0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-23 22:27:35 -05:00
zot/pkg/extensions/search/search.md
LaurentiuNiculae f8a77bc42f
feat(search): update search pattern matching rules (#1257)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-03-22 10:31:53 -07:00

689 lines
15 KiB
Markdown

# `search`
`search` component provides efficient and enhanced registry search capabilities using graphQL backend.
| Supported queries | Input | Ouput | Description | graphQL query |
| --- | --- | --- | --- | --- |
| [Search images by digest](#search-images-by-digest) | digest | image list | Search all repositories in the registry and return list of images that matches given digest (manifest, config or layers) | ImageListForDigest |
| [Search images affected by a given CVE id](#search-images-affected-by-a-given-cve-id) | CVE id | image list | Search the entire registry and return list of images affected by given CVE | ImagesListForCVE |
| [List CVEs for a given image](#list-cves-of-given-image) | image | CVE list | Scan given image and return list of CVEs affecting the image | CVEListForImage |
| [List images not affected by a given CVE id](#list-images-not-affected-by-a-given-cve-id) | repository, CVE id | image list | Scan all images in a given repository and return list of latest (by date) images not affected by the given CVE |ImagesListWithCVEFixed|
| [Latest image from all repos](#list-the-latest-image-across-every-repository) | none | repo summary list | Return the latest image from all the repos in the registry | RepoListWithNewestImage |
| [List all images with expanded information for a given repository](#list-all-images-with-expanded-information-for-a-given-repository) | repository | repo info | List expanded repo information for all images in repo, alongisde a repo summary | ExpandedRepoInfo |
| [All images in repo](#all-images-in-repo) | repository | image list | Returns all images in the specified repo | ImageList |
| [Global search](#global-search) | query | image summary / repo summary / layer summary | Will return what's requested in the query argument | GlobalSearch |
| [Derived image list](#search-derived-images) | image | image list | Returns a list of images that depend on the image specified in the arg | DerivedImageList |
| [Base image list](#search-base-images) | image | image list | Returns a list of images that the specified image depends on | BaseImageList |
| [Get details of a specific image](#get-details-of-a-specific-image) | image | image summary | Returns details about a specific image | Image |
| [Get referrers of a specific image](#get-referrers-of-a-specific-image) | repo, digest, type | artifact manifests | Returns a list of artifacts of given type referring to a specific repo and digests | Referrers |
The examples below only include the GraphQL query without any additional details on how to send them to a server. They were made with the GraphQL playground from the debug binary. You can also use curl to make these queries, here's an example:
```bash
curl -X POST -H "Content-Type: application/json" --data '{ "query": "{ ImageListForCVE (id:\"CVE-2002-1119\") { Results { Name Tags } } }" }' http://localhost:8080/v2/_zot/ext/search
```
## List CVEs of given image
**Sample request**
```graphql
{
CVEListForImage(image: "centos:8", requestedPage: {limit: 1, offset:1, sortBy: SEVERITY}) {
Tag
Page {
TotalCount
ItemCount
}
CVEList {
Id
Title
Description
Severity
PackageList {
Name
InstalledVersion
FixedVersion
}
}
}
}
```
**Sample response**
```json
{
"data": {
"CVEListForImage": {
"Tag": "8",
"Page": {
"TotalCount": 292,
"ItemCount": 1
},
"CVEList": [
{
"Id": "CVE-2022-24407",
"Title": "cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands",
"Description": "In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.",
"Severity": "HIGH",
"PackageList": [
{
"Name": "cyrus-sasl-lib",
"InstalledVersion": "2.1.27-5.el8",
"FixedVersion": "2.1.27-6.el8_5"
}
]
}
]
}
}
}
```
