2020-06-26 12:09:10 -07:00
|
|
|
package search
|
|
|
|
|
2022-07-15 11:10:51 +00:00
|
|
|
// This file will not be regenerated automatically.
|
|
|
|
//
|
|
|
|
// It serves as dependency injection for your app, add any dependencies you require here.
|
2020-06-26 12:09:10 -07:00
|
|
|
|
|
|
|
import (
|
2022-08-16 11:57:09 +03:00
|
|
|
"context"
|
2023-01-18 00:31:54 +02:00
|
|
|
"encoding/json"
|
2023-03-14 12:02:19 +02:00
|
|
|
"errors"
|
2023-02-27 21:23:18 +02:00
|
|
|
"fmt"
|
2023-01-25 20:57:10 +02:00
|
|
|
"sort"
|
2022-07-12 15:58:04 +03:00
|
|
|
"strings"
|
2020-06-26 12:09:10 -07:00
|
|
|
|
2022-07-29 18:33:34 +03:00
|
|
|
"github.com/99designs/gqlgen/graphql"
|
2021-01-25 10:04:03 -08:00
|
|
|
godigest "github.com/opencontainers/go-digest"
|
2022-08-02 18:58:30 +03:00
|
|
|
ispec "github.com/opencontainers/image-spec/specs-go/v1"
|
2022-07-29 18:33:34 +03:00
|
|
|
"github.com/vektah/gqlparser/v2/gqlerror"
|
2022-10-20 19:39:20 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
zerr "zotregistry.io/zot/errors"
|
2023-04-24 21:13:15 +03:00
|
|
|
zcommon "zotregistry.io/zot/pkg/common"
|
2023-01-09 22:37:44 +02:00
|
|
|
"zotregistry.io/zot/pkg/extensions/search/convert"
|
2021-12-04 03:50:58 +00:00
|
|
|
cveinfo "zotregistry.io/zot/pkg/extensions/search/cve"
|
2023-04-18 21:07:47 +03:00
|
|
|
cvemodel "zotregistry.io/zot/pkg/extensions/search/cve/model"
|
2022-07-15 11:10:51 +00:00
|
|
|
"zotregistry.io/zot/pkg/extensions/search/gql_generated"
|
2023-07-31 22:16:09 +03:00
|
|
|
"zotregistry.io/zot/pkg/extensions/search/pagination"
|
2022-10-20 19:39:20 +03:00
|
|
|
"zotregistry.io/zot/pkg/log"
|
2023-07-18 20:27:26 +03:00
|
|
|
mTypes "zotregistry.io/zot/pkg/meta/types"
|
2023-09-01 21:13:53 +03:00
|
|
|
reqCtx "zotregistry.io/zot/pkg/requestcontext"
|
2021-12-04 03:50:58 +00:00
|
|
|
"zotregistry.io/zot/pkg/storage"
|
2023-04-27 00:09:46 -07:00
|
|
|
)
|
|
|
|
|
|
|
|
// THIS CODE IS A STARTING POINT ONLY. IT WILL NOT BE UPDATED WITH SCHEMA CHANGES.
|
2020-06-26 12:09:10 -07:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
const (
|
|
|
|
querySizeLimit = 256
|
|
|
|
)
|
|
|
|
|
2020-06-26 12:09:10 -07:00
|
|
|
// Resolver ...
|
|
|
|
type Resolver struct {
|
2022-09-28 21:39:54 +03:00
|
|
|
cveInfo cveinfo.CveInfo
|
2023-07-18 20:27:26 +03:00
|
|
|
metaDB mTypes.MetaDB
|
2021-04-05 17:40:33 -07:00
|
|
|
storeController storage.StoreController
|
2021-01-25 10:04:03 -08:00
|
|
|
log log.Logger
|
2020-06-26 12:09:10 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
// GetResolverConfig ...
|
2023-01-09 22:37:44 +02:00
|
|
|
func GetResolverConfig(log log.Logger, storeController storage.StoreController,
|
2023-07-18 20:27:26 +03:00
|
|
|
metaDB mTypes.MetaDB, cveInfo cveinfo.CveInfo,
|
2022-09-28 21:39:54 +03:00
|
|
|
) gql_generated.Config {
|
2023-01-09 22:37:44 +02:00
|
|
|
resConfig := &Resolver{
|
|
|
|
cveInfo: cveInfo,
|
2023-07-18 20:27:26 +03:00
|
|
|
metaDB: metaDB,
|
2023-01-09 22:37:44 +02:00
|
|
|
storeController: storeController,
|
|
|
|
log: log,
|
|
|
|
}
|
2021-01-25 10:04:03 -08:00
|
|
|
|
2022-07-15 11:10:51 +00:00
|
|
|
return gql_generated.Config{
|
|
|
|
Resolvers: resConfig, Directives: gql_generated.DirectiveRoot{},
|
|
|
|
Complexity: gql_generated.ComplexityRoot{},
|
2020-06-26 12:09:10 -07:00
|
|
|
}
|
2021-04-05 17:40:33 -07:00
|
|
|
}
|
2020-06-26 12:09:10 -07:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
func NewResolver(log log.Logger, storeController storage.StoreController,
|
2023-07-18 20:27:26 +03:00
|
|
|
metaDB mTypes.MetaDB, cveInfo cveinfo.CveInfo,
|
2023-01-09 22:37:44 +02:00
|
|
|
) *Resolver {
|
|
|
|
resolver := &Resolver{
|
|
|
|
cveInfo: cveInfo,
|
2023-07-18 20:27:26 +03:00
|
|
|
metaDB: metaDB,
|
2023-01-09 22:37:44 +02:00
|
|
|
storeController: storeController,
|
|
|
|
log: log,
|
|
|
|
}
|
|
|
|
|
|
|
|
return resolver
|
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
func FilterByDigest(digest string) mTypes.FilterFunc {
|
|
|
|
return func(repoMeta mTypes.RepoMetadata, manifestMeta mTypes.ManifestMetadata) bool {
|
2023-01-18 00:31:54 +02:00
|
|
|
lookupDigest := digest
|
|
|
|
contains := false
|
2021-05-26 20:22:31 +03:00
|
|
|
|
2023-01-18 00:31:54 +02:00
|
|
|
var manifest ispec.Manifest
|
2021-05-26 20:22:31 +03:00
|
|
|
|
2023-01-18 00:31:54 +02:00
|
|
|
err := json.Unmarshal(manifestMeta.ManifestBlob, &manifest)
|
2021-05-26 20:22:31 +03:00
|
|
|
if err != nil {
|
2023-01-18 00:31:54 +02:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
manifestDigest := godigest.FromBytes(manifestMeta.ManifestBlob).String()
|
|
|
|
|
|
|
|
// Check the image manifest in index.json matches the search digest
|
|
|
|
// This is a blob with mediaType application/vnd.oci.image.manifest.v1+json
|
|
|
|
if strings.Contains(manifestDigest, lookupDigest) {
|
|
|
|
contains = true
|
|
|
|
}
|
2021-01-25 10:04:03 -08:00
|
|
|
|
2023-01-18 00:31:54 +02:00
|
|
|
// Check the image config matches the search digest
|
|
|
|
// This is a blob with mediaType application/vnd.oci.image.config.v1+json
|
|
|
|
if strings.Contains(manifest.Config.Digest.String(), lookupDigest) {
|
|
|
|
contains = true
|
2021-05-26 20:22:31 +03:00
|
|
|
}
|
|
|
|
|
2023-01-18 00:31:54 +02:00
|
|
|
// Check to see if the individual layers in the oci image manifest match the digest
|
|
|
|
// These are blobs with mediaType application/vnd.oci.image.layer.v1.tar+gzip
|
|
|
|
for _, layer := range manifest.Layers {
|
|
|
|
if strings.Contains(layer.Digest.String(), lookupDigest) {
|
|
|
|
contains = true
|
2022-09-21 20:53:56 +03:00
|
|
|
}
|
2023-01-18 00:31:54 +02:00
|
|
|
}
|
2022-09-21 20:53:56 +03:00
|
|
|
|
2023-01-18 00:31:54 +02:00
|
|
|
return contains
|
|
|
|
}
|
|
|
|
}
|
2022-09-21 20:53:56 +03:00
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
func getImageListForDigest(ctx context.Context, digest string, metaDB mTypes.MetaDB, cveInfo cveinfo.CveInfo,
|
2023-01-18 00:31:54 +02:00
|
|
|
requestedPage *gql_generated.PageInput,
|
2023-02-15 21:34:07 +02:00
|
|
|
) (*gql_generated.PaginatedImagesResult, error) {
|
2023-01-18 00:31:54 +02:00
|
|
|
if requestedPage == nil {
|
|
|
|
requestedPage = &gql_generated.PageInput{}
|
|
|
|
}
|
|
|
|
|
|
|
|
skip := convert.SkipQGLField{
|
|
|
|
Vulnerabilities: canSkipField(convert.GetPreloads(ctx), "Images.Vulnerabilities"),
|
|
|
|
}
|
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
pageInput := pagination.PageInput{
|
2023-07-06 11:36:26 +03:00
|
|
|
Limit: safeDereferencing(requestedPage.Limit, 0),
|
|
|
|
Offset: safeDereferencing(requestedPage.Offset, 0),
|
2023-07-31 22:16:09 +03:00
|
|
|
SortBy: pagination.SortCriteria(
|
2023-07-06 11:36:26 +03:00
|
|
|
safeDereferencing(requestedPage.SortBy, gql_generated.SortCriteriaRelevance),
|
2023-01-18 00:31:54 +02:00
|
|
|
),
|
|
|
|
}
|
|
|
|
|
|
|
|
// get all repos
|
2023-07-31 22:16:09 +03:00
|
|
|
reposMeta, manifestMetaMap, indexDataMap, err := metaDB.FilterTags(ctx, FilterByDigest(digest))
|
2023-01-18 00:31:54 +02:00
|
|
|
if err != nil {
|
2023-02-15 21:34:07 +02:00
|
|
|
return &gql_generated.PaginatedImagesResult{}, err
|
2023-01-18 00:31:54 +02:00
|
|
|
}
|
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
imageSummaries, pageInfo, err := convert.PaginatedRepoMeta2ImageSummaries(ctx, reposMeta, manifestMetaMap,
|
|
|
|
indexDataMap, skip, cveInfo, mTypes.Filter{}, pageInput)
|
|
|
|
if err != nil {
|
|
|
|
return &gql_generated.PaginatedImagesResult{}, err
|
2021-05-26 20:22:31 +03:00
|
|
|
}
|
|
|
|
|
2023-02-15 21:34:07 +02:00
|
|
|
return &gql_generated.PaginatedImagesResult{
|
2023-07-31 22:16:09 +03:00
|
|
|
Results: imageSummaries,
|
