grype/cmd/root.go

159 lines
4.2 KiB
Go
Raw Normal View History

2020-05-26 14:37:28 +00:00
package cmd
import (
"fmt"
"os"
"runtime/pprof"
"sync"
"github.com/anchore/grype/grype/vulnerability"
"github.com/anchore/syft/syft"
"github.com/anchore/syft/syft/distro"
"github.com/anchore/syft/syft/pkg"
2020-05-26 14:37:28 +00:00
2020-07-24 01:29:05 +00:00
"github.com/anchore/grype/grype"
"github.com/anchore/grype/grype/event"
2020-07-24 01:29:05 +00:00
"github.com/anchore/grype/grype/presenter"
"github.com/anchore/grype/internal"
"github.com/anchore/grype/internal/bus"
2020-07-24 01:29:05 +00:00
"github.com/anchore/grype/internal/format"
"github.com/anchore/grype/internal/ui"
2020-07-24 18:24:16 +00:00
"github.com/anchore/grype/internal/version"
"github.com/anchore/syft/syft/scope"
2020-05-26 14:37:28 +00:00
"github.com/spf13/cobra"
2020-05-26 17:31:50 +00:00
"github.com/spf13/viper"
"github.com/wagoodman/go-partybus"
2020-05-26 14:37:28 +00:00
)
var rootCmd = &cobra.Command{
Use: fmt.Sprintf("%s [IMAGE]", internal.ApplicationName),
Short: "A vulnerability scanner for container images and filesystems", // TODO: add copy, add path-based scans
2020-05-26 17:31:50 +00:00
Long: format.Tprintf(`Supports the following image sources:
2020-05-26 14:37:28 +00:00
{{.appName}} yourrepo/yourimage:tag defaults to using images from a docker daemon
{{.appName}} dir://path/to/yourrepo do a directory scan
2020-05-26 17:31:50 +00:00
{{.appName}} docker://yourrepo/yourimage:tag explicitly use a docker daemon
2020-05-26 14:37:28 +00:00
{{.appName}} tar://path/to/yourimage.tar use a tarball from disk
`, map[string]interface{}{
"appName": internal.ApplicationName,
}),
2020-07-20 16:00:25 +00:00
Args: cobra.ExactArgs(1),
2020-05-26 17:31:50 +00:00
Run: func(cmd *cobra.Command, args []string) {
if appConfig.Dev.ProfileCPU {
f, err := os.Create("cpu.profile")
if err != nil {
log.Errorf("unable to create CPU profile: %+v", err)
} else {
err := pprof.StartCPUProfile(f)
if err != nil {
log.Errorf("unable to start CPU profile: %+v", err)
}
}
}
err := runDefaultCmd(cmd, args)
if appConfig.Dev.ProfileCPU {
pprof.StopCPUProfile()
}
if err != nil {
log.Errorf(err.Error())
os.Exit(1)
}
2020-05-26 17:31:50 +00:00
},
2020-05-26 14:37:28 +00:00
}
func init() {
2020-05-26 17:31:50 +00:00
// setup CLI options specific to scanning an image
2020-05-26 14:37:28 +00:00
2020-05-26 17:31:50 +00:00
// scan options
flag := "scope"
rootCmd.Flags().StringP(
"scope", "s", scope.AllLayersScope.String(),
fmt.Sprintf("selection of layers to analyze, options=%v", scope.Options),
)
2020-05-26 17:31:50 +00:00
if err := viper.BindPFlag(flag, rootCmd.Flags().Lookup(flag)); err != nil {
fmt.Printf("unable to bind flag '%s': %+v", flag, err)
2020-05-26 14:37:28 +00:00
os.Exit(1)
}
2020-05-26 17:31:50 +00:00
// output & formatting options
flag = "output"
rootCmd.Flags().StringP(
flag, "o", presenter.TablePresenter.String(),
fmt.Sprintf("report output formatter, options=%v", presenter.Options),
2020-05-26 17:31:50 +00:00
)
if err := viper.BindPFlag(flag, rootCmd.Flags().Lookup(flag)); err != nil {
fmt.Printf("unable to bind flag '%s': %+v", flag, err)
os.Exit(1)
}
2020-05-26 14:37:28 +00:00
}
func startWorker(userInput string) <-chan error {
errs := make(chan error)
go func() {
defer close(errs)
if appConfig.CheckForAppUpdate {
isAvailable, newVersion, err := version.IsUpdateAvailable()
if err != nil {
log.Errorf(err.Error())
}
if isAvailable {
log.Infof("New version of %s is available: %s", internal.ApplicationName, newVersion)
bus.Publish(partybus.Event{
Type: event.AppUpdateAvailable,
Value: newVersion,
})
} else {
log.Debugf("No new %s update available", internal.ApplicationName)
}
2020-07-24 18:24:16 +00:00
}
var provider vulnerability.Provider
var catalog *pkg.Catalog
var theDistro *distro.Distro
var err error
var wg = &sync.WaitGroup{}
2020-05-26 14:37:28 +00:00
wg.Add(2)
2020-05-26 14:37:28 +00:00
go func() {
defer wg.Done()
provider, err = grype.LoadVulnerabilityDb(appConfig.Db.ToCuratorConfig(), appConfig.Db.AutoUpdate)
if err != nil {
errs <- fmt.Errorf("failed to load vulnerability db: %w", err)
}
}()
2020-06-19 14:12:29 +00:00
go func() {
defer wg.Done()
catalog, _, theDistro, err = syft.Catalog(userInput, appConfig.ScopeOpt)
if err != nil {
errs <- fmt.Errorf("failed to catalog: %w", err)
}
}()
wg.Wait()
if err != nil {
return
}
results := grype.FindVulnerabilitiesForCatalog(provider, *theDistro, catalog)
bus.Publish(partybus.Event{
Type: event.VulnerabilityScanningFinished,
Value: presenter.GetPresenter(appConfig.PresenterOpt, results, catalog),
})
}()
return errs
}
func runDefaultCmd(_ *cobra.Command, args []string) error {
userInput := args[0]
errs := startWorker(userInput)
ux := ui.Select(appConfig.CliOptions.Verbosity > 0, appConfig.Quiet)
return ux(errs, eventSubscription)
2020-05-26 14:37:28 +00:00
}