mirror of
https://github.com/project-zot/zot.git
synced 2024-12-16 21:56:37 -05:00
search/cve: fix log messages
This commit is contained in:
parent
d63f715fe5
commit
971404f6ee
2 changed files with 32 additions and 31 deletions
|
@ -23,13 +23,13 @@ import (
|
||||||
func UpdateCVEDb(dbDir string, log log.Logger) error {
|
func UpdateCVEDb(dbDir string, log log.Logger) error {
|
||||||
config, err := config.NewConfig(dbDir)
|
config, err := config.NewConfig(dbDir)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error().Err(err).Msg("Unable to get config")
|
log.Error().Err(err).Msg("unable to get config")
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
err = integration.RunTrivyDb(config.TrivyConfig)
|
err = integration.RunTrivyDb(config.TrivyConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error().Err(err).Msg("Unable to update DB ")
|
log.Error().Err(err).Msg("unable to update DB ")
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -48,7 +48,7 @@ func (cveinfo CveInfo) IsValidImageFormat(imagePath string) (bool, error) {
|
||||||
imageDir, inputTag := getImageDirAndTag(imagePath)
|
imageDir, inputTag := getImageDirAndTag(imagePath)
|
||||||
|
|
||||||
if !dirExists(imageDir) {
|
if !dirExists(imageDir) {
|
||||||
cveinfo.Log.Error().Msg("Image Directory not exists")
|
cveinfo.Log.Error().Msg("image directory doesn't exist")
|
||||||
|
|
||||||
return false, errors.ErrRepoNotFound
|
return false, errors.ErrRepoNotFound
|
||||||
}
|
}
|
||||||
|
@ -79,7 +79,7 @@ func (cveinfo CveInfo) IsValidImageFormat(imagePath string) (bool, error) {
|
||||||
return true, nil
|
return true, nil
|
||||||
|
|
||||||
default:
|
default:
|
||||||
cveinfo.Log.Debug().Msg("Image media type not supported for scanning")
|
cveinfo.Log.Debug().Msg("image media type not supported for scanning")
|
||||||
return false, errors.ErrScanNotSupported
|
return false, errors.ErrScanNotSupported
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -125,7 +125,7 @@ func (cveinfo CveInfo) GetImageTagsWithTimestamp(rootDir string, repo string) ([
|
||||||
manifests, err := cveinfo.getImageManifests(dir)
|
manifests, err := cveinfo.getImageManifests(dir)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
cveinfo.Log.Error().Err(err).Msg("Unable to read image manifests")
|
cveinfo.Log.Error().Err(err).Msg("unable to read image manifests")
|
||||||
|
|
||||||
return tagsInfo, err
|
return tagsInfo, err
|
||||||
}
|
}
|
||||||
|
@ -138,14 +138,14 @@ func (cveinfo CveInfo) GetImageTagsWithTimestamp(rootDir string, repo string) ([
|
||||||
imageBlobManifest, err := cveinfo.getImageBlobManifest(dir, digest)
|
imageBlobManifest, err := cveinfo.getImageBlobManifest(dir, digest)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
cveinfo.Log.Error().Err(err).Msg("Unable to read image blob manifest")
|
cveinfo.Log.Error().Err(err).Msg("unable to read image blob manifest")
|
||||||
|
|
||||||
return tagsInfo, err
|
return tagsInfo, err
|
||||||
}
|
}
|
||||||
|
|
||||||
imageInfo, err := cveinfo.getImageInfo(dir, imageBlobManifest.Config.Digest)
|
imageInfo, err := cveinfo.getImageInfo(dir, imageBlobManifest.Config.Digest)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
cveinfo.Log.Error().Err(err).Msg("Unable to read image info")
|
cveinfo.Log.Error().Err(err).Msg("unable to read image info")
|
||||||
|
|
||||||
return tagsInfo, err
|
return tagsInfo, err
|
||||||
}
|
}
|
||||||
|
@ -188,12 +188,12 @@ func (cveinfo CveInfo) getImageManifests(imagePath string) ([]ispec.Descriptor,
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if os.IsNotExist(err) {
