grype/cmd/root.go

package cmd

import (
	"fmt"
	"os"
	"runtime/pprof"
	"sync"

	"github.com/anchore/grype/grype/vulnerability"
	"github.com/anchore/syft/syft"
	"github.com/anchore/syft/syft/distro"
	"github.com/anchore/syft/syft/pkg"

	"github.com/anchore/grype/grype"
	"github.com/anchore/grype/grype/event"
	"github.com/anchore/grype/grype/presenter"
	"github.com/anchore/grype/internal"
	"github.com/anchore/grype/internal/bus"
	"github.com/anchore/grype/internal/format"
	"github.com/anchore/grype/internal/ui"
	"github.com/anchore/grype/internal/version"
	"github.com/anchore/syft/syft/scope"
	"github.com/spf13/cobra"
	"github.com/spf13/viper"
	"github.com/wagoodman/go-partybus"
)

var rootCmd = &cobra.Command{
	Use:   fmt.Sprintf("%s [IMAGE]", internal.ApplicationName),
	Short: "A vulnerability scanner for container images and filesystems", // TODO: add copy, add path-based scans
	Long: format.Tprintf(`Supports the following image sources:
    {{.appName}} yourrepo/yourimage:tag             defaults to using images from a docker daemon
    {{.appName}} dir://path/to/yourrepo             do a directory scan
    {{.appName}} docker://yourrepo/yourimage:tag    explicitly use a docker daemon
    {{.appName}} tar://path/to/yourimage.tar        use a tarball from disk
`, map[string]interface{}{
		"appName": internal.ApplicationName,
	}),
	Args: cobra.ExactArgs(1),
	Run: func(cmd *cobra.Command, args []string) {
		if appConfig.Dev.ProfileCPU {
			f, err := os.Create("cpu.profile")
			if err != nil {
				log.Errorf("unable to create CPU profile: %+v", err)
			} else {
				err := pprof.StartCPUProfile(f)
				if err != nil {
					log.Errorf("unable to start CPU profile: %+v", err)
				}
			}
		}

		err := runDefaultCmd(cmd, args)

		if appConfig.Dev.ProfileCPU {
			pprof.StopCPUProfile()
		}

		if err != nil {
			log.Errorf(err.Error())
			os.Exit(1)
		}
	},
}

func init() {
	// setup CLI options specific to scanning an image

	// scan options
	flag := "scope"
	rootCmd.Flags().StringP(
		"scope", "s", scope.AllLayersScope.String(),
		fmt.Sprintf("selection of layers to analyze, options=%v", scope.Options),
	)
	if err := viper.BindPFlag(flag, rootCmd.Flags().Lookup(flag)); err != nil {
		fmt.Printf("unable to bind flag '%s': %+v", flag, err)
		os.Exit(1)
	}

	// output & formatting options
	flag = "output"
	rootCmd.Flags().StringP(
		flag, "o", presenter.TablePresenter.String(),
		fmt.Sprintf("report output formatter, options=%v", presenter.Options),
	)
	if err := viper.BindPFlag(flag, rootCmd.Flags().Lookup(flag)); err != nil {
		fmt.Printf("unable to bind flag '%s': %+v", flag, err)
		os.Exit(1)
	}
}

func startWorker(userInput string) <-chan error {
	errs := make(chan error)
	go func() {
		defer close(errs)

		if appConfig.CheckForAppUpdate {
			isAvailable, newVersion, err := version.IsUpdateAvailable()
			if err != nil {
				log.Errorf(err.Error())
			}
			if isAvailable {
				log.Infof("New version of %s is available: %s", internal.ApplicationName, newVersion)

				bus.Publish(partybus.Event{
					Type:  event.AppUpdateAvailable,
					Value: newVersion,
				})
			} else {
				log.Debugf("No new %s update available", internal.ApplicationName)
			}
		}

		var provider vulnerability.Provider
		var catalog *pkg.Catalog
		var theDistro *distro.Distro
		var err error
		var wg = &sync.WaitGroup{}

		wg.Add(2)

		go func() {
			defer wg.Done()
			provider, err = grype.LoadVulnerabilityDb(appConfig.Db.ToCuratorConfig(), appConfig.Db.AutoUpdate)
			if err != nil {
				errs <- fmt.Errorf("failed to load vulnerability db: %w", err)
			}
		}()

