From 48f0a4680f3b26f33ed335bc82710d254b82f3da Mon Sep 17 00:00:00 2001 From: Alex Goodman Date: Wed, 5 Oct 2022 16:29:05 -0400 Subject: [PATCH 1/5] fix apkdb checksum representation (#1247) Signed-off-by: Alex Goodman Signed-off-by: Alex Goodman --- syft/pkg/cataloger/apkdb/parse_apk_db.go | 25 +++- syft/pkg/cataloger/apkdb/parse_apk_db_test.go | 107 +++++++++++------- 2 files changed, 90 insertions(+), 42 deletions(-) diff --git a/syft/pkg/cataloger/apkdb/parse_apk_db.go b/syft/pkg/cataloger/apkdb/parse_apk_db.go index 95433fda408..25503b7caf3 100644 --- a/syft/pkg/cataloger/apkdb/parse_apk_db.go +++ b/syft/pkg/cataloger/apkdb/parse_apk_db.go @@ -134,10 +134,7 @@ func parseApkDBEntry(reader io.Reader) (*pkg.ApkMetadata, error) { log.Warnf("checksum field with no parent record: %q", value) continue } - fileRecord.Digest = &file.Digest{ - Algorithm: "sha1", - Value: value, - } + fileRecord.Digest = processChecksum(value) case "I", "S": // coerce to integer iVal, err := strconv.Atoi(value) @@ -161,3 +158,23 @@ func parseApkDBEntry(reader io.Reader) (*pkg.ApkMetadata, error) { return &entry, nil } + +func processChecksum(value string) *file.Digest { + // from: https://wiki.alpinelinux.org/wiki/Apk_spec + // The package checksum field is the SHA1 hash of the second gzip stream (control stream) in the package. The + // binary hash digest is base64 encoded. This is prefixed with Q1 to differentiate it from the MD5 hashes + // used in older index formats. It is not possible to compute this checksum with standard command line tools + // but the apk-tools can compute it in their index operation. + + // based on https://github.com/alpinelinux/apk-tools/blob/dd1908f2fc20b4cfe2c15c55fafaa5fadfb599dc/src/blob.c#L379-L393 + // it seems that the old md5 checksum value was only the hex representation (not base64) + algorithm := "md5" + if strings.HasPrefix(value, "Q1") { + algorithm = "'Q1'+base64(sha1)" + } + + return &file.Digest{ + Algorithm: algorithm, + Value: value, + } +} diff --git a/syft/pkg/cataloger/apkdb/parse_apk_db_test.go b/syft/pkg/cataloger/apkdb/parse_apk_db_test.go index 6b914747581..3f8845f1338 100644 --- a/syft/pkg/cataloger/apkdb/parse_apk_db_test.go +++ b/syft/pkg/cataloger/apkdb/parse_apk_db_test.go @@ -6,6 +6,7 @@ import ( "testing" "github.com/go-test/deep" + "github.com/stretchr/testify/assert" "github.com/anchore/syft/syft/file" "github.com/anchore/syft/syft/pkg" @@ -41,7 +42,7 @@ func TestExtraFileAttributes(t *testing.T) { OwnerGID: "0", Permissions: "755", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1M0C9qfC/+kdRiOodeihG2GMRtkE=", }, }, @@ -110,7 +111,7 @@ func TestSinglePackageDetails(t *testing.T) { OwnerGID: "0", Permissions: "755", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1Kja2+POZKxEkUOZqwSjC6kmaED4=", }, }, @@ -126,7 +127,7 @@ func TestSinglePackageDetails(t *testing.T) { OwnerGID: "0", Permissions: "755", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1CVmFbdY+Hv6/jAHl1gec2Kbx1EY=", }, }, @@ -136,7 +137,7 @@ func TestSinglePackageDetails(t *testing.T) { OwnerGID: "0", Permissions: "755", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1yFAhGggmL7ERgbIA7KQxyTzf3ks=", }, }, @@ -146,7 +147,7 @@ func TestSinglePackageDetails(t *testing.T) { OwnerGID: "0", Permissions: "755", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1dAdYK8M/INibRQF5B3Rw7cmNDDA=", }, }, @@ -156,7 +157,7 @@ func TestSinglePackageDetails(t *testing.T) { OwnerGID: "0", Permissions: "755", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1eR2Dz/WylabgbWMTkd2+hGmEya4=", }, }, @@ -195,49 +196,49 @@ func TestSinglePackageDetails(t *testing.T) { { Path: "/etc/fstab", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q11Q7hNe8QpDS531guqCdrXBzoA/o=", }, }, { Path: "/etc/group", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1oJ16xWudgKOrXIEquEDzlF2Lsm4=", }, }, { Path: "/etc/hostname", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q16nVwYVXP/tChvUPdukVD2ifXOmc=", }, }, { Path: "/etc/hosts", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1BD6zJKZTRWyqGnPi4tSfd3krsMU=", }, }, { Path: "/etc/inittab", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1TsthbhW7QzWRe1E/NKwTOuD4pHc=", }, }, { Path: "/etc/modules", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1toogjUipHGcMgECgPJX64SwUT1M=", }, }, { Path: "/etc/motd", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1XmduVVNURHQ27TvYp1Lr5TMtFcA=", }, }, @@ -247,35 +248,35 @@ func TestSinglePackageDetails(t *testing.T) { OwnerGID: "0", Permissions: "777", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1kiljhXXH1LlQroHsEJIkPZg2eiw=", }, }, { Path: "/etc/passwd", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1TchuuLUfur0izvfZQZxgN/LJhB8=", }, }, { Path: "/etc/profile", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1KpFb8kl5LvwXWlY3e58FNsjrI34=", }, }, { Path: "/etc/protocols", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q13FqXUnvuOpMDrH/6rehxuYAEE34=", }, }, { Path: "/etc/services", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1C6HJNgQvLWqt5VY+n7MZJ1rsDuY=", }, }, @@ -285,21 +286,21 @@ func TestSinglePackageDetails(t *testing.T) { OwnerGID: "42", Permissions: "640", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1ltrPIAW2zHeDiajsex2Bdmq3uqA=", }, }, { Path: "/etc/shells", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1ojm2YdpCJ6B/apGDaZ/Sdb2xJkA=", }, }, { Path: "/etc/sysctl.conf", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q14upz3tfnNxZkIEsUhWn7Xoiw96g=", }, }, @@ -318,7 +319,7 @@ func TestSinglePackageDetails(t *testing.T) { OwnerGID: "0", Permissions: "600", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1vfk1apUWI4yLJGhhNRd0kJixfvY=", }, }, @@ -331,28 +332,28 @@ func TestSinglePackageDetails(t *testing.T) { { Path: "/etc/modprobe.d/aliases.conf", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1WUbh6TBYNVK7e4Y+uUvLs/7viqk=", }, }, { Path: "/etc/modprobe.d/blacklist.conf", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1xxYGU6S6TLQvb7ervPrWWwAWqMg=", }, }, { Path: "/etc/modprobe.d/i386.conf", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1pnay/njn6ol9cCssL7KiZZ8etlc=", }, }, { Path: "/etc/modprobe.d/kms.conf", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1ynbLn3GYDpvajba/ldp1niayeog=", }, }, @@ -401,14 +402,14 @@ func TestSinglePackageDetails(t *testing.T) { { Path: "/etc/profile.d/color_prompt", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q10wL23GuSCVfumMRgakabUI6EsSk=", }, }, { Path: "/etc/profile.d/locale", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1R4bIEpnKxxOSrlnZy9AoawqZ5DU=", }, }, @@ -436,7 +437,7 @@ func TestSinglePackageDetails(t *testing.T) { { Path: "/lib/sysctl.d/00-alpine.conf", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1HpElzW1xEgmKfERtTy7oommnq6c=", }, }, @@ -479,7 +480,7 @@ func TestSinglePackageDetails(t *testing.T) { OwnerGID: "0", Permissions: "755", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1YeuSmC7iDbEWrusPzA/zUQF6YSg=", }, }, @@ -537,7 +538,7 @@ func TestSinglePackageDetails(t *testing.T) { OwnerGID: "0", Permissions: "777", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q11/SNZz/8cK2dSKK+cJpVrZIuF4Q=", }, }, @@ -586,7 +587,7 @@ func TestSinglePackageDetails(t *testing.T) { OwnerGID: "0", Permissions: "777", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1dzbdazYZA2nTzSIG3YyNw7d4Juc=", }, }, @@ -599,7 +600,7 @@ func TestSinglePackageDetails(t *testing.T) { OwnerGID: "0", Permissions: "777", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1OFZt+ZMp7j0Gny0rqSKuWJyqYmA=", }, }, @@ -704,7 +705,7 @@ func TestMultiplePackages(t *testing.T) { OwnerGID: "0", Permissions: "755", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1Kja2+POZKxEkUOZqwSjC6kmaED4=", }, }, @@ -720,7 +721,7 @@ func TestMultiplePackages(t *testing.T) { OwnerGID: "0", Permissions: "755", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1CVmFbdY+Hv6/jAHl1gec2Kbx1EY=", }, }, @@ -730,7 +731,7 @@ func TestMultiplePackages(t *testing.T) { OwnerGID: "0", Permissions: "755", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1yFAhGggmL7ERgbIA7KQxyTzf3ks=", }, }, @@ -740,7 +741,7 @@ func TestMultiplePackages(t *testing.T) { OwnerGID: "0", Permissions: "755", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1dAdYK8M/INibRQF5B3Rw7cmNDDA=", }, }, @@ -750,7 +751,7 @@ func TestMultiplePackages(t *testing.T) { OwnerGID: "0", Permissions: "755", Digest: &file.Digest{ - Algorithm: "sha1", + Algorithm: "'Q1'+base64(sha1)", Value: "Q1eR2Dz/WylabgbWMTkd2+hGmEya4=", }, }, @@ -795,3 +796,33 @@ func TestMultiplePackages(t *testing.T) { }) } } + +func Test_processChecksum(t *testing.T) { + tests := []struct { + name string + value string + want file.Digest + }{ + { + name: "md5", + value: "38870ede8700535d7382ff66a46fcc2f", + want: file.Digest{ + Algorithm: "md5", + Value: "38870ede8700535d7382ff66a46fcc2f", + }, + }, + { + name: "sha1", + value: "Q1Kja2+POZKxEkUOZqwSjC6kmaED4=", + want: file.Digest{ + Algorithm: "'Q1'+base64(sha1)", + Value: "Q1Kja2+POZKxEkUOZqwSjC6kmaED4=", + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + assert.Equal(t, &tt.want, processChecksum(tt.value)) + }) + } +} From 58504d5bf35b60fe068de50df42865990aee617b Mon Sep 17 00:00:00 2001 From: "anchore-actions-token-generator[bot]" <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com> Date: Thu, 6 Oct 2022 08:38:36 +0000 Subject: [PATCH 2/5] Update syft bootstrap tools to latest versions. (#1244) Co-authored-by: spiffcs --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 45e558e25b1..66342195e31 100644 --- a/Makefile +++ b/Makefile @@ -7,7 +7,7 @@ LINTCMD = $(TEMPDIR)/golangci-lint run --tests=false --timeout=5m --config .gola GOIMPORTS_CMD = $(TEMPDIR)/gosimports -local github.com/anchore RELEASE_CMD=$(TEMPDIR)/goreleaser release --rm-dist SNAPSHOT_CMD=$(RELEASE_CMD) --skip-publish --snapshot -GOLANGCILINT_VERSION = v1.49.0 +GOLANGCILINT_VERSION = v1.50.0 GOSIMPORTS_VERSION = v0.3.2 BOUNCER_VERSION = v0.4.0 CHRONICLE_VERSION = v0.4.1 From 71187c64163c9d5fbc66fe5b7765ea1968548ce3 Mon Sep 17 00:00:00 2001 From: "anchore-actions-token-generator[bot]" <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com> Date: Thu, 6 Oct 2022 22:04:49 -0400 Subject: [PATCH 3/5] Update Stereoscope to d24c9d626b33fa720210b007a20767801827b532 (#1253) Co-authored-by: westonsteimel --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index f0774e29290..e2ba61f577c 100644 --- a/go.mod +++ b/go.mod @@ -55,7 +55,7 @@ require ( require ( github.com/Masterminds/sprig/v3 v3.2.2 - github.com/anchore/stereoscope v0.0.0-20221003160521-1b1b744a9199 + github.com/anchore/stereoscope v0.0.0-20221006201143-d24c9d626b33 github.com/docker/docker v20.10.17+incompatible github.com/google/go-containerregistry v0.11.0 github.com/in-toto/in-toto-golang v0.3.4-0.20220709202702-fa494aaa0add @@ -244,7 +244,7 @@ require ( github.com/spiffe/go-spiffe/v2 v2.1.1 // indirect github.com/stretchr/objx v0.4.0 // indirect github.com/subosito/gotenv v1.4.1 // indirect - github.com/sylabs/sif/v2 v2.7.2 // indirect + github.com/sylabs/sif/v2 v2.8.1 // indirect github.com/sylabs/squashfs v0.6.1 // indirect github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613 // indirect diff --git a/go.sum b/go.sum index 2233e76f459..f3ba187a068 100644 --- a/go.sum +++ b/go.sum @@ -280,8 +280,8 @@ github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b h1:e1bmaoJfZV github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E= github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7 h1:kDrYkTSM9uIxaX/P9s0F4nKYNM+hnSgLJdLpqvsaQ/g= github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4= -github.com/anchore/stereoscope v0.0.0-20221003160521-1b1b744a9199 h1:zu3mg03wtd61AHcs01jkCJXDuWt8iakBcXVRFXq+BJo= -github.com/anchore/stereoscope v0.0.0-20221003160521-1b1b744a9199/go.mod h1:Hz5LBtvtCz3boYC8SsVPMj4btxJb9/AOSmBV8ypjEfY= +github.com/anchore/stereoscope v0.0.0-20221006201143-d24c9d626b33 h1:Y+9aMJMTEMH+kJJFEaxqrF6X1t9CkjpWjOzaCo1q5vM= +github.com/anchore/stereoscope v0.0.0-20221006201143-d24c9d626b33/go.mod h1:WOWtswyDxLkBnizq9LihYa9uw88r1FhBvJo7g//Ljcc= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= @@ -1887,8 +1887,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs= github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= -github.com/sylabs/sif/v2 v2.7.2 h1:eCxtl2ub9fPfrO7g2JPagn6HKDhv+Kl92Jz6+ww2Y1Q= -github.com/sylabs/sif/v2 v2.7.2/go.mod h1:LQOdYXC9a8i7BleTKRw9lohi0rTbXkJOeS9u0ebvgyM= +github.com/sylabs/sif/v2 v2.8.1 h1:whr4Vz12RXfLnYyVGHoD/rD/hbF2g9OW7BJHa+WIqW8= +github.com/sylabs/sif/v2 v2.8.1/go.mod h1:LQOdYXC9a8i7BleTKRw9lohi0rTbXkJOeS9u0ebvgyM= github.com/sylabs/squashfs v0.6.1 h1:4hgvHnD9JGlYWwT0bPYNt9zaz23mAV3Js+VEgQoRGYQ= github.com/sylabs/squashfs v0.6.1/go.mod