2023-02-15 21:34:07 +02:00
|
|
|
Page: &gql_generated.PageInfo{
|
|
|
|
TotalCount: pageInfo.TotalCount,
|
|
|
|
ItemCount: pageInfo.ItemCount,
|
|
|
|
},
|
|
|
|
}, nil
|
2021-05-26 20:22:31 +03:00
|
|
|
}
|
|
|
|
|
2023-09-18 01:12:20 +03:00
|
|
|
func getImageSummary(ctx context.Context, repo, tag string, digest *string, skipCVE convert.SkipQGLField,
|
|
|
|
metaDB mTypes.MetaDB, cveInfo cveinfo.CveInfo, log log.Logger, //nolint:unparam
|
2023-01-09 22:37:44 +02:00
|
|
|
) (
|
|
|
|
*gql_generated.ImageSummary, error,
|
|
|
|
) {
|
2023-07-18 20:27:26 +03:00
|
|
|
repoMeta, err := metaDB.GetRepoMeta(repo)
|
2023-01-09 22:37:44 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2022-07-29 18:33:34 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
manifestDescriptor, ok := repoMeta.Tags[tag]
|
|
|
|
if !ok {
|
|
|
|
return nil, gqlerror.Errorf("can't find image: %s:%s", repo, tag)
|
|
|
|
}
|
2022-09-13 17:20:44 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
for t := range repoMeta.Tags {
|
|
|
|
if t != tag {
|
|
|
|
delete(repoMeta.Tags, t)
|
2021-01-25 10:04:03 -08:00
|
|
|
}
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
2021-01-25 10:04:03 -08:00
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
var (
|
2023-07-18 20:27:26 +03:00
|
|
|
manifestMetaMap = map[string]mTypes.ManifestMetadata{}
|
|
|
|
indexDataMap = map[string]mTypes.IndexData{}
|
2023-02-27 21:23:18 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
switch manifestDescriptor.MediaType {
|
|
|
|
case ispec.MediaTypeImageManifest:
|
|
|
|
manifestDigest := manifestDescriptor.Digest
|
|
|
|
|
|
|
|
if digest != nil && *digest != manifestDigest {
|
|
|
|
return nil, fmt.Errorf("resolver: can't get ManifestData for digest %s for image '%s:%s' %w",
|
|
|
|
manifestDigest, repo, tag, zerr.ErrManifestDataNotFound)
|
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
manifestData, err := metaDB.GetManifestData(godigest.Digest(manifestDigest))
|
2023-02-27 21:23:18 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
manifestMetaMap[manifestDigest] = mTypes.ManifestMetadata{
|
2023-02-27 21:23:18 +02:00
|
|
|
ManifestBlob: manifestData.ManifestBlob,
|
|
|
|
ConfigBlob: manifestData.ConfigBlob,
|
|
|
|
}
|
|
|
|
case ispec.MediaTypeImageIndex:
|
|
|
|
indexDigest := manifestDescriptor.Digest
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
indexData, err := metaDB.GetIndexData(godigest.Digest(indexDigest))
|
2023-02-27 21:23:18 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
var indexContent ispec.Index
|
|
|
|
|
|
|
|
err = json.Unmarshal(indexData.IndexBlob, &indexContent)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if digest != nil {
|
|
|
|
manifestDigest := *digest
|
|
|
|
|
|
|
|
digestFound := false
|
|
|
|
|
|
|
|
for _, manifest := range indexContent.Manifests {
|
|
|
|
if manifest.Digest.String() == manifestDigest {
|
|
|
|
digestFound = true
|
|
|
|
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if !digestFound {
|
|
|
|
return nil, fmt.Errorf("resolver: can't get ManifestData for digest %s for image '%s:%s' %w",
|
|
|
|
manifestDigest, repo, tag, zerr.ErrManifestDataNotFound)
|
|
|
|
}
|
2021-01-25 10:04:03 -08:00
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
manifestData, err := metaDB.GetManifestData(godigest.Digest(manifestDigest))
|
2023-02-27 21:23:18 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("resolver: can't get ManifestData for digest %s for image '%s:%s' %w",
|
|
|
|
manifestDigest, repo, tag, err)
|
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
manifestMetaMap[manifestDigest] = mTypes.ManifestMetadata{
|
2023-02-27 21:23:18 +02:00
|
|
|
ManifestBlob: manifestData.ManifestBlob,
|
|
|
|
ConfigBlob: manifestData.ConfigBlob,
|
|
|
|
}
|
|
|
|
|
|
|
|
// We update the tag descriptor to be the manifest descriptor with digest specified in the
|
|
|
|
// 'digest' parameter. We treat it as a standalone image.
|
2023-07-18 20:27:26 +03:00
|
|
|
repoMeta.Tags[tag] = mTypes.Descriptor{
|
2023-02-27 21:23:18 +02:00
|
|
|
Digest: manifestDigest,
|
|
|
|
MediaType: ispec.MediaTypeImageManifest,
|
|
|
|
}
|
|
|
|
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, manifest := range indexContent.Manifests {
|
2023-07-18 20:27:26 +03:00
|
|
|
manifestData, err := metaDB.GetManifestData(manifest.Digest)
|
2023-02-27 21:23:18 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("resolver: can't get ManifestData for digest %s for image '%s:%s' %w",
|
|
|
|
manifest.Digest, repo, tag, err)
|
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
manifestMetaMap[manifest.Digest.String()] = mTypes.ManifestMetadata{
|
2023-02-27 21:23:18 +02:00
|
|
|
ManifestBlob: manifestData.ManifestBlob,
|
|
|
|
ConfigBlob: manifestData.ConfigBlob,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
indexDataMap[indexDigest] = indexData
|
|
|
|
default:
|
2023-04-28 05:44:22 +03:00
|
|
|
log.Error().Str("mediaType", manifestDescriptor.MediaType).Msg("resolver: media type not supported")
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
2021-01-25 10:04:03 -08:00
|
|
|
|
2023-09-18 01:12:20 +03:00
|
|
|
imageSummaries := convert.RepoMeta2ImageSummaries(ctx, repoMeta, manifestMetaMap, indexDataMap, skipCVE, cveInfo)
|
2021-01-25 10:04:03 -08:00
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
if len(imageSummaries) == 0 {
|
|
|
|
return &gql_generated.ImageSummary{}, nil
|
|
|
|
}
|
2022-09-13 17:20:44 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
return imageSummaries[0], nil
|
|
|
|
}
|
2022-09-13 17:20:44 +03:00
|
|
|
|
2023-01-20 22:09:40 +02:00
|
|
|
func getCVEListForImage(
|
|
|
|
ctx context.Context, //nolint:unparam // may be used in the future to filter by permissions
|
|
|
|
image string,
|
|
|
|
cveInfo cveinfo.CveInfo,
|
2023-01-25 01:03:10 +02:00
|
|
|
requestedPage *gql_generated.PageInput,
|
2023-03-16 21:13:07 +02:00
|
|
|
searchedCVE string,
|
2023-01-20 22:09:40 +02:00
|
|
|
log log.Logger, //nolint:unparam // may be used by devs for debugging
|
|
|
|
) (*gql_generated.CVEResultForImage, error) {
|
2023-01-25 01:03:10 +02:00
|
|
|
if requestedPage == nil {
|
|
|
|
requestedPage = &gql_generated.PageInput{}
|
|
|
|
}
|
|
|
|
|
2023-07-06 11:36:26 +03:00
|
|
|
pageInput := cvemodel.PageInput{
|
|
|
|
Limit: safeDereferencing(requestedPage.Limit, 0),
|
|
|
|
Offset: safeDereferencing(requestedPage.Offset, 0),
|
|
|
|
SortBy: cvemodel.SortCriteria(
|
|
|
|
safeDereferencing(requestedPage.SortBy, gql_generated.SortCriteriaSeverity),
|
2023-01-25 01:03:10 +02:00
|
|
|
),
|
|
|
|
}
|
|
|
|
|
2023-07-06 11:36:26 +03:00
|
|
|
repo, ref, _ := zcommon.GetImageDirAndReference(image)
|
2023-01-20 22:09:40 +02:00
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
if ref == "" {
|
2023-01-20 22:09:40 +02:00
|
|
|
return &gql_generated.CVEResultForImage{}, gqlerror.Errorf("no reference provided")
|
|
|
|
}
|
|
|
|
|
2023-03-16 21:13:07 +02:00
|
|
|
cveList, pageInfo, err := cveInfo.GetCVEListForImage(repo, ref, searchedCVE, pageInput)
|
2023-01-20 22:09:40 +02:00
|
|
|
if err != nil {
|
|
|
|
return &gql_generated.CVEResultForImage{}, err
|
|
|
|
}
|
|
|
|
|
|
|
|
cveids := []*gql_generated.Cve{}
|
|
|
|
|
2023-01-25 01:03:10 +02:00
|
|
|
for _, cveDetail := range cveList {
|
|
|
|
vulID := cveDetail.ID
|
2023-01-20 22:09:40 +02:00
|
|
|
desc := cveDetail.Description
|
|
|
|
title := cveDetail.Title
|
|
|
|
severity := cveDetail.Severity
|
|
|
|
|
|
|
|
pkgList := make([]*gql_generated.PackageInfo, 0)
|
|
|
|
|
|
|
|
for _, pkg := range cveDetail.PackageList {
|
|
|
|
pkg := pkg
|
|
|
|
|
|
|
|
pkgList = append(pkgList,
|
|
|
|
&gql_generated.PackageInfo{