		go func() {
			defer wg.Done()
			catalog, _, theDistro, err = syft.Catalog(userInput, appConfig.ScopeOpt)
			if err != nil {
				errs <- fmt.Errorf("failed to catalog: %w", err)
			}
		}()

		wg.Wait()
		if err != nil {
			return
		}

		results := grype.FindVulnerabilitiesForCatalog(provider, *theDistro, catalog)

		bus.Publish(partybus.Event{
			Type:  event.VulnerabilityScanningFinished,
			Value: presenter.GetPresenter(appConfig.PresenterOpt, results, catalog),
		})
	}()
	return errs
}

func runDefaultCmd(_ *cobra.Command, args []string) error {
	userInput := args[0]
	errs := startWorker(userInput)
	ux := ui.Select(appConfig.CliOptions.Verbosity > 0, appConfig.Quiet)
	return ux(errs, eventSubscription)
}
initial project structure 2020-05-26 14:37:28 +00:00			`package cmd`

			`import (`
			`"fmt"`
			`"os"`
Add matching by CPE (#40) * Commit just to share progress, needs to be squashed/fixed-up once working. Signed-off-by: Zach Hill <zach@anchore.com> * minor fixes * add cpe obj * add cpe matching * report cpe in search key * add verbose logging for matches; bump vulnscan-db ver * add dev profiler option; tweak logging * test support for CPE URI bindings addresses https://github.com/anchore/vulnscan/pull/40#discussion_r455389937 * rename nvdv2 to nvd * reduce scope of cpe matching to non-distro packages * normalize nil constraint strings Co-authored-by: Zach Hill <zach@anchore.com> 2020-07-16 19:12:19 +00:00			`"runtime/pprof"`
Add ETUI (#77) * add base syft UI elements * add etui with shared ui elements * allow for concurrent download DB and fetch/catalog image 2020-07-30 23:06:27 +00:00			`"sync"`

			`"github.com/anchore/grype/grype/vulnerability"`
			`"github.com/anchore/syft/syft"`
			`"github.com/anchore/syft/syft/distro"`
			`"github.com/anchore/syft/syft/pkg"`
initial project structure 2020-05-26 14:37:28 +00:00
rename to grype 2020-07-24 01:29:05 +00:00			`"github.com/anchore/grype/grype"`
Add ETUI (#77) * add base syft UI elements * add etui with shared ui elements * allow for concurrent download DB and fetch/catalog image 2020-07-30 23:06:27 +00:00			`"github.com/anchore/grype/grype/event"`
rename to grype 2020-07-24 01:29:05 +00:00			`"github.com/anchore/grype/grype/presenter"`
			`"github.com/anchore/grype/internal"`
Add ETUI (#77) * add base syft UI elements * add etui with shared ui elements * allow for concurrent download DB and fetch/catalog image 2020-07-30 23:06:27 +00:00			`"github.com/anchore/grype/internal/bus"`
rename to grype 2020-07-24 01:29:05 +00:00			`"github.com/anchore/grype/internal/format"`
Add ETUI (#77) * add base syft UI elements * add etui with shared ui elements * allow for concurrent download DB and fetch/catalog image 2020-07-30 23:06:27 +00:00			`"github.com/anchore/grype/internal/ui"`
add update check to entrypoint (#67) 2020-07-24 18:24:16 +00:00			`"github.com/anchore/grype/internal/version"`
add release pipeline & replace imgbom with syft (#60) 2020-07-24 01:26:03 +00:00			`"github.com/anchore/syft/syft/scope"`
initial project structure 2020-05-26 14:37:28 +00:00			`"github.com/spf13/cobra"`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`"github.com/spf13/viper"`
Add ETUI (#77) * add base syft UI elements * add etui with shared ui elements * allow for concurrent download DB and fetch/catalog image 2020-07-30 23:06:27 +00:00			`"github.com/wagoodman/go-partybus"`
initial project structure 2020-05-26 14:37:28 +00:00			`)`