|
if os.IsNotExist(err) {
|
||||||
cveinfo.Log.Error().Err(err).Msg("Index.json does not exist")
|
cveinfo.Log.Error().Err(err).Msg("index.json doesn't exist")
|
||||||
|
|
||||||
return nil, errors.ErrRepoNotFound
|
return nil, errors.ErrRepoNotFound
|
||||||
}
|
}
|
||||||
|
|
||||||
cveinfo.Log.Error().Err(err).Msg("Unable to open index.json")
|
cveinfo.Log.Error().Err(err).Msg("unable to open index.json")
|
||||||
|
|
||||||
return nil, errors.ErrRepoNotFound
|
return nil, errors.ErrRepoNotFound
|
||||||
}
|
}
|
||||||
|
@ -213,13 +213,13 @@ func (cveinfo CveInfo) getImageBlobManifest(imageDir string, digest godigest.Dig
|
||||||
|
|
||||||
blobBuf, err := ioutil.ReadFile(path.Join(imageDir, "blobs", digest.Algorithm().String(), digest.Encoded()))
|
blobBuf, err := ioutil.ReadFile(path.Join(imageDir, "blobs", digest.Algorithm().String(), digest.Encoded()))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
cveinfo.Log.Error().Err(err).Msg("Unable to open image Metadata file")
|
cveinfo.Log.Error().Err(err).Msg("unable to open image metadata file")
|
||||||
|
|
||||||
return blobIndex, err
|
return blobIndex, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := json.Unmarshal(blobBuf, &blobIndex); err != nil {
|
if err := json.Unmarshal(blobBuf, &blobIndex); err != nil {
|
||||||
cveinfo.Log.Error().Err(err).Msg("Unable to marshal blob index")
|
cveinfo.Log.Error().Err(err).Msg("unable to marshal blob index")
|
||||||
|
|
||||||
return blobIndex, err
|
return blobIndex, err
|
||||||
}
|
}
|
||||||
|
@ -232,13 +232,13 @@ func (cveinfo CveInfo) getImageInfo(imageDir string, hash v1.Hash) (ispec.Image,
|
||||||
|
|
||||||
blobBuf, err := ioutil.ReadFile(path.Join(imageDir, "blobs", hash.Algorithm, hash.Hex))
|
blobBuf, err := ioutil.ReadFile(path.Join(imageDir, "blobs", hash.Algorithm, hash.Hex))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
cveinfo.Log.Error().Err(err).Msg("Unable to open image Layers file")
|
cveinfo.Log.Error().Err(err).Msg("unable to open image layers file")
|
||||||
|
|
||||||
return imageInfo, err
|
return imageInfo, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := json.Unmarshal(blobBuf, &imageInfo); err != nil {
|
if err := json.Unmarshal(blobBuf, &imageInfo); err != nil {
|
||||||
cveinfo.Log.Error().Err(err).Msg("Unable to marshal blob index")
|
cveinfo.Log.Error().Err(err).Msg("unable to marshal blob index")
|
||||||
|
|
||||||
return imageInfo, err
|
return imageInfo, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -52,18 +52,18 @@ func GetResolverConfig(dir string, log log.Logger, imgstorage *storage.ImageStor
|
||||||
func (r *queryResolver) CVEListForImage(ctx context.Context, image string) (*CVEResultForImage, error) {
|
func (r *queryResolver) CVEListForImage(ctx context.Context, image string) (*CVEResultForImage, error) {
|
||||||
r.cveInfo.CveTrivyConfig.TrivyConfig.Input = path.Join(r.dir, image)
|
r.cveInfo.CveTrivyConfig.TrivyConfig.Input = path.Join(r.dir, image)
|
||||||
|
|
||||||
r.cveInfo.Log.Info().Str("Scanning Image", image).Msg("")
|
r.cveInfo.Log.Info().Str("image", image).Msg("scanning image")
|
||||||
|
|
||||||
isValidImage, err := r.cveInfo.IsValidImageFormat(r.cveInfo.CveTrivyConfig.TrivyConfig.Input)
|
isValidImage, err := r.cveInfo.IsValidImageFormat(r.cveInfo.CveTrivyConfig.TrivyConfig.Input)
|
||||||
if !isValidImage {
|
if !isValidImage {
|
||||||
r.cveInfo.Log.Debug().Msg("Image media type not supported for scanning")
|
r.cveInfo.Log.Debug().Str("image", image).Msg("image media type not supported for scanning")