h1:ZwpbPCj0ocIvMy2br6KZmix6Gzh6fsGQcCnydMF+Kx8= github.com/sylvia7788/contextcheck v1.0.4/go.mod h1:vuPKJMQ7MQ91ZTqfdyreNKwZjyUg6KO+IebVyQDedZQ= From d89e320dcd3c63e25ac83bc63d78c49c9a88f10f Mon Sep 17 00:00:00 2001 From: "anchore-actions-token-generator[bot]" <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com> Date: Fri, 7 Oct 2022 13:54:42 -0400 Subject: [PATCH 4/5] Update syft bootstrap tools to latest versions. (#1254) --- Makefile | 2 +- go.mod | 44 +++++++++++++------------- go.sum | 95 ++++++++++++++++++++++++++++---------------------------- 3 files changed, 71 insertions(+), 70 deletions(-) diff --git a/Makefile b/Makefile index 66342195e31..8026f494fe8 100644 --- a/Makefile +++ b/Makefile @@ -13,7 +13,7 @@ BOUNCER_VERSION = v0.4.0 CHRONICLE_VERSION = v0.4.1 GORELEASER_VERSION = v1.11.5 YAJSV_VERSION = v1.4.1 -COSIGN_VERSION = v1.12.1 +COSIGN_VERSION = v1.13.0 # formatting variables BOLD := $(shell tput -T linux bold) diff --git a/go.mod b/go.mod index e2ba61f577c..32c702771e2 100644 --- a/go.mod +++ b/go.mod @@ -62,9 +62,9 @@ require ( github.com/knqyf263/go-rpmdb v0.0.0-20220629110411-9a3bd2ebb923 github.com/opencontainers/go-digest v1.0.0 github.com/sassoftware/go-rpmutils v0.2.0 - github.com/sigstore/cosign v1.12.1 + github.com/sigstore/cosign v1.13.0 github.com/sigstore/rekor v0.12.1-0.20220915152154-4bb6f441c1b2 - github.com/sigstore/sigstore v1.4.1 + github.com/sigstore/sigstore v1.4.2 github.com/vbatts/go-mtree v0.5.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -99,20 +99,20 @@ require ( github.com/alibabacloud-go/tea-xml v1.1.2 // indirect github.com/aliyun/credentials-go v1.2.3 // indirect github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect - github.com/aws/aws-sdk-go-v2 v1.16.14 // indirect - github.com/aws/aws-sdk-go-v2/config v1.17.5 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.12.18 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.15 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.21 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.15 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.3.22 // indirect + github.com/aws/aws-sdk-go-v2 v1.16.16 // indirect + github.com/aws/aws-sdk-go-v2/config v1.17.7 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.12.20 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.17 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.23 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.17 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.3.24 // indirect github.com/aws/aws-sdk-go-v2/service/ecr v1.15.0 // indirect github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.12.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.15 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.11.21 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.3 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.16.17 // indirect - github.com/aws/smithy-go v1.13.