|
|
|
|
Name: &pkg.Name,
|
|
|
|
InstalledVersion: &pkg.InstalledVersion,
|
|
|
|
FixedVersion: &pkg.FixedVersion,
|
|
|
|
},
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
cveids = append(cveids,
|
|
|
|
&gql_generated.Cve{
|
|
|
|
ID: &vulID,
|
|
|
|
Title: &title,
|
|
|
|
Description: &desc,
|
|
|
|
Severity: &severity,
|
|
|
|
PackageList: pkgList,
|
|
|
|
},
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2023-01-25 01:03:10 +02:00
|
|
|
return &gql_generated.CVEResultForImage{
|
2023-02-27 21:23:18 +02:00
|
|
|
Tag: &ref,
|
2023-01-25 01:03:10 +02:00
|
|
|
CVEList: cveids,
|
|
|
|
Page: &gql_generated.PageInfo{
|
|
|
|
TotalCount: pageInfo.TotalCount,
|
|
|
|
ItemCount: pageInfo.ItemCount,
|
|
|
|
},
|
|
|
|
}, nil
|
2023-01-20 22:09:40 +02:00
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
func FilterByTagInfo(tagsInfo []cvemodel.TagInfo) mTypes.FilterFunc {
|
|
|
|
return func(repoMeta mTypes.RepoMetadata, manifestMeta mTypes.ManifestMetadata) bool {
|
2023-01-20 22:09:40 +02:00
|
|
|
manifestDigest := godigest.FromBytes(manifestMeta.ManifestBlob).String()
|
|
|
|
|
|
|
|
for _, tagInfo := range tagsInfo {
|
2023-07-06 11:36:26 +03:00
|
|
|
switch tagInfo.Descriptor.MediaType {
|
|
|
|
case ispec.MediaTypeImageManifest:
|
|
|
|
if tagInfo.Descriptor.Digest.String() == manifestDigest {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
case ispec.MediaTypeImageIndex:
|
|
|
|
for _, manifestDesc := range tagInfo.Manifests {
|
|
|
|
if manifestDesc.Digest.String() == manifestDigest {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
2023-01-20 22:09:40 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
func FilterByRepoAndTagInfo(repo string, tagsInfo []cvemodel.TagInfo) mTypes.FilterFunc {
|
|
|
|
return func(repoMeta mTypes.RepoMetadata, manifestMeta mTypes.ManifestMetadata) bool {
|
|
|
|
if repoMeta.Name != repo {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
manifestDigest := godigest.FromBytes(manifestMeta.ManifestBlob).String()
|
|
|
|
|
|
|
|
for _, tagInfo := range tagsInfo {
|
|
|
|
switch tagInfo.Descriptor.MediaType {
|
|
|
|
case ispec.MediaTypeImageManifest:
|
|
|
|
if tagInfo.Descriptor.Digest.String() == manifestDigest {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
case ispec.MediaTypeImageIndex:
|
|
|
|
for _, manifestDesc := range tagInfo.Manifests {
|
|
|
|
if manifestDesc.Digest.String() == manifestDigest {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-01-20 22:09:40 +02:00
|
|
|
func getImageListForCVE(
|
|
|
|
ctx context.Context,
|
|
|
|
cveID string,
|
|
|
|
cveInfo cveinfo.CveInfo,
|
2023-07-11 19:29:04 +03:00
|
|
|
filter *gql_generated.Filter,
|
2023-01-20 22:09:40 +02:00
|
|
|
requestedPage *gql_generated.PageInput,
|
2023-07-18 20:27:26 +03:00
|
|
|
metaDB mTypes.MetaDB,
|
2023-01-20 22:09:40 +02:00
|
|
|
log log.Logger,
|
2023-02-15 21:34:07 +02:00
|
|
|
) (*gql_generated.PaginatedImagesResult, error) {
|
2023-01-20 22:09:40 +02:00
|
|
|
// Obtain all repos and tags
|
|
|
|
// Infinite page to make sure we scan all repos in advance, before filtering results
|
|
|
|
// The CVE scan logic is called from here, not in the actual filter,
|
|
|
|
// this is because we shouldn't keep the DB locked while we wait on scan results
|
2023-07-31 22:16:09 +03:00
|
|
|
reposMeta, err := metaDB.GetMultipleRepoMeta(ctx, func(repoMeta mTypes.RepoMetadata) bool { return true })
|
2023-01-20 22:09:40 +02:00
|
|
|
if err != nil {
|
2023-02-15 21:34:07 +02:00
|
|
|
return &gql_generated.PaginatedImagesResult{}, err
|
2023-01-20 22:09:40 +02:00
|
|
|
}
|
|
|
|
|
2023-04-18 21:07:47 +03:00
|
|
|
affectedImages := []cvemodel.TagInfo{}
|
2023-01-20 22:09:40 +02:00
|
|
|
|
|
|
|
for _, repoMeta := range reposMeta {
|
|
|
|
repo := repoMeta.Name
|
|
|
|
|
2023-04-28 05:44:22 +03:00
|
|
|
log.Info().Str("repository", repo).Str("CVE", cveID).Msg("extracting list of tags affected by CVE")
|
2023-01-20 22:09:40 +02:00
|
|
|
|
|
|
|
tagsInfo, err := cveInfo.GetImageListForCVE(repo, cveID)
|
|
|
|
if err != nil {
|
2023-04-28 05:44:22 +03:00
|
|
|
log.Error().Str("repository", repo).Str("CVE", cveID).Err(err).
|
2023-01-20 22:09:40 +02:00
|
|
|
Msg("error getting image list for CVE from repo")
|
|
|
|
|
2023-02-15 21:34:07 +02:00
|
|
|
return &gql_generated.PaginatedImagesResult{}, err
|
2023-01-20 22:09:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
affectedImages = append(affectedImages, tagsInfo...)
|
|
|
|
}
|
|
|
|
|
|
|
|
// We're not interested in other vulnerabilities
|
|
|
|
skip := convert.SkipQGLField{Vulnerabilities: true}
|
|
|
|
|
|
|
|
if requestedPage == nil {
|
|
|
|
requestedPage = &gql_generated.PageInput{}
|
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
localFilter := mTypes.Filter{}
|
2023-07-11 19:29:04 +03:00
|
|
|
if filter != nil {
|
2023-07-18 20:27:26 +03:00
|
|
|
localFilter = mTypes.Filter{
|
2023-07-11 19:29:04 +03:00
|
|
|
Os: filter.Os,
|
|
|
|
Arch: filter.Arch,
|
|
|
|
HasToBeSigned: filter.HasToBeSigned,
|
|
|
|
IsBookmarked: filter.IsBookmarked,
|
|
|
|
IsStarred: filter.IsStarred,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-01-20 22:09:40 +02:00
|
|
|
// Actual page requested by user
|
2023-07-31 22:16:09 +03:00
|
|
|
pageInput := pagination.PageInput{
|
2023-07-06 11:36:26 +03:00
|
|
|
Limit: safeDereferencing(requestedPage.Limit, 0),
|
|
|
|
Offset: safeDereferencing(requestedPage.Offset, 0),
|
2023-07-31 22:16:09 +03:00
|
|
|
SortBy: pagination.SortCriteria(
|
2023-07-06 11:36:26 +03:00
|
|
|
safeDereferencing(requestedPage.SortBy, gql_generated.SortCriteriaUpdateTime),
|
2023-01-20 22:09:40 +02:00
|
|
|
),
|
|
|
|
}
|
|
|
|
|
|
|
|
// get all repos
|
2023-07-31 22:16:09 +03:00
|
|
|
reposMeta, manifestMetaMap, indexDataMap, err := metaDB.FilterTags(ctx, FilterByTagInfo(affectedImages))
|
2023-01-20 22:09:40 +02:00
|
|
|
if err != nil {
|
2023-02-15 21:34:07 +02:00
|
|
|
return &gql_generated.PaginatedImagesResult{}, err
|
2023-01-20 22:09:40 +02:00
|
|
|
}
|
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
imageSummaries, pageInfo, err := convert.PaginatedRepoMeta2ImageSummaries(ctx, reposMeta, manifestMetaMap,
|
|
|
|
indexDataMap, skip, cveInfo, localFilter, pageInput)
|
|
|
|
if err != nil {
|
|
|
|
return &gql_generated.PaginatedImagesResult{}, err
|
2023-01-20 22:09:40 +02:00
|
|
|
}
|
|
|
|
|
2023-02-15 21:34:07 +02:00
|
|
|
return &gql_generated.PaginatedImagesResult{
|
2023-07-31 22:16:09 +03:00
|
|
|
Results: imageSummaries,
|
2023-02-15 21:34:07 +02:00
|
|
|
Page: &gql_generated.PageInfo{
|
|
|
|
TotalCount: pageInfo.TotalCount,
|
|
|
|
ItemCount: pageInfo.ItemCount,
|
|
|
|
},
|
|
|
|
}, nil
|
2023-01-20 22:09:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func getImageListWithCVEFixed(
|
|
|
|
ctx context.Context,
|
|
|
|
cveID string,
|
|
|
|
repo string,
|
|
|
|
cveInfo cveinfo.CveInfo,
|
2023-07-11 19:29:04 +03:00
|
|
|
filter *gql_generated.Filter,
|
2023-01-20 22:09:40 +02:00
|
|
|
requestedPage *gql_generated.PageInput,
|
2023-07-18 20:27:26 +03:00
|
|
|
metaDB mTypes.MetaDB,
|
2023-01-20 22:09:40 +02:00
|
|
|
log log.Logger,
|
2023-02-15 21:34:07 +02:00
|
|
|
) (*gql_generated.PaginatedImagesResult, error) {
|
2023-01-20 22:09:40 +02:00
|
|
|
imageList := make([]*gql_generated.ImageSummary, 0)
|
|
|
|
|
2023-04-28 05:44:22 +03:00
|
|
|
log.Info().Str("repository", repo).Str("CVE", cveID).Msg("extracting list of tags where CVE is fixed")
|
2023-01-20 22:09:40 +02:00
|
|
|
|
|
|
|
tagsInfo, err := cveInfo.GetImageListWithCVEFixed(repo, cveID)
|
|
|
|
if err != nil {
|
2023-04-28 05:44:22 +03:00
|
|
|
log.Error().Str("repository", repo).Str("CVE", cveID).Err(err).