			`var rootCmd = &cobra.Command{`
			`Use: fmt.Sprintf("%s [IMAGE]", internal.ApplicationName),`
add release pipeline & replace imgbom with syft (#60) 2020-07-24 01:26:03 +00:00			`Short: "A vulnerability scanner for container images and filesystems", // TODO: add copy, add path-based scans`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			Long: format.Tprintf(`Supports the following image sources:
initial project structure 2020-05-26 14:37:28 +00:00			`{{.appName}} yourrepo/yourimage:tag defaults to using images from a docker daemon`
cmd: add directory scan help entry Signed-off-by: Alfredo Deza <adeza@anchore.com> 2020-07-24 18:03:25 +00:00			`{{.appName}} dir://path/to/yourrepo do a directory scan`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`{{.appName}} docker://yourrepo/yourimage:tag explicitly use a docker daemon`
initial project structure 2020-05-26 14:37:28 +00:00			`{{.appName}} tar://path/to/yourimage.tar use a tarball from disk`
			`, map[string]interface{}{
			`"appName": internal.ApplicationName,`
			`}),`
validate input arg length (#55) 2020-07-20 16:00:25 +00:00			`Args: cobra.ExactArgs(1),`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`Run: func(cmd *cobra.Command, args []string) {`
Add matching by CPE (#40) * Commit just to share progress, needs to be squashed/fixed-up once working. Signed-off-by: Zach Hill <zach@anchore.com> * minor fixes * add cpe obj * add cpe matching * report cpe in search key * add verbose logging for matches; bump vulnscan-db ver * add dev profiler option; tweak logging * test support for CPE URI bindings addresses https://github.com/anchore/vulnscan/pull/40#discussion_r455389937 * rename nvdv2 to nvd * reduce scope of cpe matching to non-distro packages * normalize nil constraint strings Co-authored-by: Zach Hill <zach@anchore.com> 2020-07-16 19:12:19 +00:00			`if appConfig.Dev.ProfileCPU {`
			`f, err := os.Create("cpu.profile")`
			`if err != nil {`
			`log.Errorf("unable to create CPU profile: %+v", err)`
			`} else {`
			`err := pprof.StartCPUProfile(f)`
			`if err != nil {`
			`log.Errorf("unable to start CPU profile: %+v", err)`
			`}`
			`}`
			`}`

Add integration tests (#54) * add integration tests + add matcher types * tweak db auto update var; rm dead cache cmd * Update cmd/root.go Co-authored-by: Alfredo Deza <adeza@anchore.com> Co-authored-by: Alfredo Deza <adeza@anchore.com> 2020-07-21 16:34:39 +00:00			`err := runDefaultCmd(cmd, args)`
Add matching by CPE (#40) * Commit just to share progress, needs to be squashed/fixed-up once working. Signed-off-by: Zach Hill <zach@anchore.com> * minor fixes * add cpe obj * add cpe matching * report cpe in search key * add verbose logging for matches; bump vulnscan-db ver * add dev profiler option; tweak logging * test support for CPE URI bindings addresses https://github.com/anchore/vulnscan/pull/40#discussion_r455389937 * rename nvdv2 to nvd * reduce scope of cpe matching to non-distro packages * normalize nil constraint strings Co-authored-by: Zach Hill <zach@anchore.com> 2020-07-16 19:12:19 +00:00
			`if appConfig.Dev.ProfileCPU {`
			`pprof.StopCPUProfile()`
			`}`

Add integration tests (#54) * add integration tests + add matcher types * tweak db auto update var; rm dead cache cmd * Update cmd/root.go Co-authored-by: Alfredo Deza <adeza@anchore.com> Co-authored-by: Alfredo Deza <adeza@anchore.com> 2020-07-21 16:34:39 +00:00			`if err != nil {`
			`log.Errorf(err.Error())`
			`os.Exit(1)`
			`}`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`},`
initial project structure 2020-05-26 14:37:28 +00:00			`}`

			`func init() {`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`// setup CLI options specific to scanning an image`
initial project structure 2020-05-26 14:37:28 +00:00
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`// scan options`
			`flag := "scope"`
			`rootCmd.Flags().StringP(`
			`"scope", "s", scope.AllLayersScope.String(),`
Add integration tests (#54) * add integration tests + add matcher types * tweak db auto update var; rm dead cache cmd * Update cmd/root.go Co-authored-by: Alfredo Deza <adeza@anchore.com> Co-authored-by: Alfredo Deza <adeza@anchore.com> 2020-07-21 16:34:39 +00:00			`fmt.Sprintf("selection of layers to analyze, options=%v", scope.Options),`
			`)`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`if err := viper.BindPFlag(flag, rootCmd.Flags().Lookup(flag)); err != nil {`
			`fmt.Printf("unable to bind flag '%s': %+v", flag, err)`
initial project structure 2020-05-26 14:37:28 +00:00			`os.Exit(1)`
			`}`