|
||||||
|
|
||||||
return &CVEResultForImage{}, err
|
return &CVEResultForImage{}, err
|
||||||
}
|
}
|
||||||
|
|
||||||
cveResults, err := cveinfo.ScanImage(r.cveInfo.CveTrivyConfig)
|
cveResults, err := cveinfo.ScanImage(r.cveInfo.CveTrivyConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
r.cveInfo.Log.Error().Err(err).Msg("Error scanning image repository")
|
r.cveInfo.Log.Error().Err(err).Msg("unable to scan image repository")
|
||||||
|
|
||||||
return &CVEResultForImage{}, err
|
return &CVEResultForImage{}, err
|
||||||
}
|
}
|
||||||
|
@ -136,23 +136,23 @@ func (r *queryResolver) CVEListForImage(ctx context.Context, image string) (*CVE
|
||||||
func (r *queryResolver) ImageListForCve(ctx context.Context, id string) ([]*ImgResultForCve, error) {
|
func (r *queryResolver) ImageListForCve(ctx context.Context, id string) ([]*ImgResultForCve, error) {
|
||||||
cveResult := []*ImgResultForCve{}
|
cveResult := []*ImgResultForCve{}
|
||||||
|
|
||||||
r.cveInfo.Log.Info().Msg("Extracting Repositories")
|
r.cveInfo.Log.Info().Msg("extracting repositories")
|
||||||
|
|
||||||
repoList, err := r.imgStore.GetRepositories()
|
repoList, err := r.imgStore.GetRepositories()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
r.cveInfo.Log.Error().Err(err).Msg("Not able to search repositories")
|
r.cveInfo.Log.Error().Err(err).Msg("unable to search repositories")
|
||||||
|
|
||||||
return cveResult, err
|
return cveResult, err
|
||||||
}
|
}
|
||||||
|
|
||||||
r.cveInfo.Log.Info().Msg("Scanning each repository")
|
r.cveInfo.Log.Info().Msg("scanning each repository")
|
||||||
|
|
||||||
for _, repo := range repoList {
|
for _, repo := range repoList {
|
||||||
r.cveInfo.Log.Info().Str("Extracting list of tags available in image", repo).Msg("")
|
r.cveInfo.Log.Info().Str("repo", repo).Msg("extracting list of tags available in image repo")
|
||||||
|
|
||||||
tagList, err := r.imgStore.GetImageTags(repo)
|
tagList, err := r.imgStore.GetImageTags(repo)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
r.cveInfo.Log.Error().Err(err).Msg("Not able to get list of Image Tag")
|
r.cveInfo.Log.Error().Err(err).Msg("unable to get list of image tag")
|
||||||
}
|
}
|
||||||
|
|
||||||
var name string
|
var name string
|
||||||
|
@ -164,16 +164,16 @@ func (r *queryResolver) ImageListForCve(ctx context.Context, id string) ([]*ImgR
|
||||||
|
|
||||||
isValidImage, _ := r.cveInfo.IsValidImageFormat(r.cveInfo.CveTrivyConfig.TrivyConfig.Input)
|
isValidImage, _ := r.cveInfo.IsValidImageFormat(r.cveInfo.CveTrivyConfig.TrivyConfig.Input)
|
||||||
if !isValidImage {
|
if !isValidImage {
|
||||||
r.cveInfo.Log.Debug().Str("Image media type not supported for scanning", repo)
|
r.cveInfo.Log.Debug().Str("image", repo+":"+tag).Msg("image media type not supported for scanning")
|
||||||
|
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
r.cveInfo.Log.Info().Str("Scanning Image", path.Join(r.dir, repo+":"+tag)).Msg("")
|
r.cveInfo.Log.Info().Str("image", repo+":"+tag).Msg("scanning image")
|
||||||
|
|
||||||
results, err := cveinfo.ScanImage(r.cveInfo.CveTrivyConfig)
|
results, err := cveinfo.ScanImage(r.cveInfo.CveTrivyConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
r.cveInfo.Log.Error().Err(err).Str("Error scanning image", repo+":"+tag)
|
r.cveInfo.Log.Error().Err(err).Str("image", repo+":"+tag).Msg("unable to scan image")
|
||||||
|
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
@ -203,11 +203,11 @@ func (r *queryResolver) ImageListForCve(ctx context.Context, id string) ([]*ImgR
|
||||||