## Search images affected by a given CVE id
**Sample request**
```graphql
{
ImageListForCVE(id: "CVE-2018-20651") {
Results{
RepoName
Tag
Digest
ConfigDigest
LastUpdated
IsSigned
Size
Platform {
Os
Arch
}
Vendor
DownloadCount
Licenses
Title
}
}
}
```
**Sample response**
```json
{
"data": {
"ImageListForCVE": [
{
"Results": {
"RepoName": "centos",
"Tag": "centos8",
"Digest": "sha256:ac0dc62b48b7f683b49365fecef3b1f4d99fbd249b762e99f13f74938d85a6c8",
"ConfigDigest": "sha256:98a5843635a2ccc7d72b269923a65721480de929f882143c6c0a0eb43f9a2869",
"LastUpdated": "2022-10-17T16:36:09.1751694+03:00",
"IsSigned": true,
"Size": "83545800",
"Platform": {
"Os": "linux",
"Arch": "amd64"
},
"Vendor": "[The CentOS Project](https://github.com/CentOS/sig-cloud-instance-images)\n",
"Score": null,
"DownloadCount": 0,
"Licenses": "View [license information](https://www.centos.org/legal/) for the software contained in this image.",
"Title": "centos"
},
}
]
}
}
```
## List images not affected by a given CVE id
**Sample request**
```graphql
{
ImageListWithCVEFixed(id: "CVE-2018-20651", image: "ubuntu") {
Results {
RepoName
Tag
Digest
ConfigDigest
LastUpdated
}
}
}
```
**Sample response**
```json
{
"data": {
"ImageListWithCVEFixed": [
{
"Results": {
"RepoName": "ubuntu",
"Tag": "latest",
"Digest": "sha256:650d596072ad45c6b74f4923e2cfea8158da2fb3a7b8dbb0b9ae4da3088d0591",
"ConfigDigest": "sha256:88eef892e29d5b11be933f13424ef885644a6a6978924fedfb51ba555278fe74",
"LastUpdated": "2022-10-25T01:53:41.769246372Z"
}
}
]
}
}
```
## Search images by digest
**Sample request**
```graphql
{
ImageListForDigest(
id: "5f34d0bb0261d32d0b0bc91024b7d4e98d94b08a49615e08c8a5a65bc3a7e09f"
) {
Results{
RepoName
Tag
Title
}
}
}
```
**Sample response**
```json
{
"data": {
"ImageListForDigest": [
{
"Results": {
"RepoName": "centos",
"Tag": "8",
"Title": "CentOS Base Image"
}
}
]
}
}
```
## List the latest image across every repository
**Sample request**
```graphql
{
RepoListWithNewestImage(requestedPage: {limit: 2, offset:0, sortBy: ALPHABETIC_ASC}) {
Page {
TotalCount
ItemCount
}
Results {
Name
LastUpdated
Size
Platforms {
Os
Arch
}
NewestImage {
Digest
Tag
}
}
}
}
```
**Sample response**
```json
{
"data": {
"RepoListWithNewestImage": {
"Page": {
"TotalCount": 30,
"ItemCount": 2
},
"Results": [
{
"Name": "mariadb",
"LastUpdated": "2022-10-18T14:56:33.1993083+03:00",
"Size": "124116964",
"Platforms": [
{
"Os": "linux",
"Arch": "amd64"
}
],
"NewestImage": {
"Digest": "sha256:49a299f5c4b1af5bc2aa6cf8e50ab5bad85db4d0095745369acfc1934ece99d0",
"Tag": "latest"
}
},
{
"Name": "tomcat",
"LastUpdated": "2022-10-18T14:55:13.8303866+03:00",
"Size": "311658063",
"Platforms": [
{
"Os": "linux",
"Arch": "amd64"
}
],
"NewestImage": {
"Digest": "sha256:bbc5a3912b568fbfb5912beaf25054f1f407c32a53acae29f19ad97485731a78",
"Tag": "jre17"
}
}
]
}
}
}
```
## All images in repo
**Sample request**
```graphql
{
ImageList (repo: "ubuntu") {
Results {
Tag
Digest
LastUpdated
Size
}
}
}
```
**Sample response**
```json
{
"data": {
"ImageList": [
{
"Results":
{
"Tag": "latest",
"Digest": "sha256:650d596072ad45c6b74f4923e2cfea8158da2fb3a7b8dbb0b9ae4da3088d0591",
"LastUpdated": "2022-10-25T01:53:41.769246372Z",
"Size": "30426374"
},
{
"Tag": "xenial",
"Digest": "sha256:34de800b5da88feb7723a87ecbbf238afb63dbfe0c828838e26ac7458bef0ac5",
"LastUpdated": "2021-08-31T01:21:30.672229355Z",
"Size": "46499103"
}
}
]
}
}
```
## List all images with expanded information for a given repository
**Sample request**
```graphql
{
ExpandedRepoInfo(repo: "ubuntu") {
Images {
Tag
Digest
}
Summary {
LastUpdated
Size
NewestImage {
Tag
LastUpdated
Digest
}
}
}
}
```
**Sample response**
```json
{
"data": {
"ExpandedRepoInfo": {
"Images": [
{
"Tag": "xenial",
"Digest": "sha256:34de800b5da88feb7723a87ecbbf238afb63dbfe0c828838e26ac7458bef0ac5"
},
{
"Tag": "latest",
"Digest": "sha256:650d596072ad45c6b74f4923e2cfea8158da2fb3a7b8dbb0b9ae4da3088d0591"
}
],
"Summary": {
"LastUpdated": "2022-10-25T01:53:41.769246372Z",
"Size": "76929691",
"NewestImage": {
