2021-12-03 22:50:58 -05:00
|
|
|
//go:build extended
|
2020-10-14 16:47:20 -05:00
|
|
|
// +build extended
|
|
|
|
|
|
2020-07-06 17:44:32 -05:00
|
|
|
package cli
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"os"
|
|
|
|
|
"path"
|
|
|
|
|
|
|
|
|
|
"github.com/briandowns/spinner"
|
|
|
|
|
"github.com/spf13/cobra"
|
2021-12-13 14:23:31 -05:00
|
|
|
zotErrors "zotregistry.io/zot/errors"
|
2020-07-06 17:44:32 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func NewCveCommand(searchService SearchService) *cobra.Command {
|
|
|
|
|
searchCveParams := make(map[string]*string)
|
|
|
|
|
|
|
|
|
|
var servURL, user, outputFormat string
|
|
|
|
|
|
2021-05-28 11:27:17 -05:00
|
|
|
var isSpinner, verifyTLS, fixedFlag, verbose bool
|
2020-07-06 17:44:32 -05:00
|
|
|
|
2021-12-13 14:23:31 -05:00
|
|
|
cveCmd := &cobra.Command{
|
2020-07-06 17:44:32 -05:00
|
|
|
Use: "cve [config-name]",
|
|
|
|
|
Short: "Lookup CVEs in images hosted on zot",
|
|
|
|
|
Long: `List CVEs (Common Vulnerabilities and Exposures) of images hosted on a zot instance`,
|
|
|
|
|
RunE: func(cmd *cobra.Command, args []string) error {
|
|
|
|
|
home, err := os.UserHomeDir()
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
configPath := path.Join(home + "/.zot")
|
|
|
|
|
if servURL == "" {
|
|
|
|
|
if len(args) > 0 {
|
|
|
|
|
urlFromConfig, err := getConfigValue(configPath, args[0], "url")
|
|
|
|
|
if err != nil {
|
|
|
|
|
cmd.SilenceUsage = true
|
2021-12-13 14:23:31 -05:00
|
|
|
|
2020-07-06 17:44:32 -05:00
|
|
|
return err
|
|
|
|
|
}
|
2021-12-13 14:23:31 -05:00
|
|
|
|
2020-07-06 17:44:32 -05:00
|
|
|
if urlFromConfig == "" {
|
|
|
|
|
return zotErrors.ErrNoURLProvided
|
|
|
|
|
}
|
2021-12-13 14:23:31 -05:00
|
|
|
|
2020-07-06 17:44:32 -05:00
|
|
|
servURL = urlFromConfig
|
|
|
|
|
} else {
|
|
|
|
|
return zotErrors.ErrNoURLProvided
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(args) > 0 {
|
|
|
|
|
var err error
|
|
|
|
|
isSpinner, err = parseBooleanConfig(configPath, args[0], showspinnerConfig)
|
|
|
|
|
if err != nil {
|
|
|
|
|
cmd.SilenceUsage = true
|
2021-12-13 14:23:31 -05:00
|
|
|
|
2020-07-06 17:44:32 -05:00
|
|
|
return err
|
|
|
|
|
}
|
2021-12-13 14:23:31 -05:00
|
|
|
|
2020-07-06 17:44:32 -05:00
|
|
|
verifyTLS, err = parseBooleanConfig(configPath, args[0], verifyTLSConfig)
|
|
|
|
|
if err != nil {
|
|
|
|
|
cmd.SilenceUsage = true
|
2021-12-13 14:23:31 -05:00
|
|
|
|
2020-07-06 17:44:32 -05:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
spin := spinner.New(spinner.CharSets[39], spinnerDuration, spinner.WithWriter(cmd.ErrOrStderr()))
|
|
|
|
|
spin.Prefix = fmt.Sprintf("Fetching from %s.. ", servURL)
|
|
|
|
|
|
2021-05-28 11:27:17 -05:00
|
|
|
verbose = false
|
|
|
|
|
|
2020-07-06 17:44:32 -05:00
|
|
|
searchConfig := searchConfig{
|
|
|
|
|
params: searchCveParams,
|
|
|
|
|
searchService: searchService,
|
|
|
|
|
servURL: &servURL,
|
|
|
|
|
user: &user,
|
|
|
|
|
outputFormat: &outputFormat,
|
|
|
|
|
fixedFlag: &fixedFlag,
|
|
|
|
|
verifyTLS: &verifyTLS,
|
2021-05-28 11:27:17 -05:00
|
|
|
verbose: &verbose,
|
2020-07-06 17:44:32 -05:00
|
|
|
resultWriter: cmd.OutOrStdout(),
|
|
|
|
|
spinner: spinnerState{spin, isSpinner},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = searchCve(searchConfig)
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
cmd.SilenceUsage = true
|
2021-12-13 14:23:31 -05:00
|
|
|
|
2020-07-06 17:44:32 -05:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
vars := cveFlagVariables{
|
|
|
|
|
searchCveParams: searchCveParams,
|
|
|
|
|
servURL: &servURL,
|
|
|
|
|
user: &user,
|
|
|
|
|
outputFormat: &outputFormat,
|
|
|
|
|
fixedFlag: &fixedFlag,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
setupCveFlags(cveCmd, vars)
|
|
|
|
|
|
|
|
|
|
return cveCmd
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func setupCveFlags(cveCmd *cobra.Command, variables cveFlagVariables) {
|
|
|
|
|
variables.searchCveParams["imageName"] = cveCmd.Flags().StringP("image", "I", "", "List CVEs by IMAGENAME[:TAG]")
|
2021-12-13 14:23:31 -05:00
|
|
|
variables.searchCveParams["cvid"] = cveCmd.Flags().StringP("cve-id", "i", "", "List images affected by a CVE")
|
2020-07-06 17:44:32 -05:00
|
|
|
|
|
|
|
|
cveCmd.Flags().StringVar(variables.servURL, "url", "", "Specify zot server URL if config-name is not mentioned")
|
|
|
|
|
cveCmd.Flags().StringVarP(variables.user, "user", "u", "", `User Credentials of `+
|
|
|
|
|
`zot server in USERNAME:PASSWORD format`)
|
|
|
|
|
cveCmd.Flags().StringVarP(variables.outputFormat, "output", "o", "", "Specify output format [text/json/yaml]."+
|
|
|
|
|
" JSON and YAML format return all info for CVEs")
|
|
|
|
|
|
|
|
|
|
cveCmd.Flags().BoolVar(variables.fixedFlag, "fixed", false, "List tags which have fixed a CVE")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type cveFlagVariables struct {
|
|
|
|
|
searchCveParams map[string]*string
|
|
|
|
|
servURL *string
|
|
|
|
|
user *string
|
|
|
|
|
outputFormat *string
|
|
|
|
|
fixedFlag *bool
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func searchCve(searchConfig searchConfig) error {
|
|
|
|
|
for _, searcher := range getCveSearchers() {
|
|
|
|
|
found, err := searcher.search(searchConfig)
|
|
|
|
|
if found {
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return zotErrors.ErrInvalidFlagsCombination
|
|
|
|
|
}
|
