''Execution path if given a dockerfile''' container.check_docker_setup() logger.debug('Setting up...') report.setup(dockerfile=args.dockerfile) # attempt to build the image logger.debug('Building Docker image...') # placeholder to check if we can analyze the full image completed = True build, _ = dhelper.is_build() if build: # attempt to get built image metadata image_tag_string = dhelper.get_dockerfile_image_tag() full_image = report.load_full_image(image_tag_string) if full_image.origins.is_empty(): # image loading was successful # Add an image origin here full_image.origins.add_notice_origin( formats.dockerfile_image.format(dockerfile=args.dockerfile)) # analyze image analyze(full_image, args, True) else: # we cannot load the full image logger.warning('Cannot retrieve full image metadata') completed = False # clean up image container.remove_image(full_image.repotag) if not args.keep_wd: report.clean_image_tars(full_image) else: # cannot build the image logger.warning('Cannot build image') completed = False # check if we have analyzed the full image or not if not completed: # get the base image logger.debug('Loading base image...') base_image = report.load_base_image() if base_image.origins.is_empty(): # image loading was successful # add a notice stating failure to build image base_image.origins.add_notice_to_origins( args.dockerfile, Notice(formats.image_build_failure, 'warning')) # analyze image analyze(base_image, args) else: # we cannot load the base image logger.warning('Cannot retrieve base image metadata') # run through commands in the Dockerfile logger.debug('Parsing Dockerfile to generate report...') stub_image = get_dockerfile_packages() if not args.keep_wd: report.clean_image_tars(base_image) # generate report based on what images were created if completed: report.report_out(args, full_image) else: report.report_out(args, base_image, stub_image) logger.debug('Teardown...') report.teardown() if not args.keep_wd: report.clean_working_dir(args.bind_mount)