zot/pkg/cli/cve_cmd.go

// +build extended

package cli

import (
	"fmt"
	"os"
	"path"

	zotErrors "github.com/anuvu/zot/errors"

	"github.com/briandowns/spinner"
	"github.com/spf13/cobra"
)

func NewCveCommand(searchService SearchService) *cobra.Command {
	searchCveParams := make(map[string]*string)

	var servURL, user, outputFormat string

	var isSpinner, verifyTLS, fixedFlag, verbose bool

	var cveCmd = &cobra.Command{
		Use:   "cve [config-name]",
		Short: "Lookup CVEs in images hosted on zot",
		Long:  `List CVEs (Common Vulnerabilities and Exposures) of images hosted on a zot instance`,
		RunE: func(cmd *cobra.Command, args []string) error {
			home, err := os.UserHomeDir()
			if err != nil {
				panic(err)
			}

			configPath := path.Join(home + "/.zot")
			if servURL == "" {
				if len(args) > 0 {
					urlFromConfig, err := getConfigValue(configPath, args[0], "url")
					if err != nil {
						cmd.SilenceUsage = true
						return err
					}
					if urlFromConfig == "" {
						return zotErrors.ErrNoURLProvided
					}
					servURL = urlFromConfig
				} else {
					return zotErrors.ErrNoURLProvided
				}
			}

			if len(args) > 0 {
				var err error
				isSpinner, err = parseBooleanConfig(configPath, args[0], showspinnerConfig)
				if err != nil {
					cmd.SilenceUsage = true
					return err
				}
				verifyTLS, err = parseBooleanConfig(configPath, args[0], verifyTLSConfig)
				if err != nil {
					cmd.SilenceUsage = true
					return err
				}
			}

			spin := spinner.New(spinner.CharSets[39], spinnerDuration, spinner.WithWriter(cmd.ErrOrStderr()))
			spin.Prefix = fmt.Sprintf("Fetching from %s.. ", servURL)

			verbose = false

			searchConfig := searchConfig{
				params:        searchCveParams,
				searchService: searchService,
				servURL:       &servURL,
				user:          &user,
				outputFormat:  &outputFormat,
				fixedFlag:     &fixedFlag,
				verifyTLS:     &verifyTLS,
				verbose:       &verbose,
				resultWriter:  cmd.OutOrStdout(),
				spinner:       spinnerState{spin, isSpinner},
			}

			err = searchCve(searchConfig)

			if err != nil {
				cmd.SilenceUsage = true
				return err
			}

			return nil
		},
	}

	vars := cveFlagVariables{
		searchCveParams: searchCveParams,
		servURL:         &servURL,
		user:            &user,
		outputFormat:    &outputFormat,
		fixedFlag:       &fixedFlag,
	}

	setupCveFlags(cveCmd, vars)

	return cveCmd
}

func setupCveFlags(cveCmd *cobra.Command, variables cveFlagVariables) {
	variables.searchCveParams["imageName"] = cveCmd.Flags().StringP("image", "I", "", "List CVEs by IMAGENAME[:TAG]")
	variables.searchCveParams["cveID"] = cveCmd.Flags().StringP("cve-id", "i", "", "List images affected by a CVE")

	cveCmd.Flags().StringVar(variables.servURL, "url", "", "Specify zot server URL if config-name is not mentioned")
	cveCmd.Flags().StringVarP(variables.user, "user", "u", "", `User Credentials of `+
		`zot server in USERNAME:PASSWORD format`)
	cveCmd.Flags().StringVarP(variables.outputFormat, "output", "o", "", "Specify output format [text/json/yaml]."+
		" JSON and YAML format return all info for CVEs")

	cveCmd.Flags().BoolVar(variables.fixedFlag, "fixed", false, "List tags which have fixed a CVE")
}

type cveFlagVariables struct {
	searchCveParams map[string]*string
	servURL         *string
	user            *string
	outputFormat    *string
	fixedFlag       *bool
}

func searchCve(searchConfig searchConfig) error {
	for _, searcher := range getCveSearchers() {
		found, err := searcher.search(searchConfig)
		if found {
			if err != nil {
				return err
			}

			return nil
		}
	}

	return zotErrors.ErrInvalidFlagsCombination
}
build: add build tags to create customizable binaries 2020-10-14 16:47:20 -05:00			`// +build extended`

cli: add commands for CVE Uses GraphQL API of zot to fetch CVE info - Get all images affected by a CVE (input: CVEID) - Get all CVEs of a layer (input: image:tag) - Get all layers of an image which have resolved a CVE (input: image, CVEID) - Get all layers of an image affected by a CVE (input: image, CVEID) 2020-07-06 17:44:32 -05:00			`package cli`

