def testImageString(self):
correct_strings = [
'image@digest_type:digest', 'image:tag', 'debian:buster',
'golang:1.12-alpine',
('p12/test@sha256:737aaa0caf3b8f64baa41ebf78c6cd0c43f34fadccc1275'
'a32b8ab5d5b75c344')
]
incorrect_strings = ['debian', 'image', 'debian@sha', 'test/v1.56']
for image_str in correct_strings:
self.assertTrue(general.check_image_string(image_str))
for image_str in incorrect_strings:
self.assertFalse(general.check_image_string(image_str))
def do_main(args):
"""Execute according to subcommands"""
# Set up environment
if not args.quiet:
# set up console logs
global logger
global console
logger.addHandler(console)
logger.debug("Starting...")
prep.setup(args.working_dir)
if args.clear_cache:
logger.debug('Clearing cache...')
cache.clear()
if hasattr(args, 'name'):
if args.name == 'lock':
run.execute_dockerfile(args)
elif args.name == 'report':
if args.dockerfile:
run.execute_dockerfile(args)
elif args.docker_image:
# Check if the image string is a tarball
if general.check_tar(args.docker_image):
logger.critical(errors.incorrect_raw_option)
sys.exit(1)
# Check if the image string has the right format
if not check_image_string(args.docker_image):
logger.critical(errors.incorrect_image_string_format)
sys.exit(1)
# If the checks are OK, execute for docker image
run.execute_docker_image(args)
# Tear down the environment
prep.teardown(args.keep_wd)
logger.debug('Finished')
def check_image_input(options):
"""If the option is a raw image tarball then check if it is a tar file.
If the option is a image string, check if it is in the right format"""
# Check if the option is a tarball
if options.raw_image:
if not general.check_tar(options.raw_image):
logger.critical(errors.incorrect_raw_option)
sys.exit(1)
# Check if the image string has the right format
if options.docker_image:
if not check_image_string(options.docker_image):
logger.critical(errors.incorrect_image_string_format)
sys.exit(1)
def get_dockerfile_base():
'''Get the base image object from the dockerfile base instructions
1. get the instructions around FROM
2. get the base image and tag
3. Make notes based on what the image and tag rules are
4. Return an image object and the base instructions string
NOTE: Potential ARG values in the Dockerfile object have already been
expanded at this point. However, Dockerfile rules say that if no
--build-arg is passed during docker build and ARG has no default, the
build will fail. We assume for now that we will not be passing build
arguments in which case if there is no default ARG, we will raise an
exception indicating that since the build arguments are determined by
the user we will not be able to determine what the user wanted'''
try:
# Get the base image tag.
# NOTE: ARG values have already been expanded.
base_image_string, from_line = get_base_image_tag(docker_commands)
# check for scratch
if base_image_string == 'scratch':
# there is no base image to pull
raise ValueError("Cannot pull 'scratch' base image.")
# there should be some image object here
base_image = DockerImage(base_image_string)
base_image.origins.add_notice_origin(from_line)
base_image.name = base_image_string.split(':')[0]
# check if there is a tag
if not check_image_string(base_image_string):
message_string = errors.dockerfile_no_tag.format(
dockerfile_line=from_line)
base_image.origins.add_notice_to_origins(
docker_commands, Notice(message_string, 'warning'))
base_image.tag = 'latest'
else:
base_image.tag = base_image_string.split(':')[1]
# check if the tag is 'latest'
if base_image.tag == 'latest':
message_string = errors.dockerfile_using_latest.format(
dockerfile_line=from_line)
base_image.origins.add_notice_to_origins(
docker_commands, Notice(message_string, 'warning'))
return base_image, from_line
except ValueError as e:
logger.fatal(
"%s",
errors.cannot_parse_base_image.format(dockerfile=dockerfile_global,
error_msg=e))
sys.exit(1)
def do_main(args):
'''Execute according to subcommands'''
# set bind mount location if working in a container
rootfs.set_mount_dir(args.bind_mount, args.working_dir)
# create working directory
create_top_dir(args.working_dir)
if not args.quiet:
# set up console logs
global logger
global console
logger.addHandler(console)
logger.debug('Starting...')
if args.clear_cache:
logger.debug('Clearing cache...')
cache.clear()
if hasattr(args, 'name') and (args.name == 'report'
or args.name == 'lock'):
if args.name == 'lock':
run.execute_dockerfile(args)
elif args.dockerfile:
run.execute_dockerfile(args)
elif args.docker_image:
# Check if the image is of image:tag
# or image@digest_type:digest format
if not check_image_string(args.docker_image):
sys.stderr.write('Error running Tern\n'
'Please provide docker image '
'string in image:tag or '
'image@digest_type:digest format\n')
sys.exit(1)
if general.check_tar(args.docker_image):
logger.error("%s", errors.incorrect_raw_option)
else:
run.execute_docker_image(args)
logger.debug('Report completed.')
if args.name == 'report':
if args.raw_image:
if not general.check_tar(args.raw_image):
logger.error(
"%s",
errors.invalid_raw_image.format(image=args.raw_image))
else:
run.execute_docker_image(args)
logger.debug('Report completed.')
logger.debug('Finished')
def get_dockerfile_base():
'''Get the base image object from the dockerfile base instructions
1. get the instructions around FROM
2. get the base image and tag
3. Make notes based on what the image and tag rules are
4. Return an image object and the base instructions string
NOTE: Potential ARG values in the Dockerfile object have already been
expanded at this point. However, Dockerfile rules say that if no
--build-arg is passed during docker build and ARG has no default, the
build will fail. We assume for now that we will not be passing build
arguments in which case if there is no default ARG, we will raise an
exception indicating that since the build arguments are determined by
the user we will not be able to determine what the user wanted'''
try:
dockerfile_lines = docker_commands
base_image_string = ''
from_line = ''
# Get the base image tag.
# NOTE: ARG values have already been expanded.
for i, cmd_dict in enumerate(dockerfile_lines):
if cmd_dict['instruction'] == 'FROM':
# Account for "as" keyword in FROM line
base_image_string = re.split(" as",
cmd_dict['value'],
flags=re.IGNORECASE)[0]
from_line = 'FROM' + base_image_string
# Check that potential ARG values has default
if i != 0 and dockerfile_lines[i - 1]['instruction'] == 'ARG':
if len(dockerfile_lines[i - 1]['value'].split('=')) == 1:
raise ValueError('No ARG default value to pass to '
'FROM command in Dockerfile.')
break
# check for scratch
if base_image_string == 'scratch':
# there is no base image to pull
raise ValueError("Cannot pull 'scratch' base image.")
# there should be some image object here
base_image = DockerImage(base_image_string)
base_image.origins.add_notice_origin(from_line)
base_image.name = base_image_string.split(':')[0]
# check if there is a tag
if not check_image_string(base_image_string):
message_string = errors.dockerfile_no_tag.format(
dockerfile_line=from_line)
base_image.origins.add_notice_to_origins(
dockerfile_lines, Notice(message_string, 'warning'))
base_image.tag = 'latest'
else:
base_image.tag = base_image_string.split(':')[1]
# check if the tag is 'latest'
if base_image.tag == 'latest':
message_string = errors.dockerfile_using_latest.format(
dockerfile_line=from_line)
base_image.origins.add_notice_to_origins(
dockerfile_lines, Notice(message_string, 'warning'))
return base_image, from_line
except ValueError as e:
logger.fatal(
"%s",
errors.cannot_parse_base_image.format(dockerfile=dockerfile_global,
error_msg=e))
sys.exit(1)