|
2023-01-20 22:09:40 +02:00
|
|
|
Msg("error getting image list with CVE fixed from repo")
|
|
|
|
|
2023-02-15 21:34:07 +02:00
|
|
|
return &gql_generated.PaginatedImagesResult{
|
|
|
|
Page: &gql_generated.PageInfo{},
|
|
|
|
Results: imageList,
|
|
|
|
}, err
|
2023-01-20 22:09:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// We're not interested in other vulnerabilities
|
|
|
|
skip := convert.SkipQGLField{Vulnerabilities: true}
|
|
|
|
|
|
|
|
if requestedPage == nil {
|
|
|
|
requestedPage = &gql_generated.PageInput{}
|
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
localFilter := mTypes.Filter{}
|
2023-07-11 19:29:04 +03:00
|
|
|
if filter != nil {
|
2023-07-18 20:27:26 +03:00
|
|
|
localFilter = mTypes.Filter{
|
2023-07-11 19:29:04 +03:00
|
|
|
Os: filter.Os,
|
|
|
|
Arch: filter.Arch,
|
|
|
|
HasToBeSigned: filter.HasToBeSigned,
|
|
|
|
IsBookmarked: filter.IsBookmarked,
|
|
|
|
IsStarred: filter.IsStarred,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-01-20 22:09:40 +02:00
|
|
|
// Actual page requested by user
|
2023-07-31 22:16:09 +03:00
|
|
|
pageInput := pagination.PageInput{
|
2023-07-06 11:36:26 +03:00
|
|
|
Limit: safeDereferencing(requestedPage.Limit, 0),
|
|
|
|
Offset: safeDereferencing(requestedPage.Offset, 0),
|
2023-07-31 22:16:09 +03:00
|
|
|
SortBy: pagination.SortCriteria(
|
2023-07-06 11:36:26 +03:00
|
|
|
safeDereferencing(requestedPage.SortBy, gql_generated.SortCriteriaUpdateTime),
|
2023-01-20 22:09:40 +02:00
|
|
|
),
|
|
|
|
}
|
|
|
|
|
|
|
|
// get all repos
|
2023-07-31 22:16:09 +03:00
|
|
|
reposMeta, manifestMetaMap, indexDataMap, err := metaDB.FilterTags(ctx, FilterByRepoAndTagInfo(repo, tagsInfo))
|
2023-01-20 22:09:40 +02:00
|
|
|
if err != nil {
|
2023-02-15 21:34:07 +02:00
|
|
|
return &gql_generated.PaginatedImagesResult{}, err
|
2023-01-20 22:09:40 +02:00
|
|
|
}
|
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
imageSummaries, pageInfo, err := convert.PaginatedRepoMeta2ImageSummaries(ctx, reposMeta, manifestMetaMap,
|
|
|
|
indexDataMap, skip, cveInfo, localFilter, pageInput)
|
|
|
|
if err != nil {
|
|
|
|
return &gql_generated.PaginatedImagesResult{}, err
|
2023-01-20 22:09:40 +02:00
|
|
|
}
|
|
|
|
|
2023-02-15 21:34:07 +02:00
|
|
|
return &gql_generated.PaginatedImagesResult{
|
2023-07-31 22:16:09 +03:00
|
|
|
Results: imageSummaries,
|
2023-02-15 21:34:07 +02:00
|
|
|
Page: &gql_generated.PageInfo{
|
|
|
|
TotalCount: pageInfo.TotalCount,
|
|
|
|
ItemCount: pageInfo.ItemCount,
|
|
|
|
},
|
|
|
|
}, nil
|
2023-01-20 22:09:40 +02:00
|
|
|
}
|
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
func repoListWithNewestImage(
|
|
|
|
ctx context.Context,
|
|
|
|
cveInfo cveinfo.CveInfo,
|
|
|
|
log log.Logger, //nolint:unparam // may be used by devs for debugging
|
|
|
|
requestedPage *gql_generated.PageInput,
|
2023-07-18 20:27:26 +03:00
|
|
|
metaDB mTypes.MetaDB,
|
2023-01-19 00:20:55 +02:00
|
|
|
) (*gql_generated.PaginatedReposResult, error) {
|
|
|
|
paginatedRepos := &gql_generated.PaginatedReposResult{}
|
2022-09-13 17:20:44 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
if requestedPage == nil {
|
|
|
|
requestedPage = &gql_generated.PageInput{}
|
|
|
|
}
|
2021-01-25 10:04:03 -08:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
skip := convert.SkipQGLField{
|
2023-01-19 00:20:55 +02:00
|
|
|
Vulnerabilities: canSkipField(convert.GetPreloads(ctx), "Results.NewestImage.Vulnerabilities"),
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
2021-01-25 10:04:03 -08:00
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
pageInput := pagination.PageInput{
|
2023-07-06 11:36:26 +03:00
|
|
|
Limit: safeDereferencing(requestedPage.Limit, 0),
|
|
|
|
Offset: safeDereferencing(requestedPage.Offset, 0),
|
2023-07-31 22:16:09 +03:00
|
|
|
SortBy: pagination.SortCriteria(
|
2023-07-06 11:36:26 +03:00
|
|
|
safeDereferencing(requestedPage.SortBy, gql_generated.SortCriteriaUpdateTime),
|
2023-01-09 22:37:44 +02:00
|
|
|
),
|
|
|
|
}
|
2021-01-25 10:04:03 -08:00
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
reposMeta, manifestMetaMap, indexDataMap, err := metaDB.SearchRepos(ctx, "")
|
2023-01-09 22:37:44 +02:00
|
|
|
if err != nil {
|
2023-01-19 00:20:55 +02:00
|
|
|
return &gql_generated.PaginatedReposResult{}, err
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
2022-07-29 18:33:34 +03:00
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
repos, pageInfo, err := convert.PaginatedRepoMeta2RepoSummaries(ctx, reposMeta, manifestMetaMap, indexDataMap,
|
|
|
|
skip, cveInfo, mTypes.Filter{}, pageInput)
|
|
|
|
if err != nil {
|
|
|
|
return &gql_generated.PaginatedReposResult{}, err
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
2022-09-13 17:20:44 +03:00
|
|
|
|
2023-01-19 00:20:55 +02:00
|
|
|
paginatedRepos.Page = &gql_generated.PageInfo{
|
|
|
|
TotalCount: pageInfo.TotalCount,
|
|
|
|
ItemCount: pageInfo.ItemCount,
|
|
|
|
}
|
2023-07-31 22:16:09 +03:00
|
|
|
|
2023-01-19 00:20:55 +02:00
|
|
|
paginatedRepos.Results = repos
|
|
|
|
|
|
|
|
return paginatedRepos, nil
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
2022-09-13 17:20:44 +03:00
|
|
|
|
2023-04-24 21:13:15 +03:00
|
|
|
func getBookmarkedRepos(
|
|
|
|
ctx context.Context,
|
|
|
|
cveInfo cveinfo.CveInfo,
|
|
|
|
log log.Logger, //nolint:unparam // may be used by devs for debugging
|
|
|
|
requestedPage *gql_generated.PageInput,
|
2023-07-18 20:27:26 +03:00
|
|
|
metaDB mTypes.MetaDB,
|
2023-04-24 21:13:15 +03:00
|
|
|
) (*gql_generated.PaginatedReposResult, error) {
|
2023-07-18 20:27:26 +03:00
|
|
|
repoNames, err := metaDB.GetBookmarkedRepos(ctx)
|
2023-04-24 21:13:15 +03:00
|
|
|
if err != nil {
|
|
|
|
return &gql_generated.PaginatedReposResult{}, err
|
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
filterFn := func(repoMeta mTypes.RepoMetadata) bool {
|
2023-04-24 21:13:15 +03:00
|
|
|
return zcommon.Contains(repoNames, repoMeta.Name)
|
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
return getFilteredPaginatedRepos(ctx, cveInfo, filterFn, log, requestedPage, metaDB)
|
2023-04-24 21:13:15 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
func getStarredRepos(
|
|
|
|
ctx context.Context,
|
|
|
|
cveInfo cveinfo.CveInfo,
|
|
|
|
log log.Logger, //nolint:unparam // may be used by devs for debugging
|
|
|
|
requestedPage *gql_generated.PageInput,
|
2023-07-18 20:27:26 +03:00
|
|
|
metaDB mTypes.MetaDB,
|
2023-04-24 21:13:15 +03:00
|
|
|
) (*gql_generated.PaginatedReposResult, error) {
|
2023-07-18 20:27:26 +03:00
|
|
|
repoNames, err := metaDB.GetStarredRepos(ctx)
|
2023-04-24 21:13:15 +03:00
|
|
|
if err != nil {
|
|
|
|
return &gql_generated.PaginatedReposResult{}, err
|
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
filterFn := func(repoMeta mTypes.RepoMetadata) bool {
|
2023-04-24 21:13:15 +03:00
|
|
|
return zcommon.Contains(repoNames, repoMeta.Name)
|
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
return getFilteredPaginatedRepos(ctx, cveInfo, filterFn, log, requestedPage, metaDB)
|
2023-04-24 21:13:15 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
func getFilteredPaginatedRepos(
|
|
|
|
ctx context.Context,
|
|
|
|
cveInfo cveinfo.CveInfo,
|
2023-07-18 20:27:26 +03:00
|
|
|
filterFn mTypes.FilterRepoFunc,
|
2023-04-24 21:13:15 +03:00
|
|
|
log log.Logger, //nolint:unparam // may be used by devs for debugging
|
|
|
|
requestedPage *gql_generated.PageInput,
|
2023-07-18 20:27:26 +03:00
|
|
|
metaDB mTypes.MetaDB,
|
2023-04-24 21:13:15 +03:00
|
|
|
) (*gql_generated.PaginatedReposResult, error) {
|
|
|
|
if requestedPage == nil {
|
|
|
|
requestedPage = &gql_generated.PageInput{}
|
|
|
|
}
|
|
|
|
|
|
|
|
skip := convert.SkipQGLField{
|
|
|
|
Vulnerabilities: canSkipField(convert.GetPreloads(ctx), "Results.NewestImage.Vulnerabilities"),