			`import (`
			`"fmt"`
			`"os"`
			`"path"`

			`zotErrors "github.com/anuvu/zot/errors"`

			`"github.com/briandowns/spinner"`
			`"github.com/spf13/cobra"`
			`)`

			`func NewCveCommand(searchService SearchService) *cobra.Command {`
			`searchCveParams := make(map[string]*string)`

			`var servURL, user, outputFormat string`

Add a '--verbose' flag to the 'zot images' output - Show individual layers with size and digest under each image - Include config digest for each image See example below ``` IMAGE NAME TAG DIGEST CONFIG LAYERS SIZE test/godev 0.4.7 7d38d8ca 05b9f86e 519MB f824a027 65MB a98af0f5 52MB ba5b2bc4 163MB 58b1ca8d 228MB 67d798ee 12MB test/cdev test 2292b4ae cf6f6c77 280MB f824a027 65MB a98af0f5 52MB ba5b2bc4 163MB test/cdev 0.4.7 2292b4ae cf6f6c77 280MB f824a027 65MB a98af0f5 52MB ba5b2bc4 163MB Note the new layers and config fields will be visible in the json/yaml format regardless of the value of the verbose flag ``` 2021-05-28 11:27:17 -05:00			`var isSpinner, verifyTLS, fixedFlag, verbose bool`
cli: add commands for CVE Uses GraphQL API of zot to fetch CVE info - Get all images affected by a CVE (input: CVEID) - Get all CVEs of a layer (input: image:tag) - Get all layers of an image which have resolved a CVE (input: image, CVEID) - Get all layers of an image affected by a CVE (input: image, CVEID) 2020-07-06 17:44:32 -05:00
			`var cveCmd = &cobra.Command{`
			`Use: "cve [config-name]",`
			`Short: "Lookup CVEs in images hosted on zot",`
			Long: `List CVEs (Common Vulnerabilities and Exposures) of images hosted on a zot instance`,
			`RunE: func(cmd *cobra.Command, args []string) error {`
			`home, err := os.UserHomeDir()`
			`if err != nil {`
			`panic(err)`
			`}`

			`configPath := path.Join(home + "/.zot")`
			`if servURL == "" {`
			`if len(args) > 0 {`
			`urlFromConfig, err := getConfigValue(configPath, args[0], "url")`
			`if err != nil {`
			`cmd.SilenceUsage = true`
			`return err`
			`}`
			`if urlFromConfig == "" {`
			`return zotErrors.ErrNoURLProvided`
			`}`
			`servURL = urlFromConfig`
			`} else {`
			`return zotErrors.ErrNoURLProvided`
			`}`
			`}`

			`if len(args) > 0 {`
			`var err error`
			`isSpinner, err = parseBooleanConfig(configPath, args[0], showspinnerConfig)`
			`if err != nil {`
			`cmd.SilenceUsage = true`
			`return err`
			`}`
			`verifyTLS, err = parseBooleanConfig(configPath, args[0], verifyTLSConfig)`
			`if err != nil {`
			`cmd.SilenceUsage = true`
			`return err`
			`}`
			`}`

			`spin := spinner.New(spinner.CharSets[39], spinnerDuration, spinner.WithWriter(cmd.ErrOrStderr()))`
			`spin.Prefix = fmt.Sprintf("Fetching from %s.. ", servURL)`

