grype/cmd/root.go

package cmd

import (
	"fmt"
	"os"

	"github.com/anchore/imgbom/imgbom"
	_distro "github.com/anchore/imgbom/imgbom/distro"
	"github.com/anchore/imgbom/imgbom/scope"
	"github.com/anchore/stereoscope"
	"github.com/anchore/vulnscan/internal"
	"github.com/anchore/vulnscan/internal/db"
	"github.com/anchore/vulnscan/internal/format"
	"github.com/anchore/vulnscan/vulnscan"
	"github.com/anchore/vulnscan/vulnscan/presenter"
	"github.com/anchore/vulnscan/vulnscan/vulnerability"
	"github.com/spf13/cobra"
	"github.com/spf13/viper"
)

var rootCmd = &cobra.Command{
	Use:   fmt.Sprintf("%s [IMAGE]", internal.ApplicationName),
	Short: "A vulnerability scanner tool", // TODO: add copy, add path-based scans
	Long: format.Tprintf(`Supports the following image sources:
    {{.appName}} yourrepo/yourimage:tag             defaults to using images from a docker daemon
    {{.appName}} docker://yourrepo/yourimage:tag    explicitly use a docker daemon
    {{.appName}} tar://path/to/yourimage.tar        use a tarball from disk
`, map[string]interface{}{
		"appName": internal.ApplicationName,
	}),
	Args: cobra.MaximumNArgs(1),
	Run: func(cmd *cobra.Command, args []string) {
		os.Exit(runDefaultCmd(cmd, args))
	},
}

func init() {
	// setup CLI options specific to scanning an image

	// scan options
	flag := "scope"
	rootCmd.Flags().StringP(
		"scope", "s", scope.AllLayersScope.String(),
		fmt.Sprintf("selection of layers to analyze, options=%v", scope.Options))
	if err := viper.BindPFlag(flag, rootCmd.Flags().Lookup(flag)); err != nil {
		fmt.Printf("unable to bind flag '%s': %+v", flag, err)
		os.Exit(1)
	}

	// output & formatting options
	flag = "output"
	rootCmd.Flags().StringP(
		flag, "o", "json",
		fmt.Sprintf("report output formatter, options=%v", presenter.Options),
	)
	if err := viper.BindPFlag(flag, rootCmd.Flags().Lookup(flag)); err != nil {
		fmt.Printf("unable to bind flag '%s': %+v", flag, err)
		os.Exit(1)
	}
}

func runDefaultCmd(_ *cobra.Command, args []string) int {
	userImageStr := args[0]
	log.Infof("Fetching image '%s'", userImageStr)
	img, err := stereoscope.GetImage(userImageStr)
	if err != nil {
		log.Errorf("could not fetch image '%s': %w", userImageStr, err)
		return 1
	}
	defer stereoscope.Cleanup()

	log.Info("Cataloging image")
	catalog, err := imgbom.CatalogImage(img, appConfig.ScopeOpt)
	if err != nil {
		log.Errorf("could not catalog image: %w", err)
		return 1
	}

	osObj := _distro.Identify(img)
	if osObj == nil {
		// prevent moving forward with unknown distros for now, revisit later
		log.Error("unable to detect distro type for accurate vulnerability matching")
		return 1
	}

	store := db.GetStore()
	provider := vulnerability.NewProviderFromStore(store)

	results := vulnscan.FindAllVulnerabilities(provider, *osObj, catalog)
	outputOption := viper.GetString("output")

	presenterType := presenter.ParseOption(outputOption)
	if presenterType == presenter.UnknownPresenter {
		log.Errorf("cannot find an output presenter for option: %s", outputOption)
		return 1
	}

	err = presenter.GetPresenter(presenterType).Present(os.Stdout, catalog, results)
	if err != nil {
		log.Errorf("could not format catalog results: %w", err)
		return 1
	}

	return 0
}
initial project structure 2020-05-26 14:37:28 +00:00			`package cmd`

			`import (`
			`"fmt"`
			`"os"`

			`"github.com/anchore/imgbom/imgbom"`
add indirect dpkg source matching 2020-06-02 21:21:29 +00:00			`_distro "github.com/anchore/imgbom/imgbom/distro"`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`"github.com/anchore/imgbom/imgbom/scope"`
initial project structure 2020-05-26 14:37:28 +00:00			`"github.com/anchore/stereoscope"`
			`"github.com/anchore/vulnscan/internal"`
add FindVulnerability lib function, wire up main with matcher 2020-06-01 11:21:07 +00:00			`"github.com/anchore/vulnscan/internal/db"`
initial project structure 2020-05-26 14:37:28 +00:00			`"github.com/anchore/vulnscan/internal/format"`
add basic matching execution flow 2020-05-28 22:28:29 +00:00			`"github.com/anchore/vulnscan/vulnscan"`
cmd: default to json output, connect to presenter Signed-off-by: Alfredo Deza <adeza@anchore.com> 2020-06-18 14:12:23 +00:00			`"github.com/anchore/vulnscan/vulnscan/presenter"`
add FindVulnerability lib function, wire up main with matcher 2020-06-01 11:21:07 +00:00			`"github.com/anchore/vulnscan/vulnscan/vulnerability"`
initial project structure 2020-05-26 14:37:28 +00:00			`"github.com/spf13/cobra"`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`"github.com/spf13/viper"`
initial project structure 2020-05-26 14:37:28 +00:00			`)`