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.17 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.11.23 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.5 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.16.19 // indirect + github.com/aws/smithy-go v1.13.3 // indirect github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220517224237-e6f29200ae04 // indirect github.com/benbjohnson/clock v1.1.0 // indirect github.com/beorn7/perks v1.0.1 // indirect @@ -184,7 +184,7 @@ require ( github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.2 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-retryablehttp v0.7.1 // indirect @@ -236,7 +236,7 @@ require ( github.com/segmentio/ksuid v1.0.4 // indirect github.com/shibumi/go-pathspec v1.3.0 // indirect github.com/shopspring/decimal v1.2.0 // indirect - github.com/sigstore/fulcio v0.5.3 // indirect + github.com/sigstore/fulcio v0.6.0 // indirect github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect github.com/soheilhy/cmux v0.1.5 // indirect github.com/spf13/cast v1.5.0 // indirect @@ -250,7 +250,7 @@ require ( github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613 // indirect github.com/thales-e-security/pool v0.0.2 // indirect github.com/therootcompany/xz v1.0.1 // indirect - github.com/theupdateframework/go-tuf v0.5.0 // indirect + github.com/theupdateframework/go-tuf v0.5.1-0.20220920170306-f237d7ca5b42 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect github.com/tjfoc/gmsm v1.3.2 // indirect github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 // indirect @@ -291,16 +291,16 @@ require ( go.uber.org/multierr v1.8.0 // indirect go.uber.org/zap v1.23.0 // indirect golang.org/x/exp v0.0.0-20220823124025-807a23277127 // indirect - golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 // indirect + golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 // indirect golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect - golang.org/x/sys v0.0.0-20220907062415-87db552b00fd // indirect + golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8 // indirect golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b // indirect golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect golang.org/x/tools v0.1.12 // indirect golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect - google.golang.org/api v0.96.0 // indirect + google.golang.org/api v0.98.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20220805133916-01dd62135a58 // indirect + google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006 // indirect google.golang.org/grpc v1.49.0 // indirect google.golang.org/protobuf v1.28.1 // indirect gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect @@ -335,7 +335,7 @@ require ( // go: warning: github.com/andybalholm/brotli@v1.0.1: retracted by module author: occasional panics and data corruption github.com/andybalholm/brotli v1.0.4 // indirect github.com/pkg/errors v0.9.1 // indirect - golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 // indirect + golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0 // indirect ) retract ( diff --git a/go.sum b/go.sum index f3ba187a068..bdb30270218 100644 --- a/go.sum +++ b/go.sum @@ -331,26 +331,26 @@ github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zK github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/aws/aws-sdk-go-v2 v1.7.1/go.mod h1:L5LuPC1ZgDr2xQS7AmIec/Jlc7O/Y1u2KxJyNVab250= github.com/aws/aws-sdk-go-v2 v1.14.0/go.mod