arno/clair
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

contrib: Revert "Merge pull request #367 from jzelinskie/analyze-layers-v2"

Browse Source 
This reverts commit e639367a30, reversing
changes made to f3848d9726. Issue involved
the docker history command providing missing fs layers that were not in
the saved image. Revert commit to using the manifest file again.
This commit is contained in:
Josue Diaz 2017-04-28 10:50:16 -04:00
parent b02714c1ae
commit f3840f30b9
No known key found for this signature in database
GPG Key ID: 0FFB394207A39072
1 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
contrib/analyze-local-images/main.go
View File

@ -154,7 +154,10 @@ func AnalyzeLocalImage(imageName string, minSeverity types.Priority, endpoint, m
// Retrieve history. // Retrieve history.
log.Println("Retrieving image history") log.Println("Retrieving image history")
layerIDs, err := historyFromCommand(imageName) layerIDs, err := historyFromManifest(tmpPath)
if err != nil {
layerIDs, err = historyFromCommand(imageName)
}
if err != nil || len(layerIDs) == 0 { if err != nil || len(layerIDs) == 0 {
return fmt.Errorf("Could not get image's history: %s", err) return fmt.Errorf("Could not get image's history: %s", err)
} }
@ -269,7 +272,7 @@ func AnalyzeLocalImage(imageName string, minSeverity types.Priority, endpoint, m
fmt.Printf("%s No vulnerabilities matching the minimum severity level were detected in your image\n", color.YellowString("NOTE:")) fmt.Printf("%s No vulnerabilities matching the minimum severity level were detected in your image\n", color.YellowString("NOTE:"))
} else { } else {
return fmt.Errorf("A total of %d vulnerabilities have been detected in your image", len(vulnerabilities)) return fmt.Errorf("A total of %d vulnerabilities have been detected in your image", len(vulnerabilities))
} }
return nil return nil
} }
@ -306,6 +309,33 @@ func save(imageName, path string) error {
return nil return nil
} }
func historyFromManifest(path string) ([]string, error) {
mf, err := os.Open(path + "/manifest.json")
if err != nil {
return nil, err
}
defer mf.Close()
// https://github.com/docker/docker/blob/master/image/tarexport/tarexport.go#L17
type manifestItem struct {
Config string
RepoTags []string
Layers []string
}
var manifest []manifestItem
if err = json.NewDecoder(mf).Decode(&manifest); err != nil {
return nil, err
} else if len(manifest) != 1 {
return nil, err
}
var layers []string
for _, layer := range manifest[0].Layers {
layers = append(layers, strings.TrimSuffix(layer, "/layer.tar"))
}
return layers, nil
}
func historyFromCommand(imageName string) ([]string, error) { func historyFromCommand(imageName string) ([]string, error) {
var stderr bytes.Buffer var stderr bytes.Buffer
cmd := exec.Command("docker", "history", "-q", "--no-trunc", imageName) cmd := exec.Command("docker", "history", "-q", "--no-trunc", imageName)