			`var rootCmd = &cobra.Command{`
			`Use: fmt.Sprintf("%s [IMAGE]", internal.ApplicationName),`
cmd: default to json output, connect to presenter Signed-off-by: Alfredo Deza <adeza@anchore.com> 2020-06-18 14:12:23 +00:00			`Short: "A vulnerability scanner tool", // TODO: add copy, add path-based scans`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			Long: format.Tprintf(`Supports the following image sources:
initial project structure 2020-05-26 14:37:28 +00:00			`{{.appName}} yourrepo/yourimage:tag defaults to using images from a docker daemon`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`{{.appName}} docker://yourrepo/yourimage:tag explicitly use a docker daemon`
initial project structure 2020-05-26 14:37:28 +00:00			`{{.appName}} tar://path/to/yourimage.tar use a tarball from disk`
			`, map[string]interface{}{
			`"appName": internal.ApplicationName,`
			`}),`
			`Args: cobra.MaximumNArgs(1),`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`Run: func(cmd *cobra.Command, args []string) {`
			`os.Exit(runDefaultCmd(cmd, args))`
			`},`
initial project structure 2020-05-26 14:37:28 +00:00			`}`

			`func init() {`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`// setup CLI options specific to scanning an image`
initial project structure 2020-05-26 14:37:28 +00:00
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`// scan options`
			`flag := "scope"`
			`rootCmd.Flags().StringP(`
			`"scope", "s", scope.AllLayersScope.String(),`
			`fmt.Sprintf("selection of layers to analyze, options=%v", scope.Options))`
			`if err := viper.BindPFlag(flag, rootCmd.Flags().Lookup(flag)); err != nil {`
			`fmt.Printf("unable to bind flag '%s': %+v", flag, err)`
initial project structure 2020-05-26 14:37:28 +00:00			`os.Exit(1)`
			`}`

add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`// output & formatting options`
			`flag = "output"`
			`rootCmd.Flags().StringP(`
cmd: default to json output, connect to presenter Signed-off-by: Alfredo Deza <adeza@anchore.com> 2020-06-18 14:12:23 +00:00			`flag, "o", "json",`
			`fmt.Sprintf("report output formatter, options=%v", presenter.Options),`
add CLI commands / subcommands 2020-05-26 17:31:50 +00:00			`)`
			`if err := viper.BindPFlag(flag, rootCmd.Flags().Lookup(flag)); err != nil {`
			`fmt.Printf("unable to bind flag '%s': %+v", flag, err)`
			`os.Exit(1)`
			`}`
initial project structure 2020-05-26 14:37:28 +00:00			`}`

add indirect dpkg source matching 2020-06-02 21:21:29 +00:00			`func runDefaultCmd(_ *cobra.Command, args []string) int {`
initial project structure 2020-05-26 14:37:28 +00:00			`userImageStr := args[0]`
			`log.Infof("Fetching image '%s'", userImageStr)`
			`img, err := stereoscope.GetImage(userImageStr)`
			`if err != nil {`
			`log.Errorf("could not fetch image '%s': %w", userImageStr, err)`
			`return 1`
			`}`
			`defer stereoscope.Cleanup()`

			`log.Info("Cataloging image")`
			`catalog, err := imgbom.CatalogImage(img, appConfig.ScopeOpt)`
			`if err != nil {`
			`log.Errorf("could not catalog image: %w", err)`
			`return 1`
			`}`

cmd: automatically detect distro based on img input Signed-off-by: Alfredo Deza <adeza@anchore.com> 2020-06-18 19:54:58 +00:00			`osObj := _distro.Identify(img)`
			`if osObj == nil {`
			`// prevent moving forward with unknown distros for now, revisit later`
			`log.Error("unable to detect distro type for accurate vulnerability matching")`
			`return 1`
			`}`
add basic matching execution flow 2020-05-28 22:28:29 +00:00
add matcher tests + dpkg constraint adapter (add <) 2020-06-03 15:53:43 +00:00			`store := db.GetStore()`
add FindVulnerability lib function, wire up main with matcher 2020-06-01 11:21:07 +00:00			`provider := vulnerability.NewProviderFromStore(store)`

cmd: automatically detect distro based on img input Signed-off-by: Alfredo Deza <adeza@anchore.com> 2020-06-18 19:54:58 +00:00			`results := vulnscan.FindAllVulnerabilities(provider, *osObj, catalog)`
cmd: default to json output, connect to presenter Signed-off-by: Alfredo Deza <adeza@anchore.com> 2020-06-18 14:12:23 +00:00			`outputOption := viper.GetString("output")`

			`presenterType := presenter.ParseOption(outputOption)`
			`if presenterType == presenter.UnknownPresenter {`
			`log.Errorf("cannot find an output presenter for option: %s", outputOption)`
			`return 1`
			`}`
add FindVulnerability lib function, wire up main with matcher 2020-06-01 11:21:07 +00:00
cmd: default to json output, connect to presenter Signed-off-by: Alfredo Deza <adeza@anchore.com> 2020-06-18 14:12:23 +00:00			`err = presenter.GetPresenter(presenterType).Present(os.Stdout, catalog, results)`
			`if err != nil {`
			`log.Errorf("could not format catalog results: %w", err)`
			`return 1`
add FindVulnerability lib function, wire up main with matcher 2020-06-01 11:21:07 +00:00			`}`
initial project structure 2020-05-26 14:37:28 +00:00
			`return 0`
			`}`