grype/cmd/root.go

package cmd

import (
	"fmt"
	"os"
	"runtime/pprof"

	"github.com/anchore/grype/grype"
	"github.com/anchore/grype/grype/presenter"
	"github.com/anchore/grype/internal"
	"github.com/anchore/grype/internal/format"
	"github.com/anchore/syft/syft/scope"
	"github.com/spf13/cobra"
	"github.com/spf13/viper"
)

var rootCmd = &cobra.Command{
	Use:   fmt.Sprintf("%s [IMAGE]", internal.ApplicationName),
	Short: "A vulnerability scanner for container images and filesystems", // TODO: add copy, add path-based scans
	Long: format.Tprintf(`Supports the following image sources:
    {{.appName}} yourrepo/yourimage:tag             defaults to using images from a docker daemon
    {{.appName}} docker://yourrepo/yourimage:tag    explicitly use a docker daemon
    {{.appName}} tar://path/to/yourimage.tar        use a tarball from disk
`, map[string]interface{}{
		"appName": internal.ApplicationName,
	}),
	Args: cobra.ExactArgs(1),
	Run: func(cmd *cobra.Command, args []string) {
		if appConfig.Dev.ProfileCPU {
			f, err := os.Create("cpu.profile")
			if err != nil {
				log.Errorf("unable to create CPU profile: %+v", err)
			} else {
				err := pprof.StartCPUProfile(f)
				if err != nil {
					log.Errorf("unable to start CPU profile: %+v", err)
				}
			}
		}

		err := runDefaultCmd(cmd, args)

		if appConfig.Dev.ProfileCPU {
			pprof.StopCPUProfile()
		}

		if err != nil {
			log.Errorf(err.Error())
			os.Exit(1)
		}
	},
}

func init() {
	// setup CLI options specific to scanning an image

	// scan options
	flag := "scope"
	rootCmd.Flags().StringP(
		"scope", "s", scope.AllLayersScope.String(),
		fmt.Sprintf("selection of layers to analyze, options=%v", scope.Options),
	)
	if err := viper.BindPFlag(flag, rootCmd.Flags().Lookup(flag)); err != nil {
		fmt.Printf("unable to bind flag '%s': %+v", flag, err)
		os.Exit(1)
	}

	// output & formatting options
	flag = "output"
	rootCmd.Flags().StringP(
		flag, "o", presenter.JSONPresenter.String(),
		fmt.Sprintf("report output formatter, options=%v", presenter.Options),
	)
	if err := viper.BindPFlag(flag, rootCmd.Flags().Lookup(flag)); err != nil {
		fmt.Printf("unable to bind flag '%s': %+v", flag, err)
		os.Exit(1)
	}
}

func runDefaultCmd(_ *cobra.Command, args []string) error {
	userImageStr := args[0]

	provider, err := grype.LoadVulnerabilityDb(appConfig.Db.ToCuratorConfig(), appConfig.Db.AutoUpdate)
	if err != nil {
		return fmt.Errorf("failed to load vulnerability db: %w", err)
	}

	results, catalog, _, err := grype.FindVulnerabilities(provider, userImageStr, appConfig.ScopeOpt)
	if err != nil {
		return fmt.Errorf("failed to find vulnerabilities: %w", err)
	}

	if err = presenter.GetPresenter(appConfig.PresenterOpt).Present(os.Stdout, catalog, results); err != nil {
		return fmt.Errorf("could not format catalog results: %w", err)
	}

	return nil
}
initial project structure 2020-05-26 14:37:28 +00:00			`package cmd`

			`import (`
			`"fmt"`
			`"os"`
Add matching by CPE (#40) * Commit just to share progress, needs to be squashed/fixed-up once working. Signed-off-by: Zach Hill <zach@anchore.com> * minor fixes * add cpe obj * add cpe matching * report cpe in search key * add verbose logging for matches; bump vulnscan-db ver * add dev profiler option; tweak logging * test support for CPE URI bindings addresses https://github.com/anchore/vulnscan/pull/40#discussion_r455389937 * rename nvdv2 to nvd * reduce scope of cpe matching to non-distro packages * normalize nil constraint strings Co-authored-by: Zach Hill <zach@anchore.com> 2020-07-16 19:12:19 +00:00			`"runtime/pprof"`
initial project structure 2020-05-26 14:37:28 +00:00
rename to grype 2020-07-24 01:29:05 +00:00			`"github.com/anchore/grype/grype"`
			`"github.com/anchore/grype/grype/presenter"`
			`"github.com/anchore/grype/internal"`
			`"github.com/anchore/grype/internal/format"`
add release pipeline & replace imgbom with syft (#60) 2020-07-24 01:26:03 +00:00			`"github.com/anchore/syft/syft/scope"`
initial project structure 2020-05-26 14:37:28 +00:00			`"github.com/spf13/cobra"`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`"github.com/spf13/viper"`
initial project structure 2020-05-26 14:37:28 +00:00			`)`