"Tag": "latest",
"LastUpdated": "2022-10-25T01:53:41.769246372Z",
"Digest": "sha256:650d596072ad45c6b74f4923e2cfea8158da2fb3a7b8dbb0b9ae4da3088d0591"
}
}
}
}
}
```
## Global search
**Sample request**
```graphql
{
GlobalSearch(query: "ubuntu:latest") {
Page {
ItemCount
TotalCount
}
Images {
RepoName
Tag
LastUpdated
Layers {
Size
Digest
}
}
}
}
```
**Sample response**
```json
{
"data": {
"GlobalSearch": {
"Page": {
"ItemCount": 1,
"TotalCount": 1
},
"Images": [
{
"RepoName": "ubuntu",
"Tag": "latest",
"LastUpdated": "2022-10-14T18:26:59.6707939+03:00",
"Layers": [
{
"Size": "30428928",
"Digest": "sha256:cf92e523b49ea3d1fae59f5f082437a5f96c244fda6697995920142ff31d59cf"
}
]
}
]
}
}
}
```
**Sample request**
```graphql
{
GlobalSearch(query: "") {
Repos {
Name
}
}
}
```
**Sample response**
```json
{
"data": {
"GlobalSearch": {
"Repos": [
{
"Name": "centos"
},
{
"Name": "ubuntu"
}
]
}
}
}
```
## Search derived images
**Sample query**
```graphql
{
DerivedImageList(image: "ubuntu:latest", requestedPage: {offset: 0, limit: 10}) {
Page {
TotalCount
ItemCount
}
Results {
RepoName
Tag
LastUpdated
}
}
}
```
**Sample response**
```json
{
"data": {
"DerivedImageList": {
"Page": {
"TotalCount": 9,
"ItemCount": 9
},
"Results": [
{
"RepoName": "mariadb",
"Tag": "latest",
"LastUpdated": "2022-10-18T14:56:33.1993083+03:00"
},
{
"RepoName": "maven",
"Tag": "latest",
"LastUpdated": "2022-10-14T18:30:12.0929807+03:00"
},
{
"RepoName": "tomcat",
"Tag": "latest",
"LastUpdated": "2022-10-18T14:50:09.7229959+03:00"
},
{
"RepoName": "tomcat",
"Tag": "jre17",
"LastUpdated": "2022-10-18T14:55:13.8303866+03:00"
},
{
"RepoName": "tomcat",
"Tag": "jre17-temurin",
"LastUpdated": "2022-10-18T14:54:46.4133521+03:00"
},
{
"RepoName": "tomcat",
"Tag": "jre17-temurin-jammy",
"LastUpdated": "2022-10-18T14:51:12.235475+03:00"
}
]
}
}
}
```
## Search base images
**Sample query**
```graphql
{
BaseImageList(image: "mariadb:latest", requestedPage: {offset: 0, limit: 10}) {
Page {
TotalCount
ItemCount
}
Results {
RepoName
Tag
LastUpdated
}
}
}
```
**Sample response**
```json
{
"data": {
"BaseImageList": {
"Page": {
"TotalCount": 4,
"ItemCount": 4
},
"Results": [
{
"RepoName": "ubuntu",
"Tag": "jammy",
"LastUpdated": "2022-10-14T18:29:18.0325322+03:00"
},
{
"RepoName": "ubuntu",
"Tag": "jammy-20221003",
"LastUpdated": "2022-10-14T18:29:07.0004587+03:00"
},
{
"RepoName": "ubuntu",
"Tag": "latest",
"LastUpdated": "2022-10-14T18:26:59.6707939+03:00"
},
{
"RepoName": "ubuntu",
"Tag": "rolling",
"LastUpdated": "2022-10-14T18:27:21.2441356+03:00"
}
]
}
}
}
```
## Get details of a specific image
**Sample query**
```graphql
{
Image(image: "mariadb:latest") {
RepoName
Tag
LastUpdated
Digest
Description
}
}
```
**Sample response**
```json
{
"data": {
"Image": {
"RepoName": "mariadb",
"Tag": "latest",
"LastUpdated": "2022-10-18T14:56:33.1993083+03:00",
"Digest": "sha256:49a299f5c4b1af5bc2aa6cf8e50ab5bad85db4d0095745369acfc1934ece99d0",
"Description": "MariaDB Server is a high performing open source relational database, forked from MySQL."
}
}
}
```
## Get referrers of a specific image
**Sample query**
```graphql
{
Referrers(
repo: "golang"
digest: "sha256:fed08b0eaea00aab17f82ecbb78675919d216c72eea985581758191f694aeaf7"
type: "application/vnd.example.icecream.v1"
) {
MediaType
ArtifactType
Digest
Annotations {
Key
Value
}
}
}
```
**Sample response**
```json
{
"data": {
"Referrers": [
{
"MediaType": "application/vnd.oci.artifact.manifest.v1+json",
"ArtifactType": "application/vnd.example.icecream.v1",
"Digest": "sha256:be7a3d01c35a2cf53c502e9dc50cdf36b15d9361c81c63bf319f1d5cbe44ab7c",
"Annotations": [
{
"Key": "format",
"Value": "oci"
},
{
"Key": "demo",
"Value": "true"
}
]
},
{
"MediaType": "application/vnd.oci.artifact.manifest.v1+json",
"ArtifactType": "application/vnd.example.icecream.v1",
"Digest": "sha256:d9ad22f41d9cb9797c134401416eee2a70446cee1a8eb76fc6b191f4320dade2",
"Annotations": [
{
"Key": "demo",
"Value": "true"
},
{
"Key": "format",
"Value": "oci"
}
]
}
]
}
}
```