add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`// output & formatting options`
			`flag = "output"`
			`rootCmd.Flags().StringP(`
Add default table presenter (#59) * add default table presenter * compress table output * fix table presenter found-by to use only search key 2020-07-25 15:38:08 +00:00			`flag, "o", presenter.TablePresenter.String(),`
cmd: default to json output, connect to presenter Signed-off-by: Alfredo Deza <adeza@anchore.com> 2020-06-18 14:12:23 +00:00			`fmt.Sprintf("report output formatter, options=%v", presenter.Options),`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`)`
			`if err := viper.BindPFlag(flag, rootCmd.Flags().Lookup(flag)); err != nil {`
			`fmt.Printf("unable to bind flag '%s': %+v", flag, err)`
			`os.Exit(1)`
			`}`
initial project structure 2020-05-26 14:37:28 +00:00			`}`

Add ETUI (#77) * add base syft UI elements * add etui with shared ui elements * allow for concurrent download DB and fetch/catalog image 2020-07-30 23:06:27 +00:00			`func startWorker(userInput string) <-chan error {`
			`errs := make(chan error)`
			`go func() {`
			`defer close(errs)`

			`if appConfig.CheckForAppUpdate {`
			`isAvailable, newVersion, err := version.IsUpdateAvailable()`
			`if err != nil {`
			`log.Errorf(err.Error())`
			`}`
			`if isAvailable {`
			`log.Infof("New version of %s is available: %s", internal.ApplicationName, newVersion)`

			`bus.Publish(partybus.Event{`
			`Type: event.AppUpdateAvailable,`
			`Value: newVersion,`
			`})`
			`} else {`
			`log.Debugf("No new %s update available", internal.ApplicationName)`
			`}`
add update check to entrypoint (#67) 2020-07-24 18:24:16 +00:00			`}`

Add ETUI (#77) * add base syft UI elements * add etui with shared ui elements * allow for concurrent download DB and fetch/catalog image 2020-07-30 23:06:27 +00:00			`var provider vulnerability.Provider`
			`var catalog *pkg.Catalog`
			`var theDistro *distro.Distro`
			`var err error`
			`var wg = &sync.WaitGroup{}`
initial project structure 2020-05-26 14:37:28 +00:00
Add ETUI (#77) * add base syft UI elements * add etui with shared ui elements * allow for concurrent download DB and fetch/catalog image 2020-07-30 23:06:27 +00:00			`wg.Add(2)`
initial project structure 2020-05-26 14:37:28 +00:00
Add ETUI (#77) * add base syft UI elements * add etui with shared ui elements * allow for concurrent download DB and fetch/catalog image 2020-07-30 23:06:27 +00:00			`go func() {`
			`defer wg.Done()`
			`provider, err = grype.LoadVulnerabilityDb(appConfig.Db.ToCuratorConfig(), appConfig.Db.AutoUpdate)`
			`if err != nil {`
			`errs <- fmt.Errorf("failed to load vulnerability db: %w", err)`
			`}`
			`}()`
add curation of db file 2020-06-19 14:12:29 +00:00
Add ETUI (#77) * add base syft UI elements * add etui with shared ui elements * allow for concurrent download DB and fetch/catalog image 2020-07-30 23:06:27 +00:00			`go func() {`
			`defer wg.Done()`
			`catalog, _, theDistro, err = syft.Catalog(userInput, appConfig.ScopeOpt)`
			`if err != nil {`
			`errs <- fmt.Errorf("failed to catalog: %w", err)`
			`}`
			`}()`

			`wg.Wait()`
			`if err != nil {`
			`return`
			`}`

			`results := grype.FindVulnerabilitiesForCatalog(provider, *theDistro, catalog)`

			`bus.Publish(partybus.Event{`
			`Type: event.VulnerabilityScanningFinished,`
			`Value: presenter.GetPresenter(appConfig.PresenterOpt, results, catalog),`
			`})`
			`}()`
			`return errs`
			`}`

			`func runDefaultCmd(_ *cobra.Command, args []string) error {`
			`userInput := args[0]`
			`errs := startWorker(userInput)`
			`ux := ui.Select(appConfig.CliOptions.Verbosity > 0, appConfig.Quiet)`
			`return ux(errs, eventSubscription)`
initial project structure 2020-05-26 14:37:28 +00:00			`}`