			`var rootCmd = &cobra.Command{`
			`Use: fmt.Sprintf("%s [IMAGE]", internal.ApplicationName),`
add release pipeline & replace imgbom with syft (#60) 2020-07-24 01:26:03 +00:00			`Short: "A vulnerability scanner for container images and filesystems", // TODO: add copy, add path-based scans`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			Long: format.Tprintf(`Supports the following image sources:
initial project structure 2020-05-26 14:37:28 +00:00			`{{.appName}} yourrepo/yourimage:tag defaults to using images from a docker daemon`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`{{.appName}} docker://yourrepo/yourimage:tag explicitly use a docker daemon`
initial project structure 2020-05-26 14:37:28 +00:00			`{{.appName}} tar://path/to/yourimage.tar use a tarball from disk`
			`, map[string]interface{}{
			`"appName": internal.ApplicationName,`
			`}),`
validate input arg length (#55) 2020-07-20 16:00:25 +00:00			`Args: cobra.ExactArgs(1),`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`Run: func(cmd *cobra.Command, args []string) {`
Add matching by CPE (#40) * Commit just to share progress, needs to be squashed/fixed-up once working. Signed-off-by: Zach Hill <zach@anchore.com> * minor fixes * add cpe obj * add cpe matching * report cpe in search key * add verbose logging for matches; bump vulnscan-db ver * add dev profiler option; tweak logging * test support for CPE URI bindings addresses https://github.com/anchore/vulnscan/pull/40#discussion_r455389937 * rename nvdv2 to nvd * reduce scope of cpe matching to non-distro packages * normalize nil constraint strings Co-authored-by: Zach Hill <zach@anchore.com> 2020-07-16 19:12:19 +00:00			`if appConfig.Dev.ProfileCPU {`
			`f, err := os.Create("cpu.profile")`
			`if err != nil {`
			`log.Errorf("unable to create CPU profile: %+v", err)`
			`} else {`
			`err := pprof.StartCPUProfile(f)`
			`if err != nil {`
			`log.Errorf("unable to start CPU profile: %+v", err)`
			`}`
			`}`
			`}`

Add integration tests (#54) * add integration tests + add matcher types * tweak db auto update var; rm dead cache cmd * Update cmd/root.go Co-authored-by: Alfredo Deza <adeza@anchore.com> Co-authored-by: Alfredo Deza <adeza@anchore.com> 2020-07-21 16:34:39 +00:00			`err := runDefaultCmd(cmd, args)`
Add matching by CPE (#40) * Commit just to share progress, needs to be squashed/fixed-up once working. Signed-off-by: Zach Hill <zach@anchore.com> * minor fixes * add cpe obj * add cpe matching * report cpe in search key * add verbose logging for matches; bump vulnscan-db ver * add dev profiler option; tweak logging * test support for CPE URI bindings addresses https://github.com/anchore/vulnscan/pull/40#discussion_r455389937 * rename nvdv2 to nvd * reduce scope of cpe matching to non-distro packages * normalize nil constraint strings Co-authored-by: Zach Hill <zach@anchore.com> 2020-07-16 19:12:19 +00:00
			`if appConfig.Dev.ProfileCPU {`
			`pprof.StopCPUProfile()`
			`}`

Add integration tests (#54) * add integration tests + add matcher types * tweak db auto update var; rm dead cache cmd * Update cmd/root.go Co-authored-by: Alfredo Deza <adeza@anchore.com> Co-authored-by: Alfredo Deza <adeza@anchore.com> 2020-07-21 16:34:39 +00:00			`if err != nil {`
			`log.Errorf(err.Error())`
			`os.Exit(1)`
			`}`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`},`
initial project structure 2020-05-26 14:37:28 +00:00			`}`