|
|
|
|
}
|
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
pageInput := pagination.PageInput{
|
2023-07-06 11:36:26 +03:00
|
|
|
Limit: safeDereferencing(requestedPage.Limit, 0),
|
|
|
|
Offset: safeDereferencing(requestedPage.Offset, 0),
|
2023-07-31 22:16:09 +03:00
|
|
|
SortBy: pagination.SortCriteria(
|
2023-07-06 11:36:26 +03:00
|
|
|
safeDereferencing(requestedPage.SortBy, gql_generated.SortCriteriaUpdateTime),
|
2023-04-24 21:13:15 +03:00
|
|
|
),
|
|
|
|
}
|
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
reposMeta, manifestMetaMap, indexDataMap, err := metaDB.FilterRepos(ctx, filterFn)
|
2023-04-24 21:13:15 +03:00
|
|
|
if err != nil {
|
2023-07-31 22:16:09 +03:00
|
|
|
return &gql_generated.PaginatedReposResult{}, err
|
2023-04-24 21:13:15 +03:00
|
|
|
}
|
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
repos, pageInfo, err := convert.PaginatedRepoMeta2RepoSummaries(ctx, reposMeta, manifestMetaMap, indexDataMap,
|
|
|
|
skip, cveInfo, mTypes.Filter{}, pageInput)
|
|
|
|
if err != nil {
|
|
|
|
return &gql_generated.PaginatedReposResult{}, err
|
2023-04-24 21:13:15 +03:00
|
|
|
}
|
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
return &gql_generated.PaginatedReposResult{
|
|
|
|
Results: repos,
|
|
|
|
Page: &gql_generated.PageInfo{
|
|
|
|
TotalCount: pageInfo.TotalCount,
|
|
|
|
ItemCount: pageInfo.ItemCount,
|
|
|
|
},
|
|
|
|
}, nil
|
2023-04-24 21:13:15 +03:00
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
func globalSearch(ctx context.Context, query string, metaDB mTypes.MetaDB, filter *gql_generated.Filter,
|
2023-01-09 22:37:44 +02:00
|
|
|
requestedPage *gql_generated.PageInput, cveInfo cveinfo.CveInfo, log log.Logger, //nolint:unparam
|
2023-01-19 00:20:55 +02:00
|
|
|
) (*gql_generated.PaginatedReposResult, []*gql_generated.ImageSummary, []*gql_generated.LayerSummary, error,
|
2023-01-09 22:37:44 +02:00
|
|
|
) {
|
|
|
|
preloads := convert.GetPreloads(ctx)
|
2023-01-19 00:20:55 +02:00
|
|
|
paginatedRepos := gql_generated.PaginatedReposResult{}
|
2023-01-09 22:37:44 +02:00
|
|
|
images := []*gql_generated.ImageSummary{}
|
|
|
|
layers := []*gql_generated.LayerSummary{}
|
2022-09-13 17:20:44 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
if requestedPage == nil {
|
|
|
|
requestedPage = &gql_generated.PageInput{}
|
|
|
|
}
|
2021-01-25 10:04:03 -08:00
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
localFilter := mTypes.Filter{}
|
2023-01-09 22:37:44 +02:00
|
|
|
if filter != nil {
|
2023-07-18 20:27:26 +03:00
|
|
|
localFilter = mTypes.Filter{
|
2023-01-09 22:37:44 +02:00
|
|
|
Os: filter.Os,
|
|
|
|
Arch: filter.Arch,
|
|
|
|
HasToBeSigned: filter.HasToBeSigned,
|
2023-04-27 18:11:13 +03:00
|
|
|
IsBookmarked: filter.IsBookmarked,
|
|
|
|
IsStarred: filter.IsStarred,
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
|
|
|
}
|
2021-01-25 10:04:03 -08:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
if searchingForRepos(query) {
|
|
|
|
skip := convert.SkipQGLField{
|
|
|
|
Vulnerabilities: canSkipField(preloads, "Repos.NewestImage.Vulnerabilities"),
|
|
|
|
}
|
2022-09-13 17:20:44 +03:00
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
pageInput := pagination.PageInput{
|
2023-07-06 11:36:26 +03:00
|
|
|
Limit: safeDereferencing(requestedPage.Limit, 0),
|
|
|
|
Offset: safeDereferencing(requestedPage.Offset, 0),
|
2023-07-31 22:16:09 +03:00
|
|
|
SortBy: pagination.SortCriteria(
|
2023-07-06 11:36:26 +03:00
|
|
|
safeDereferencing(requestedPage.SortBy, gql_generated.SortCriteriaRelevance),
|
2023-01-09 22:37:44 +02:00
|
|
|
),
|
|
|
|
}
|
2021-01-25 10:04:03 -08:00
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
reposMeta, manifestMetaMap, indexDataMap, err := metaDB.SearchRepos(ctx, query)
|
2023-01-09 22:37:44 +02:00
|
|
|
if err != nil {
|
2023-01-19 00:20:55 +02:00
|
|
|
return &gql_generated.PaginatedReposResult{}, []*gql_generated.ImageSummary{}, []*gql_generated.LayerSummary{}, err
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
2022-09-13 17:20:44 +03:00
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
repos, pageInfo, err := convert.PaginatedRepoMeta2RepoSummaries(ctx, reposMeta, manifestMetaMap, indexDataMap,
|
|
|
|
skip, cveInfo, localFilter, pageInput)
|
|
|
|
if err != nil {
|
|
|
|
return &gql_generated.PaginatedReposResult{}, []*gql_generated.ImageSummary{}, []*gql_generated.LayerSummary{}, err
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
2023-01-19 00:20:55 +02:00
|
|
|
|
|
|
|
paginatedRepos.Page = &gql_generated.PageInfo{
|
|
|
|
TotalCount: pageInfo.TotalCount,
|
|
|
|
ItemCount: pageInfo.ItemCount,
|
|
|
|
}
|
|
|
|
|
|
|
|
paginatedRepos.Results = repos
|
2023-01-09 22:37:44 +02:00
|
|
|
} else { // search for images
|
|
|
|
skip := convert.SkipQGLField{
|
|
|
|
Vulnerabilities: canSkipField(preloads, "Images.Vulnerabilities"),
|
|
|
|
}
|
2021-01-25 10:04:03 -08:00
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
pageInput := pagination.PageInput{
|
2023-07-06 11:36:26 +03:00
|
|
|
Limit: safeDereferencing(requestedPage.Limit, 0),
|
|
|
|
Offset: safeDereferencing(requestedPage.Offset, 0),
|
2023-07-31 22:16:09 +03:00
|
|
|
SortBy: pagination.SortCriteria(
|
2023-07-06 11:36:26 +03:00
|
|
|
safeDereferencing(requestedPage.SortBy, gql_generated.SortCriteriaRelevance),
|
2023-01-09 22:37:44 +02:00
|
|
|
),
|
|
|
|
}
|
2021-01-25 10:04:03 -08:00
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
reposMeta, manifestMetaMap, indexDataMap, err := metaDB.SearchTags(ctx, query)
|
2023-01-09 22:37:44 +02:00
|
|
|
if err != nil {
|
2023-01-19 00:20:55 +02:00
|
|
|
return &gql_generated.PaginatedReposResult{}, []*gql_generated.ImageSummary{}, []*gql_generated.LayerSummary{}, err
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
2022-09-28 21:39:54 +03:00
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
imageSummaries, pageInfo, err := convert.PaginatedRepoMeta2ImageSummaries(ctx, reposMeta, manifestMetaMap,
|
|
|
|
indexDataMap, skip, cveInfo, localFilter, pageInput)
|
|
|
|
if err != nil {
|
|
|
|
return &gql_generated.PaginatedReposResult{}, []*gql_generated.ImageSummary{}, []*gql_generated.LayerSummary{}, err
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
2023-01-19 00:20:55 +02:00
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
images = imageSummaries
|
|
|
|
|
2023-01-19 00:20:55 +02:00
|
|
|
paginatedRepos.Page = &gql_generated.PageInfo{
|
|
|
|
TotalCount: pageInfo.TotalCount,
|
|
|
|
ItemCount: pageInfo.ItemCount,
|
|
|
|
}
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
2022-11-11 01:02:17 +02:00
|
|
|
|
2023-01-19 00:20:55 +02:00
|
|
|
return &paginatedRepos, images, layers, nil
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
2022-07-29 18:33:34 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
func canSkipField(preloads map[string]bool, s string) bool {
|
|
|
|
fieldIsPresent := preloads[s]
|
2022-07-29 18:33:34 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
return !fieldIsPresent
|
|
|
|
}
|
2022-07-29 18:33:34 +03:00
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
func derivedImageList(ctx context.Context, image string, digest *string, metaDB mTypes.MetaDB,
|
2023-01-26 00:06:02 +02:00
|
|
|
requestedPage *gql_generated.PageInput,
|
|
|
|
cveInfo cveinfo.CveInfo, log log.Logger,
|
|
|
|
) (*gql_generated.PaginatedImagesResult, error) {
|
|
|
|
if requestedPage == nil {
|
|
|
|
requestedPage = &gql_generated.PageInput{}
|
|
|
|
}
|
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
pageInput := pagination.PageInput{
|
2023-07-06 11:36:26 +03:00
|
|
|
Limit: safeDereferencing(requestedPage.Limit, 0),
|
|
|
|
Offset: safeDereferencing(requestedPage.Offset, 0),
|
2023-07-31 22:16:09 +03:00