Add a '--verbose' flag to the 'zot images' output - Show individual layers with size and digest under each image - Include config digest for each image See example below ``` IMAGE NAME TAG DIGEST CONFIG LAYERS SIZE test/godev 0.4.7 7d38d8ca 05b9f86e 519MB f824a027 65MB a98af0f5 52MB ba5b2bc4 163MB 58b1ca8d 228MB 67d798ee 12MB test/cdev test 2292b4ae cf6f6c77 280MB f824a027 65MB a98af0f5 52MB ba5b2bc4 163MB test/cdev 0.4.7 2292b4ae cf6f6c77 280MB f824a027 65MB a98af0f5 52MB ba5b2bc4 163MB Note the new layers and config fields will be visible in the json/yaml format regardless of the value of the verbose flag ``` 2021-05-28 11:27:17 -05:00			`verbose = false`

cli: add commands for CVE Uses GraphQL API of zot to fetch CVE info - Get all images affected by a CVE (input: CVEID) - Get all CVEs of a layer (input: image:tag) - Get all layers of an image which have resolved a CVE (input: image, CVEID) - Get all layers of an image affected by a CVE (input: image, CVEID) 2020-07-06 17:44:32 -05:00			`searchConfig := searchConfig{`
			`params: searchCveParams,`
			`searchService: searchService,`
			`servURL: &servURL,`
			`user: &user,`
			`outputFormat: &outputFormat,`
			`fixedFlag: &fixedFlag,`
			`verifyTLS: &verifyTLS,`
Add a '--verbose' flag to the 'zot images' output - Show individual layers with size and digest under each image - Include config digest for each image See example below ``` IMAGE NAME TAG DIGEST CONFIG LAYERS SIZE test/godev 0.4.7 7d38d8ca 05b9f86e 519MB f824a027 65MB a98af0f5 52MB ba5b2bc4 163MB 58b1ca8d 228MB 67d798ee 12MB test/cdev test 2292b4ae cf6f6c77 280MB f824a027 65MB a98af0f5 52MB ba5b2bc4 163MB test/cdev 0.4.7 2292b4ae cf6f6c77 280MB f824a027 65MB a98af0f5 52MB ba5b2bc4 163MB Note the new layers and config fields will be visible in the json/yaml format regardless of the value of the verbose flag ``` 2021-05-28 11:27:17 -05:00			`verbose: &verbose,`
cli: add commands for CVE Uses GraphQL API of zot to fetch CVE info - Get all images affected by a CVE (input: CVEID) - Get all CVEs of a layer (input: image:tag) - Get all layers of an image which have resolved a CVE (input: image, CVEID) - Get all layers of an image affected by a CVE (input: image, CVEID) 2020-07-06 17:44:32 -05:00			`resultWriter: cmd.OutOrStdout(),`
			`spinner: spinnerState{spin, isSpinner},`
			`}`

			`err = searchCve(searchConfig)`

			`if err != nil {`
			`cmd.SilenceUsage = true`
			`return err`
			`}`

			`return nil`
			`},`
			`}`

			`vars := cveFlagVariables{`
			`searchCveParams: searchCveParams,`
			`servURL: &servURL,`
			`user: &user,`
			`outputFormat: &outputFormat,`
			`fixedFlag: &fixedFlag,`
			`}`

			`setupCveFlags(cveCmd, vars)`

			`return cveCmd`
			`}`

			`func setupCveFlags(cveCmd *cobra.Command, variables cveFlagVariables) {`
			`variables.searchCveParams["imageName"] = cveCmd.Flags().StringP("image", "I", "", "List CVEs by IMAGENAME[:TAG]")`
			`variables.searchCveParams["cveID"] = cveCmd.Flags().StringP("cve-id", "i", "", "List images affected by a CVE")`

			`cveCmd.Flags().StringVar(variables.servURL, "url", "", "Specify zot server URL if config-name is not mentioned")`
			cveCmd.Flags().StringVarP(variables.user, "user", "u", "", `User Credentials of `+
			`zot server in USERNAME:PASSWORD format`)
			`cveCmd.Flags().StringVarP(variables.outputFormat, "output", "o", "", "Specify output format [text/json/yaml]."+`
			`" JSON and YAML format return all info for CVEs")`

			`cveCmd.Flags().BoolVar(variables.fixedFlag, "fixed", false, "List tags which have fixed a CVE")`
			`}`

			`type cveFlagVariables struct {`
			`searchCveParams map[string]*string`
			`servURL *string`
			`user *string`
			`outputFormat *string`
			`fixedFlag *bool`
			`}`

			`func searchCve(searchConfig searchConfig) error {`
			`for _, searcher := range getCveSearchers() {`
			`found, err := searcher.search(searchConfig)`
			`if found {`
			`if err != nil {`
			`return err`
			`}`

			`return nil`
			`}`
			`}`

			`return zotErrors.ErrInvalidFlagsCombination`
			`}`