h1:ZA3Y8V0LrlWj63MQAnRHgKf/5QB//LSZCPNWlWrNGLU= -github.com/aws/aws-sdk-go-v2 v1.16.14 h1:db6GvO4Z2UqHt5gvT0lr6J5x5P+oQ7bdRzczVaRekMU= -github.com/aws/aws-sdk-go-v2 v1.16.14/go.mod h1:s/G+UV29dECbF5rf+RNj1xhlmvoNurGSr+McVSRj59w= +github.com/aws/aws-sdk-go-v2 v1.16.16 h1:M1fj4FE2lB4NzRb9Y0xdWsn2P0+2UHVxwKyOa4YJNjk= +github.com/aws/aws-sdk-go-v2 v1.16.16/go.mod h1:SwiyXi/1zTUZ6KIAmLK5V5ll8SiURNUYOqTerZPaF9k= github.com/aws/aws-sdk-go-v2/config v1.5.0/go.mod h1:RWlPOAW3E3tbtNAqTwvSW54Of/yP3oiZXMI0xfUdjyA= -github.com/aws/aws-sdk-go-v2/config v1.17.5 h1:+NS1BWvprx7nHcIk5o32LrZgifs/7Pm1V2nWjQgZ2H0= -github.com/aws/aws-sdk-go-v2/config v1.17.5/go.mod h1:H0cvPNDO3uExWts/9PDhD/0ne2esu1uaIulwn1vkwxM= +github.com/aws/aws-sdk-go-v2/config v1.17.7 h1:odVM52tFHhpqZBKNjVW5h+Zt1tKHbhdTQRb+0WHrNtw= +github.com/aws/aws-sdk-go-v2/config v1.17.7/go.mod h1:dN2gja/QXxFF15hQreyrqYhLBaQo1d9ZKe/v/uplQoI= github.com/aws/aws-sdk-go-v2/credentials v1.3.1/go.mod h1:r0n73xwsIVagq8RsxmZbGSRQFj9As3je72C2WzUIToc= -github.com/aws/aws-sdk-go-v2/credentials v1.12.18 h1:HF62tbhARhgLfvmfwUbL9qZ+dkbZYzbFdxBb3l5gr7Q= -github.com/aws/aws-sdk-go-v2/credentials v1.12.18/go.mod h1:O7n/CPagQ33rfG6h7vR/W02ammuc5CrsSM22cNZp9so= +github.com/aws/aws-sdk-go-v2/credentials v1.12.20 h1:9+ZhlDY7N9dPnUmf7CDfW9In4sW5Ff3bh7oy4DzS1IE= +github.com/aws/aws-sdk-go-v2/credentials v1.12.20/go.mod h1:UKY5HyIux08bbNA7Blv4PcXQ8cTkGh7ghHMFklaviR4= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.3.0/go.mod h1:2LAuqPx1I6jNfaGDucWfA2zqQCYCOMCDHiCOciALyNw= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.15 h1:nkQ+aI0OCeYfzrBipL6ja/6VEbUnHQoZHBHtoK+Nzxw= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.15/go.mod h1:Oz2/qWINxIgSmoZT9adpxJy2UhpcOAI3TIyWgYMVSz0= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.17 h1:r08j4sbZu/RVi+BNxkBJwPMUYY3P8mgSDuKkZ/ZN1lE= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.17/go.mod h1:yIkQcCDYNsZfXpd5UX2Cy+sWA1jPgIhGTw9cOBzfVnQ= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.5/go.mod h1:2hXc8ooJqF2nAznsbJQIn+7h851/bu8GVC80OVTTqf8= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.21 h1:gRIXnmAVNyoRQywdNtpAkgY+f30QNzgF53Q5OobNZZs= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.21/go.mod h1:XsmHMV9c512xgsW01q7H0ut+UQQQpWX8QsFbdLHDwaU= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.23 h1:s4g/wnzMf+qepSNgTvaQQHNxyMLKSawNhKCPNy++2xY= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.23/go.mod h1:2DFxAQ9pfIRy0imBCJv+vZ2X6RKxves6fbnEuSry6b4= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.3.0/go.mod h1:miRSv9l093jX/t/j+mBCaLqFHo9xKYzJ7DGm1BsGoJM= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.15 h1:noAhOo2mMDyYhTx99aYPvQw16T3fQ/DiKAv9fzpIKH8= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.15/go.mod h1:kjJ4CyD9M3Wq88GYg3IPfj67Rs0Uvz8aXK7MJ8BvE4I= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.17 h1:/K482T5A3623WJgWT8w1yRAFK4RzGzEl7y39yhtn9eA= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.17/go.mod h1:pRwaTYCJemADaqCbUAxltMoHKata7hmB5PjEXeu0kfg= github.com/aws/aws-sdk-go-v2/internal/ini v1.1.1/go.mod h1:Zy8smImhTdOETZqfyn01iNOe0CNggVbPjCajyaz6Gvg= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.22 