			`func init() {`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`// setup CLI options specific to scanning an image`
initial project structure 2020-05-26 14:37:28 +00:00
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`// scan options`
			`flag := "scope"`
			`rootCmd.Flags().StringP(`
			`"scope", "s", scope.AllLayersScope.String(),`
Add integration tests (#54) * add integration tests + add matcher types * tweak db auto update var; rm dead cache cmd * Update cmd/root.go Co-authored-by: Alfredo Deza <adeza@anchore.com> Co-authored-by: Alfredo Deza <adeza@anchore.com> 2020-07-21 16:34:39 +00:00			`fmt.Sprintf("selection of layers to analyze, options=%v", scope.Options),`
			`)`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`if err := viper.BindPFlag(flag, rootCmd.Flags().Lookup(flag)); err != nil {`
			`fmt.Printf("unable to bind flag '%s': %+v", flag, err)`
initial project structure 2020-05-26 14:37:28 +00:00			`os.Exit(1)`
			`}`

add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`// output & formatting options`
			`flag = "output"`
			`rootCmd.Flags().StringP(`
Add integration tests (#54) * add integration tests + add matcher types * tweak db auto update var; rm dead cache cmd * Update cmd/root.go Co-authored-by: Alfredo Deza <adeza@anchore.com> Co-authored-by: Alfredo Deza <adeza@anchore.com> 2020-07-21 16:34:39 +00:00			`flag, "o", presenter.JSONPresenter.String(),`
cmd: default to json output, connect to presenter Signed-off-by: Alfredo Deza <adeza@anchore.com> 2020-06-18 14:12:23 +00:00			`fmt.Sprintf("report output formatter, options=%v", presenter.Options),`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`)`
			`if err := viper.BindPFlag(flag, rootCmd.Flags().Lookup(flag)); err != nil {`
			`fmt.Printf("unable to bind flag '%s': %+v", flag, err)`
			`os.Exit(1)`
			`}`
initial project structure 2020-05-26 14:37:28 +00:00			`}`

Add integration tests (#54) * add integration tests + add matcher types * tweak db auto update var; rm dead cache cmd * Update cmd/root.go Co-authored-by: Alfredo Deza <adeza@anchore.com> Co-authored-by: Alfredo Deza <adeza@anchore.com> 2020-07-21 16:34:39 +00:00			`func runDefaultCmd(_ *cobra.Command, args []string) error {`
initial project structure 2020-05-26 14:37:28 +00:00			`userImageStr := args[0]`

rename to grype 2020-07-24 01:29:05 +00:00			`provider, err := grype.LoadVulnerabilityDb(appConfig.Db.ToCuratorConfig(), appConfig.Db.AutoUpdate)`
initial project structure 2020-05-26 14:37:28 +00:00			`if err != nil {`
Add integration tests (#54) * add integration tests + add matcher types * tweak db auto update var; rm dead cache cmd * Update cmd/root.go Co-authored-by: Alfredo Deza <adeza@anchore.com> Co-authored-by: Alfredo Deza <adeza@anchore.com> 2020-07-21 16:34:39 +00:00			`return fmt.Errorf("failed to load vulnerability db: %w", err)`
initial project structure 2020-05-26 14:37:28 +00:00			`}`

rename to grype 2020-07-24 01:29:05 +00:00			`results, catalog, _, err := grype.FindVulnerabilities(provider, userImageStr, appConfig.ScopeOpt)`
add curation of db file 2020-06-19 14:12:29 +00:00			`if err != nil {`
Add integration tests (#54) * add integration tests + add matcher types * tweak db auto update var; rm dead cache cmd * Update cmd/root.go Co-authored-by: Alfredo Deza <adeza@anchore.com> Co-authored-by: Alfredo Deza <adeza@anchore.com> 2020-07-21 16:34:39 +00:00			`return fmt.Errorf("failed to find vulnerabilities: %w", err)`
add curation of db file 2020-06-19 14:12:29 +00:00			`}`

Add integration tests (#54) * add integration tests + add matcher types * tweak db auto update var; rm dead cache cmd * Update cmd/root.go Co-authored-by: Alfredo Deza <adeza@anchore.com> Co-authored-by: Alfredo Deza <adeza@anchore.com> 2020-07-21 16:34:39 +00:00			`if err = presenter.GetPresenter(appConfig.PresenterOpt).Present(os.Stdout, catalog, results); err != nil {`
			`return fmt.Errorf("could not format catalog results: %w", err)`
add FindVulnerability lib function, wire up main with matcher 2020-06-01 11:21:07 +00:00			`}`
initial project structure 2020-05-26 14:37:28 +00:00
Add integration tests (#54) * add integration tests + add matcher types * tweak db auto update var; rm dead cache cmd * Update cmd/root.go Co-authored-by: Alfredo Deza <adeza@anchore.com> Co-authored-by: Alfredo Deza <adeza@anchore.com> 2020-07-21 16:34:39 +00:00			`return nil`
initial project structure 2020-05-26 14:37:28 +00:00			`}`