|
|
|
SortBy: pagination.SortCriteria(
|
2023-07-06 11:36:26 +03:00
|
|
|
safeDereferencing(requestedPage.SortBy, gql_generated.SortCriteriaUpdateTime),
|
2023-01-26 00:06:02 +02:00
|
|
|
),
|
|
|
|
}
|
|
|
|
|
|
|
|
skip := convert.SkipQGLField{
|
|
|
|
Vulnerabilities: canSkipField(convert.GetPreloads(ctx), "Vulnerabilities"),
|
|
|
|
}
|
|
|
|
|
2023-04-24 21:13:15 +03:00
|
|
|
imageRepo, imageTag := zcommon.GetImageDirAndTag(image)
|
2023-01-26 00:06:02 +02:00
|
|
|
if imageTag == "" {
|
|
|
|
return &gql_generated.PaginatedImagesResult{}, gqlerror.Errorf("no reference provided")
|
|
|
|
}
|
|
|
|
|
2023-09-18 01:12:20 +03:00
|
|
|
skipReferenceImage := convert.SkipQGLField{
|
|
|
|
Vulnerabilities: true,
|
|
|
|
}
|
|
|
|
|
|
|
|
searchedImage, err := getImageSummary(ctx, imageRepo, imageTag, digest, skipReferenceImage, metaDB, cveInfo, log)
|
2023-01-26 00:06:02 +02:00
|
|
|
if err != nil {
|
|
|
|
if errors.Is(err, zerr.ErrRepoMetaNotFound) {
|
|
|
|
return &gql_generated.PaginatedImagesResult{}, gqlerror.Errorf("repository: not found")
|
|
|
|
}
|
|
|
|
|
|
|
|
return &gql_generated.PaginatedImagesResult{}, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// we need all available tags
|
2023-07-31 22:16:09 +03:00
|
|
|
reposMeta, manifestMetaMap, indexDataMap, err := metaDB.FilterTags(ctx, filterDerivedImages(searchedImage))
|
2023-01-26 00:06:02 +02:00
|
|
|
if err != nil {
|
|
|
|
return &gql_generated.PaginatedImagesResult{}, err
|
|
|
|
}
|
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
derivedList, pageInfo, err := convert.PaginatedRepoMeta2ImageSummaries(ctx, reposMeta, manifestMetaMap, indexDataMap,
|
|
|
|
skip, cveInfo, mTypes.Filter{}, pageInput)
|
|
|
|
if err != nil {
|
|
|
|
return &gql_generated.PaginatedImagesResult{}, err
|
2023-01-26 00:06:02 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return &gql_generated.PaginatedImagesResult{
|
|
|
|
Results: derivedList,
|
|
|
|
Page: &gql_generated.PageInfo{
|
|
|
|
TotalCount: pageInfo.TotalCount,
|
|
|
|
ItemCount: pageInfo.ItemCount,
|
|
|
|
},
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
func filterDerivedImages(image *gql_generated.ImageSummary) mTypes.FilterFunc {
|
|
|
|
return func(repoMeta mTypes.RepoMetadata, manifestMeta mTypes.ManifestMetadata) bool {
|
2023-01-26 00:06:02 +02:00
|
|
|
var addImageToList bool
|
|
|
|
|
|
|
|
var imageManifest ispec.Manifest
|
|
|
|
|
|
|
|
err := json.Unmarshal(manifestMeta.ManifestBlob, &imageManifest)
|
|
|
|
if err != nil {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
for i := range image.Manifests {
|
|
|
|
manifestDigest := godigest.FromBytes(manifestMeta.ManifestBlob).String()
|
|
|
|
if manifestDigest == *image.Manifests[i].Digest {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
imageLayers := image.Manifests[i].Layers
|
2023-01-26 00:06:02 +02:00
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
addImageToList = false
|
|
|
|
layers := imageManifest.Layers
|
2023-01-26 00:06:02 +02:00
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
sameLayer := 0
|
2023-01-26 00:06:02 +02:00
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
for _, l := range imageLayers {
|
|
|
|
for _, k := range layers {
|
|
|
|
if k.Digest.String() == *l.Digest {
|
|
|
|
sameLayer++
|
|
|
|
}
|
2023-01-26 00:06:02 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
// if all layers are the same
|
|
|
|
if sameLayer == len(imageLayers) {
|
|
|
|
// it's a derived image
|
|
|
|
addImageToList = true
|
|
|
|
}
|
|
|
|
|
|
|
|
if addImageToList {
|
|
|
|
return true
|
|
|
|
}
|
2023-01-26 00:06:02 +02:00
|
|
|
}
|
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
return false
|
2023-01-26 00:06:02 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
func baseImageList(ctx context.Context, image string, digest *string, metaDB mTypes.MetaDB,
|
2023-01-26 00:06:02 +02:00
|
|
|
requestedPage *gql_generated.PageInput,
|
|
|
|
cveInfo cveinfo.CveInfo, log log.Logger,
|
|
|
|
) (*gql_generated.PaginatedImagesResult, error) {
|
|
|
|
if requestedPage == nil {
|
|
|
|
requestedPage = &gql_generated.PageInput{}
|
|
|
|
}
|
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
pageInput := pagination.PageInput{
|
2023-07-06 11:36:26 +03:00
|
|
|
Limit: safeDereferencing(requestedPage.Limit, 0),
|
|
|
|
Offset: safeDereferencing(requestedPage.Offset, 0),
|
2023-07-31 22:16:09 +03:00
|
|
|
SortBy: pagination.SortCriteria(
|
2023-07-06 11:36:26 +03:00
|
|
|
safeDereferencing(requestedPage.SortBy, gql_generated.SortCriteriaUpdateTime),
|
2023-01-26 00:06:02 +02:00
|
|
|
),
|
|
|
|
}
|
|
|
|
|
|
|
|
skip := convert.SkipQGLField{
|
|
|
|
Vulnerabilities: canSkipField(convert.GetPreloads(ctx), "Vulnerabilities"),
|
|
|
|
}
|
|
|
|
|
2023-04-24 21:13:15 +03:00
|
|
|
imageRepo, imageTag := zcommon.GetImageDirAndTag(image)
|
2023-01-26 00:06:02 +02:00
|
|
|
|
|
|
|
if imageTag == "" {
|
|
|
|
return &gql_generated.PaginatedImagesResult{}, gqlerror.Errorf("no reference provided")
|
|
|
|
}
|
|
|
|
|
2023-09-18 01:12:20 +03:00
|
|
|
skipReferenceImage := convert.SkipQGLField{
|
|
|
|
Vulnerabilities: true,
|
|
|
|
}
|
|
|
|
|
|
|
|
searchedImage, err := getImageSummary(ctx, imageRepo, imageTag, digest, skipReferenceImage, metaDB, cveInfo, log)
|
2023-01-26 00:06:02 +02:00
|
|
|
if err != nil {
|
|
|
|
if errors.Is(err, zerr.ErrRepoMetaNotFound) {
|
|
|
|
return &gql_generated.PaginatedImagesResult{}, gqlerror.Errorf("repository: not found")
|
|
|
|
}
|
|
|
|
|
|
|
|
return &gql_generated.PaginatedImagesResult{}, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// we need all available tags
|
2023-07-31 22:16:09 +03:00
|
|
|
reposMeta, manifestMetaMap, indexDataMap, err := metaDB.FilterTags(ctx, filterBaseImages(searchedImage))
|
2023-01-26 00:06:02 +02:00
|
|
|
if err != nil {
|
|
|
|
return &gql_generated.PaginatedImagesResult{}, err
|
|
|
|
}
|
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
baseList, pageInfo, err := convert.PaginatedRepoMeta2ImageSummaries(ctx, reposMeta, manifestMetaMap, indexDataMap,
|
|
|
|
skip, cveInfo, mTypes.Filter{}, pageInput)
|
|
|
|
if err != nil {
|
|
|
|
return &gql_generated.PaginatedImagesResult{}, err
|
2023-01-26 00:06:02 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return &gql_generated.PaginatedImagesResult{
|
|
|
|
Page: &gql_generated.PageInfo{
|
|
|
|
TotalCount: pageInfo.TotalCount,
|
|
|
|
ItemCount: pageInfo.ItemCount,
|
|
|
|
},
|
2023-07-31 22:16:09 +03:00
|
|
|
Results: baseList,
|
2023-01-26 00:06:02 +02:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
func filterBaseImages(image *gql_generated.ImageSummary) mTypes.FilterFunc {
|
|
|
|
return func(repoMeta mTypes.RepoMetadata, manifestMeta mTypes.ManifestMetadata) bool {
|
2023-01-26 00:06:02 +02:00
|
|
|
var addImageToList bool
|
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
var manifestContent ispec.Manifest
|
2023-01-26 00:06:02 +02:00
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
err := json.Unmarshal(manifestMeta.ManifestBlob, &manifestContent)
|
2023-01-26 00:06:02 +02:00
|
|
|
if err != nil {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
for i := range image.Manifests {
|
|
|
|
manifestDigest := godigest.FromBytes(manifestMeta.ManifestBlob).String()
|
|
|
|
if manifestDigest == *image.Manifests[i].Digest {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
addImageToList = true
|
2023-01-26 00:06:02 +02:00
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
for _, l := range manifestContent.Layers {
|
|
|
|
foundLayer := false
|
2023-01-26 00:06:02 +02:00
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
for _, k := range image.Manifests[i].Layers {
|
|
|
|
if l.Digest.String() == *k.Digest {
|
|
|
|
foundLayer = true
|
2023-01-26 00:06:02 +02:00