func (r *queryResolver) ImageListWithCVEFixed(ctx context.Context, id string, image string) (*ImgResultForFixedCve, error) { // nolint: lll
|
func (r *queryResolver) ImageListWithCVEFixed(ctx context.Context, id string, image string) (*ImgResultForFixedCve, error) { // nolint: lll
|
||||||
imgResultForFixedCVE := &ImgResultForFixedCve{}
|
imgResultForFixedCVE := &ImgResultForFixedCve{}
|
||||||
|
|
||||||
r.cveInfo.Log.Info().Str("Extracting list of tags available in image", image).Msg("")
|
r.cveInfo.Log.Info().Str("image", image).Msg("extracting list of tags available in image")
|
||||||
|
|
||||||
tagsInfo, err := r.cveInfo.GetImageTagsWithTimestamp(r.dir, image)
|
tagsInfo, err := r.cveInfo.GetImageTagsWithTimestamp(r.dir, image)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
r.cveInfo.Log.Error().Err(err).Msg("Error while readling image tags")
|
r.cveInfo.Log.Error().Err(err).Msg("unable to read image tags")
|
||||||
|
|
||||||
return imgResultForFixedCVE, err
|
return imgResultForFixedCVE, err
|
||||||
}
|
}
|
||||||
|
@ -221,18 +221,19 @@ func (r *queryResolver) ImageListWithCVEFixed(ctx context.Context, id string, im
|
||||||
|
|
||||||
isValidImage, _ := r.cveInfo.IsValidImageFormat(r.cveInfo.CveTrivyConfig.TrivyConfig.Input)
|
isValidImage, _ := r.cveInfo.IsValidImageFormat(r.cveInfo.CveTrivyConfig.TrivyConfig.Input)
|
||||||
if !isValidImage {
|
if !isValidImage {
|
||||||
r.cveInfo.Log.Debug().Msg("Image media type not supported for scanning, adding as a infected image")
|
r.cveInfo.Log.Debug().Str("image",
|
||||||
|
image+":"+tag.Name).Msg("image media type not supported for scanning, adding as an infected image")
|
||||||
|
|
||||||
infectedTags = append(infectedTags, cveinfo.TagInfo{Name: tag.Name, Timestamp: tag.Timestamp})
|
infectedTags = append(infectedTags, cveinfo.TagInfo{Name: tag.Name, Timestamp: tag.Timestamp})
|
||||||
|
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
r.cveInfo.Log.Info().Str("Scanning image", path.Join(r.dir, image+":"+tag.Name)).Msg("")
|
r.cveInfo.Log.Info().Str("image", image+":"+tag.Name).Msg("scanning image")
|
||||||
|
|
||||||
results, err := cveinfo.ScanImage(r.cveInfo.CveTrivyConfig)
|
results, err := cveinfo.ScanImage(r.cveInfo.CveTrivyConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
r.cveInfo.Log.Error().Err(err).Str("Error scanning image", image+":"+tag.Name).Msg("")
|
r.cveInfo.Log.Error().Err(err).Str("image", image+":"+tag.Name).Msg("unable to scan image")
|
||||||
|
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
@ -257,13 +258,13 @@ func (r *queryResolver) ImageListWithCVEFixed(ctx context.Context, id string, im
|
||||||
var finalTagList []*TagInfo
|
var finalTagList []*TagInfo
|
||||||
|
|
||||||
if len(infectedTags) != 0 {
|
if len(infectedTags) != 0 {
|
||||||
r.cveInfo.Log.Info().Msg("Comparing fixed tags timestamp")
|
r.cveInfo.Log.Info().Msg("comparing fixed tags timestamp")
|
||||||
|
|
||||||
fixedTags := cveinfo.GetFixedTags(tagsInfo, infectedTags)
|
fixedTags := cveinfo.GetFixedTags(tagsInfo, infectedTags)
|
||||||
|
|
||||||
finalTagList = getGraphqlCompatibleTags(fixedTags)
|
finalTagList = getGraphqlCompatibleTags(fixedTags)
|
||||||
} else {
|
} else {
|
||||||
r.cveInfo.Log.Info().Msg("Input image does not contain any tag that have given cve")
|
r.cveInfo.Log.Info().Str("image", image).Str("cve-id", id).Msg("image does not contain any tag that have given cve")
|
||||||
|
|
||||||
finalTagList = getGraphqlCompatibleTags(tagsInfo)
|
finalTagList = getGraphqlCompatibleTags(tagsInfo)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue