Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
origin_layer = 'Layer: ' + image_layer.fs_hash[:10]
if image_layer.created_by:
instruction = created_to_instruction(image_layer.created_by)
image_layer.origins.add_notice_to_origins(origin_layer, Notice(
formats.dockerfile_line.format(dockerfile_instruction=instruction),
'info'))
else:
image_layer.origins.add_notice_to_origins(origin_layer, Notice(
formats.no_created_by, 'warning'))
command_line = instruction.split(' ', 1)[1]
# Image layers are created with the directives RUN, ADD and COPY
# For ADD and COPY instructions, there is no information about the
# packages added
if 'ADD' in instruction or 'COPY' in instruction:
image_layer.origins.add_notice_to_origins(origin_layer, Notice(
errors.unknown_content.format(files=command_line), 'warning'))
# return an empty list as we cannot find any commands
return []
# for RUN instructions we can return a list of commands
command_list, msg = common.filter_install_commands(command_line)
if msg:
image_layer.origins.add_notice_to_origins(origin_layer, Notice(
msg, 'warning'))
return command_list
def setup(dockerfile=None, image_tag_string=None):
'''Any initial setup'''
# generate random names for image, container, and tag
general.initialize_names()
# load the cache
cache.load()
# load dockerfile if present
if dockerfile:
dhelper.load_docker_commands(dockerfile)
# check if the docker image is present
if image_tag_string:
if not container.check_image(image_tag_string):
# if no docker image is present, try to pull it
if not container.pull_image(image_tag_string):
logger.fatal("%s", errors.cannot_find_image.format(
imagetag=image_tag_string))
sys.exit()
# create temporary working directory
if not os.path.exists(constants.temp_folder):
os.mkdir(constants.temp_folder)
# set up folders for rootfs operations
rootfs.set_up()
master_list = []
# find the binary by mounting the base layer
target = rootfs.mount_base_layer(image_obj.layers[0].tar_file)
binary = common.get_base_bin()
# set up a notice origin referring to the base command library listing
origin_command_lib = formats.invoking_base_commands
# set up a notice origin for the first layer
origin_first_layer = 'Layer: ' + image_obj.layers[0].fs_hash[:10]
# find the shell to invoke commands in
shell, _ = command_lib.get_image_shell(
command_lib.get_base_listing(binary))
if not shell:
# add a warning notice for no shell in the command library
logger.warning('No shell listing in command library. '
'Using default shell')
no_shell_message = errors.no_shell_listing.format(
binary=binary, default_shell=constants.shell)
image_obj.layers[0].origins.add_notice_to_origins(
origin_command_lib, Notice(no_shell_message, 'warning'))
# add a hint notice to add the shell to the command library
add_shell_message = errors.no_listing_for_base_key.format(
listing_key='shell')
image_obj.layers[0].origins.add_notice_to_origins(
origin_command_lib, Notice(add_shell_message, 'hint'))
shell = constants.shell
# only extract packages if there is a known binary and the layer is not
# cached
if binary:
if not common.load_from_cache(image_obj.layers[0], redo):
# Determine pacakge/os style from binary in the image layer
common.get_os_style(image_obj.layers[0], binary)
# get the packages of the first layer
create_top_dir()
if args.log_stream:
# set up console logs
global logger
global console
logger.addHandler(console)
logger.debug('Starting...')
if args.clear_cache:
logger.debug('Clearing cache...')
cache.clear()
if hasattr(args, 'name') and args.name == 'report':
if args.dockerfile:
run.execute_dockerfile(args)
if args.docker_image:
if common.check_tar(args.docker_image):
logger.error("%s", errors.incorrect_raw_option)
else:
run.execute_docker_image(args)
logger.debug('Report completed.')
if args.raw_image:
if not common.check_tar(args.raw_image):
logger.error("%s", errors.invalid_raw_image.format(
image=args.raw_image))
else:
run.execute_docker_image(args)
logger.debug('Report completed.')
logger.debug('Finished')
common.get_os_style(image_obj.layers[0], binary)
# get the packages of the first layer
try:
rootfs.prep_rootfs(target)
common.add_base_packages(image_obj.layers[0], binary, shell)
except KeyboardInterrupt:
logger.critical(errors.keyboard_interrupt)
abort_analysis()
# unmount proc, sys and dev
rootfs.undo_mount()
else:
logger.warning(errors.no_package_manager)
# /etc/os-release may still be present even if binary is not
common.get_os_style(image_obj.layers[0], None)
image_obj.layers[0].origins.add_notice_to_origins(
origin_first_layer, Notice(errors.no_package_manager, 'warning'))
# no binary means there is no shell so set to default shell
logger.warning('Unknown filesystem. Using default shell')
shell = constants.shell
# unmount the first layer
rootfs.unmount_rootfs()
# populate the master list with all packages found in the first layer
for p in image_obj.layers[0].packages:
master_list.append(p)
return shell
os_guess = command_lib.check_os_guess(binary)
if get_os_release():
# We know with high degree of certainty what the OS is
image_layer.origins.add_notice_to_origins(origin_layer, Notice(
formats.os_release.format(os_style=get_os_release()), 'info'))
elif binary is None:
# No binary and no os-release means we have no idea about base OS
image_layer.origins.add_notice_to_origins(origin_layer, Notice(
errors.no_etc_release, 'warning'))
else:
# We make a guess about the OS based on pkg_format + binary
# First check that binary exists in base.yml
if not pkg_format or not os_guess:
image_layer.origins.add_notice_to_origins(
origin_command_lib, Notice(
errors.no_listing_for_base_key.format(listing_key=binary),
'warning'))
else:
# Assign image layer attributes and guess OS
image_layer.pkg_format = pkg_format
image_layer.os_guess = os_guess
image_layer.origins.add_notice_to_origins(origin_layer, Notice(
formats.os_style_guess.format(
package_manager=binary,
package_format=image_layer.pkg_format,
os_list=image_layer.os_guess), 'info'))
# cached
if binary:
if not common.load_from_cache(image_obj.layers[0], redo):
# Determine pacakge/os style from binary in the image layer
common.get_os_style(image_obj.layers[0], binary)
# get the packages of the first layer
rootfs.prep_rootfs(target)
common.add_base_packages(image_obj.layers[0], binary, shell)
# unmount proc, sys and dev
rootfs.undo_mount()
else:
logger.warning(errors.no_package_manager)
# /etc/os-release may still be present even if binary is not
common.get_os_style(image_obj.layers[0], None)
image_obj.layers[0].origins.add_notice_to_origins(
origin_first_layer, Notice(errors.no_package_manager, 'warning'))
# no binary means there is no shell so set to default shell
logger.warning('Unknown filesystem. Using default shell')
shell = constants.shell
# unmount the first layer
rootfs.unmount_rootfs()
# populate the master list with all packages found in the first layer
for p in image_obj.layers[0].packages:
master_list.append(p)
# get packages for subsequent layers
curr_layer = 1
while curr_layer < len(image_obj.layers):
if not common.load_from_cache(image_obj.layers[curr_layer], redo):
# get commands that created the layer
# for docker images this is retrieved from the image history
command_list = dhelper.get_commands_from_history(
image_obj.layers[curr_layer])