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
2023-01-26 00:06:02 +02:00
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
if !foundLayer {
|
|
|
|
addImageToList = false
|
2023-01-26 00:06:02 +02:00
|
|
|
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
if addImageToList {
|
|
|
|
return true
|
2023-01-26 00:06:02 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
return false
|
2023-01-26 00:06:02 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
func validateGlobalSearchInput(query string, filter *gql_generated.Filter,
|
|
|
|
requestedPage *gql_generated.PageInput,
|
|
|
|
) error {
|
|
|
|
if len(query) > querySizeLimit {
|
2023-03-14 12:02:19 +02:00
|
|
|
return fmt.Errorf("global-search: max string size limit exeeded for query parameter. max=%d current=%d %w",
|
|
|
|
querySizeLimit, len(query), zerr.ErrInvalidRequestParams)
|
2021-01-25 10:04:03 -08:00
|
|
|
}
|
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
err := checkFilter(filter)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2021-01-25 10:04:03 -08:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
err = checkRequestedPage(requestedPage)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
return nil
|
2022-07-12 15:58:04 +03:00
|
|
|
}
|
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
func checkFilter(filter *gql_generated.Filter) error {
|
|
|
|
if filter == nil {
|
|
|
|
return nil
|
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
for _, arch := range filter.Arch {
|
|
|
|
if len(*arch) > querySizeLimit {
|
2023-03-14 12:02:19 +02:00
|
|
|
return fmt.Errorf("global-search: max string size limit exeeded for arch parameter. max=%d current=%d %w",
|
|
|
|
querySizeLimit, len(*arch), zerr.ErrInvalidRequestParams)
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
for _, osSys := range filter.Os {
|
|
|
|
if len(*osSys) > querySizeLimit {
|
2023-03-14 12:02:19 +02:00
|
|
|
return fmt.Errorf("global-search: max string size limit exeeded for os parameter. max=%d current=%d %w",
|
|
|
|
querySizeLimit, len(*osSys), zerr.ErrInvalidRequestParams)
|
2022-07-12 15:58:04 +03:00
|
|
|
}
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
return nil
|
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
func checkRequestedPage(requestedPage *gql_generated.PageInput) error {
|
|
|
|
if requestedPage == nil {
|
|
|
|
return nil
|
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
if requestedPage.Limit != nil && *requestedPage.Limit < 0 {
|
2023-03-14 12:02:19 +02:00
|
|
|
return fmt.Errorf("global-search: requested page limit parameter can't be negative %w",
|
|
|
|
zerr.ErrInvalidRequestParams)
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
if requestedPage.Offset != nil && *requestedPage.Offset < 0 {
|
2023-03-14 12:02:19 +02:00
|
|
|
return fmt.Errorf("global-search: requested page offset parameter can't be negative %w",
|
|
|
|
zerr.ErrInvalidRequestParams)
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
2022-08-02 18:58:30 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
return nil
|
|
|
|
}
|
2022-08-02 18:58:30 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
func cleanQuery(query string) string {
|
|
|
|
query = strings.TrimSpace(query)
|
|
|
|
query = strings.Trim(query, "/")
|
|
|
|
query = strings.ToLower(query)
|
2022-07-20 12:30:34 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
return query
|
|
|
|
}
|
2022-07-20 12:30:34 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
func cleanFilter(filter *gql_generated.Filter) *gql_generated.Filter {
|
|
|
|
if filter == nil {
|
|
|
|
return nil
|
|
|
|
}
|
2022-07-20 12:30:34 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
if filter.Arch != nil {
|
|
|
|
for i := range filter.Arch {
|
|
|
|
*filter.Arch[i] = strings.ToLower(*filter.Arch[i])
|
|
|
|
*filter.Arch[i] = strings.TrimSpace(*filter.Arch[i])
|
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
filter.Arch = deleteEmptyElements(filter.Arch)
|
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
if filter.Os != nil {
|
|
|
|
for i := range filter.Os {
|
|
|
|
*filter.Os[i] = strings.ToLower(*filter.Os[i])
|
|
|
|
*filter.Os[i] = strings.TrimSpace(*filter.Os[i])
|
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
filter.Os = deleteEmptyElements(filter.Os)
|
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
return filter
|
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
func deleteEmptyElements(slice []*string) []*string {
|
|
|
|
i := 0
|
|
|
|
for i < len(slice) {
|
|
|
|
if elementIsEmpty(*slice[i]) {
|
|
|
|
slice = deleteElementAt(slice, i)
|
|
|
|
} else {
|
|
|
|
i++
|
|
|
|
}
|
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
return slice
|
|
|
|
}
|
2022-07-19 16:16:15 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
func elementIsEmpty(s string) bool {
|
|
|
|
return s == ""
|
|
|
|
}
|
2022-07-19 16:16:15 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
func deleteElementAt(slice []*string, i int) []*string {
|
|
|
|
slice[i] = slice[len(slice)-1]
|
|
|
|
slice = slice[:len(slice)-1]
|
2022-07-19 16:16:15 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
return slice
|
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
func expandedRepoInfo(ctx context.Context, repo string, metaDB mTypes.MetaDB, cveInfo cveinfo.CveInfo, log log.Logger,
|
2023-01-09 22:37:44 +02:00
|
|
|
) (*gql_generated.RepoInfo, error) {
|
2023-09-01 21:13:53 +03:00
|
|
|
if ok, err := reqCtx.RepoIsUserAvailable(ctx, repo); !ok || err != nil {
|
2023-04-28 05:44:22 +03:00
|
|
|
log.Info().Err(err).Str("repository", repo).Bool("availability", ok).Msg("resolver: repo user availability")
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
return &gql_generated.RepoInfo{}, nil //nolint:nilerr // don't give details to a potential attacker
|
|
|
|
}
|
2022-09-28 21:39:54 +03:00
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
repoMeta, err := metaDB.GetUserRepoMeta(ctx, repo)
|
2023-01-09 22:37:44 +02:00
|
|
|
if err != nil {
|
2023-04-28 05:44:22 +03:00
|
|
|
log.Error().Err(err).Str("repository", repo).Msg("resolver: can't retrieve repoMeta for repo")
|
2022-11-11 01:02:17 +02:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
return &gql_generated.RepoInfo{}, err
|
|
|
|
}
|
2022-07-22 20:01:38 +00:00
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
var (
|
2023-07-18 20:27:26 +03:00
|
|
|
manifestMetaMap = map[string]mTypes.ManifestMetadata{}
|
|
|
|
indexDataMap = map[string]mTypes.IndexData{}
|
2023-02-27 21:23:18 +02:00
|
|
|
)
|
2022-07-22 20:01:38 +00:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
for tag, descriptor := range repoMeta.Tags {
|
2023-02-27 21:23:18 +02:00
|
|
|
switch descriptor.MediaType {
|
|
|
|
case ispec.MediaTypeImageManifest:
|
|
|
|
digest := descriptor.Digest
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
if _, alreadyDownloaded := manifestMetaMap[digest]; alreadyDownloaded {
|
|
|
|
continue
|
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
manifestData, err := metaDB.GetManifestData(godigest.Digest(digest))
|
2023-02-27 21:23:18 +02:00
|
|
|
if err != nil {
|
2023-03-14 12:02:19 +02:00
|
|
|
graphql.AddError(ctx, fmt.Errorf("resolver: failed to get manifest meta for image %s:%s with manifest digest %s %w",
|
|
|
|
repo, tag, digest, err))
|
2023-01-09 22:37:44 +02:00
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
manifestMetaMap[digest] = mTypes.ManifestMetadata{
|
2023-07-06 11:36:26 +03:00
|
|
|
ManifestBlob: manifestData.ManifestBlob,
|
|
|
|
ConfigBlob: manifestData.ConfigBlob,
|
|
|
|
}
|
2023-02-27 21:23:18 +02:00
|
|
|
case ispec.MediaTypeImageIndex:
|
|
|
|
digest := descriptor.Digest
|
|
|
|
|
|
|
|
if _, alreadyDownloaded := indexDataMap[digest]; alreadyDownloaded {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
indexData, err := metaDB.GetIndexData(godigest.Digest(digest))
|
2023-02-27 21:23:18 +02:00
|
|
|
if err != nil {
|
2023-03-14 12:02:19 +02:00
|
|
|
graphql.AddError(ctx, fmt.Errorf("resolver: failed to get manifest meta for image %s:%s with manifest digest %s %w",
|
|
|
|
repo, tag, digest, err))
|
2023-02-27 21:23:18 +02:00
|
|
|
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
var indexContent ispec.Index
|
|
|
|
|
|
|
|
err = json.Unmarshal(indexData.IndexBlob, &indexContent)
|
|
|
|
if err != nil {
|
2023-03-14 12:02:19 +02:00
|
|
|
graphql.AddError(ctx, fmt.Errorf("resolver: failed to unmarshal index content for image %s:%s with digest %s %w",
|
|
|
|
repo, tag, digest, err))
|
2023-02-27 21:23:18 +02:00
|
|
|
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
var errorOccured bool
|
|
|
|
|
|
|
|
for _, descriptor := range indexContent.Manifests {
|
2023-07-18 20:27:26 +03:00
|
|
|
manifestData, err := metaDB.GetManifestData(descriptor.Digest)
|
2023-02-27 21:23:18 +02:00
|
|
|
if err != nil {
|
2023-03-14 12:02:19 +02:00
|
|
|
graphql.AddError(ctx,
|
|
|
|
fmt.Errorf("resolver: failed to get manifest meta with digest '%s' for multiarch image %s:%s %w",
|
|
|
|
digest, repo, tag, err),
|
2023-02-27 21:23:18 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
errorOccured = true
|
|
|
|
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
manifestMetaMap[descriptor.Digest.String()] = mTypes.ManifestMetadata{
|
2023-07-06 11:36:26 +03:00
|
|
|
ManifestBlob: manifestData.ManifestBlob,
|
|
|
|
ConfigBlob: manifestData.ConfigBlob,
|
|
|
|
}
|
2023-02-27 21:23:18 +02:00
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
if errorOccured {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
indexDataMap[digest] = indexData
|
|
|
|
default:
|
|
|
|
}
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
skip := convert.SkipQGLField{
|
2023-02-27 21:23:18 +02:00
|
|
|
Vulnerabilities: canSkipField(convert.GetPreloads(ctx), "Summary.NewestImage.Vulnerabilities") &&
|
|
|
|
canSkipField(convert.GetPreloads(ctx), "Images.Vulnerabilities"),
|
2023-01-09 22:37:44 +02:00
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-02-27 21:23:18 +02:00
|
|
|
repoSummary, imageSummaries := convert.RepoMeta2ExpandedRepoInfo(ctx, repoMeta, manifestMetaMap, indexDataMap,
|
|
|
|
skip, cveInfo, log)
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-01-25 20:57:10 +02:00
|
|
|
dateSortedImages := make(timeSlice, 0, len(imageSummaries))
|
|
|
|
for _, imgSummary := range imageSummaries {
|
|
|
|
dateSortedImages = append(dateSortedImages, imgSummary)
|
|
|
|
}
|
|
|
|
|
|
|
|
sort.Sort(dateSortedImages)
|
|
|
|
|
|
|
|
return &gql_generated.RepoInfo{Summary: repoSummary, Images: dateSortedImages}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
type timeSlice []*gql_generated.ImageSummary
|
|
|
|
|
|
|
|
func (p timeSlice) Len() int {
|
|
|
|
return len(p)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (p timeSlice) Less(i, j int) bool {
|
|
|
|
return p[i].LastUpdated.After(*p[j].LastUpdated)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (p timeSlice) Swap(i, j int) {
|
|
|
|
p[i], p[j] = p[j], p[i]
|
2022-07-12 15:58:04 +03:00
|
|
|
}
|
|
|
|
|
2023-07-06 11:36:26 +03:00
|
|
|
func safeDereferencing[T any](pointer *T, defaultVal T) T {
|
2023-01-09 22:37:44 +02:00
|
|
|
if pointer != nil {
|
|
|
|
return *pointer
|
2022-07-12 15:58:04 +03:00
|
|
|
}
|
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
return defaultVal
|
|
|
|
}
|
2022-07-12 15:58:04 +03:00
|
|
|
|
2023-01-09 22:37:44 +02:00
|
|
|
func searchingForRepos(query string) bool {
|
|
|
|
return !strings.Contains(query, ":")
|
2022-07-12 15:58:04 +03:00
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
func getImageList(ctx context.Context, repo string, metaDB mTypes.MetaDB, cveInfo cveinfo.CveInfo,
|
2023-01-23 19:45:11 +02:00
|
|
|
requestedPage *gql_generated.PageInput, log log.Logger, //nolint:unparam
|
2023-02-15 21:34:07 +02:00
|
|
|
) (*gql_generated.PaginatedImagesResult, error) {
|
2023-01-23 19:45:11 +02:00
|
|
|
if requestedPage == nil {
|
|
|
|
requestedPage = &gql_generated.PageInput{}
|
2022-01-19 17:57:10 +02:00
|
|
|
}
|
|
|
|
|
2023-01-23 19:45:11 +02:00
|
|
|
skip := convert.SkipQGLField{
|
|
|
|
Vulnerabilities: canSkipField(convert.GetPreloads(ctx), "Images.Vulnerabilities"),
|
|
|
|
}
|
2022-10-20 19:35:24 +03:00
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
pageInput := pagination.PageInput{
|
2023-07-06 11:36:26 +03:00
|
|
|
Limit: safeDereferencing(requestedPage.Limit, 0),
|
|
|
|
Offset: safeDereferencing(requestedPage.Offset, 0),
|
2023-07-31 22:16:09 +03:00
|
|
|
SortBy: pagination.SortCriteria(
|
2023-07-06 11:36:26 +03:00
|
|
|
safeDereferencing(requestedPage.SortBy, gql_generated.SortCriteriaRelevance),
|
2023-01-23 19:45:11 +02:00
|
|
|
),
|
|
|
|
}
|
2022-10-20 19:35:24 +03:00
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
reposMeta, manifestMetaMap, indexDataMap, err := metaDB.FilterTags(ctx,
|
2023-07-18 20:27:26 +03:00
|
|
|
func(repoMeta mTypes.RepoMetadata, manifestMeta mTypes.ManifestMetadata) bool {
|
2023-07-31 22:16:09 +03:00
|
|
|
return repoMeta.Name == repo || repo == ""
|
|
|
|
})
|
2023-01-23 19:45:11 +02:00
|
|
|
if err != nil {
|
2023-02-15 21:34:07 +02:00
|
|
|
return &gql_generated.PaginatedImagesResult{}, err
|
2023-01-23 19:45:11 +02:00
|
|
|
}
|
2022-01-19 17:57:10 +02:00
|
|
|
|
2023-07-31 22:16:09 +03:00
|
|
|
imageList, pageInfo, err := convert.PaginatedRepoMeta2ImageSummaries(ctx, reposMeta, manifestMetaMap,
|
|
|
|
indexDataMap, skip, cveInfo, mTypes.Filter{}, pageInput)
|
|
|
|
if err != nil {
|
|
|
|
return &gql_generated.PaginatedImagesResult{}, err
|
2022-01-19 17:57:10 +02:00
|
|
|
}
|
|
|
|
|
2023-02-15 21:34:07 +02:00
|
|
|
return &gql_generated.PaginatedImagesResult{
|
|
|
|
Results: imageList,
|
|
|
|
Page: &gql_generated.PageInfo{
|
|
|
|
TotalCount: pageInfo.TotalCount,
|
|
|
|
ItemCount: pageInfo.ItemCount,
|
|
|
|
},
|
|
|
|
}, nil
|
2022-01-19 17:57:10 +02:00
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
func getReferrers(metaDB mTypes.MetaDB, repo string, referredDigest string, artifactTypes []string,
|
2023-03-10 20:37:29 +02:00
|
|
|
log log.Logger,
|
|
|
|
) ([]*gql_generated.Referrer, error) {
|
|
|
|
refDigest := godigest.Digest(referredDigest)
|
|
|
|
if err := refDigest.Validate(); err != nil {
|
2023-04-28 05:44:22 +03:00
|
|
|
log.Error().Err(err).Str("digest", referredDigest).Msg("graphql: bad referenced digest string from request")
|
2022-11-23 20:53:28 +02:00
|
|
|
|
2023-03-14 12:02:19 +02:00
|
|
|
return []*gql_generated.Referrer{}, fmt.Errorf("graphql: bad digest string from request '%s' %w",
|
|
|
|
referredDigest, err)
|
2022-11-23 20:53:28 +02:00
|
|
|
}
|
|
|
|
|
2023-07-18 20:27:26 +03:00
|
|
|
referrers, err := metaDB.GetReferrersInfo(repo, refDigest, artifactTypes)
|
2023-03-10 20:37:29 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2022-11-23 20:53:28 +02:00
|
|
|
|
2023-03-10 20:37:29 +02:00
|
|
|
results := make([]*gql_generated.Referrer, 0, len(referrers))
|
2022-11-23 20:53:28 +02:00
|
|
|
|
2023-03-10 20:37:29 +02:00
|
|
|
for _, referrer := range referrers {
|
|
|
|
referrer := referrer
|
2022-11-23 20:53:28 +02:00
|
|
|
|
|
|
|
results = append(results, &gql_generated.Referrer{
|
2023-03-10 20:37:29 +02:00
|
|
|
MediaType: &referrer.MediaType,
|
|
|
|
ArtifactType: &referrer.ArtifactType,
|
|
|
|
Digest: &referrer.Digest,
|
|
|
|
Size: &referrer.Size,
|
|
|
|
Annotations: convert.StringMap2Annotations(referrer.Annotations),
|
2022-11-23 20:53:28 +02:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
return results, nil
|
|
|
|
}
|