h1:nF+E8HfYpOMw6M5oA9efB602VC00IHNQnB5CmFvZPvA= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.22/go.mod h1:tltHVGy977LrSOgRR5aV9+miyno/Gul/uJNPKS7FzP4= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.24 h1:wj5Rwc05hvUSvKuOF29IYb9QrCLjU+rHAy/x/o0DK2c= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.24/go.mod h1:jULHjqqjDlbyTa7pfM7WICATnOv+iOhjletM3N0Xbu8= github.com/aws/aws-sdk-go-v2/service/ecr v1.4.1/go.mod h1:FglZcyeiBqcbvyinl+n14aT/EWC7S1MIH+Gan2iizt0= github.com/aws/aws-sdk-go-v2/service/ecr v1.15.0 h1:lY2Z2sBP+zSbJ6CvvmnFgPcgknoQ0OJV88AwVetRRFk= github.com/aws/aws-sdk-go-v2/service/ecr v1.15.0/go.mod h1:4zYI85WiYDhFaU1jPFVfkD7HlBcdnITDE3QxDwy4Kus= @@ -358,21 +358,21 @@ github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.4.1/go.mod h1:eD5Eo4drVP2FLTw0 github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.12.0 h1:LsqBpyRofMG6eDs6YGud6FhdGyIyXelAasPOZ6wWLro= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.12.0/go.mod h1:IArQ3IBR00FkuraKwudKZZU32OxJfdTdwV+W5iZh3Y4= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.2.1/go.mod h1:zceowr5Z1Nh2WVP8bf/3ikB41IZW59E4yIYbg+pC6mw= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.15 h1:xlf0J6DUgAj/ocvKQxCmad8Bu1lJuRbt5Wu+4G1xw1g= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.15/go.mod h1:ZVJ7ejRl4+tkWMuCwjXoy0jd8fF5u3RCyWjSVjUIvQE= -github.com/aws/aws-sdk-go-v2/service/kms v1.18.9 h1:BPMcM9DZdpQKWQ8WSXla36mpm+5YgVqP7pLF+W7TEe0= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.17 h1:Jrd/oMh0PKQc6+BowB+pLEwLIgaQF29eYbe7E1Av9Ug= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.17/go.mod h1:4nYOrY41Lrbk2170/BGkcJKBhws9Pfn8MG3aGqjjeFI= +github.com/aws/aws-sdk-go-v2/service/kms v1.18.10 h1:rl0vxqQ/DFZZMLk9+FLgIuiE/GwMPoI5BeoCkkM2DA4= github.com/aws/aws-sdk-go-v2/service/sso v1.3.1/go.mod h1:J3A3RGUvuCZjvSuZEcOpHDnzZP/sKbhDWV2T1EOzFIM= -github.com/aws/aws-sdk-go-v2/service/sso v1.11.21 h1:7jUFr+7F4MzIjCZzy7ygRtXFQcQ0kAbT0gUvtUeAdyU= -github.com/aws/aws-sdk-go-v2/service/sso v1.11.21/go.mod h1:q8nYq51W3gpZempYsAD83fPRlrOTMCwN+Ahg4BKFTXQ= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.3 h1:UTTPNP3/WzZa7hoHP3Szb/Yl0bM3NoBrf5ABy1OArUM= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.3/go.mod h1:+IF75RMJh0+zqTGXGshyEGRsU2ImqWv6UuHGkHl6kEo= +github.com/aws/aws-sdk-go-v2/service/sso v1.11.23 h1:pwvCchFUEnlceKIgPUouBJwK81aCkQ8UDMORfeFtW10= +github.com/aws/aws-sdk-go-v2/service/sso v1.11.23/go.mod h1:/w0eg9IhFGjGyyncHIQrXtU8wvNsTJOP0R6PPj0wf80= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.5 h1:GUnZ62TevLqIoDyHeiWj2P7EqaosgakBKVvWriIdLQY= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.5/go.mod h1:csZuQY65DAdFBt1oIjO5hhBR49kQqop4+lcuCjf2arA= github.com/aws/aws-sdk-go-v2/service/sts v1.6.0/go.mod h1:q7o0j7d7HrJk/vr9uUt3BVRASvcU7gYZB9PUgPiByXg= -github.com/aws/aws-sdk-go-v2/service/sts v1.16.17 h1:LVM2jzEQ8mhb2dhrFl4PJ3sa5+KcKT01dsMk2Ma9/FU= -github.com/aws/aws-sdk-go-v2/service/sts v1.16.17/go.mod h1:bQujK1n0V1D1Gz5uII1jaB1WDvhj4/T3tElsJnVXCR0= +github.com/aws/aws-sdk-go-v2/service/sts v1.16.19 h1:9pPi0PsFNAGILFfPCk8Y0iyEBGc6lu6OQ97U7hmdesg= +github.com/aws/aws-sdk-go-v2/service/sts v1.16.19/go.mod h1:h4J3oPZQbxLhzGnk+j9dfYHi5qIOVJ5kczZd658/ydM= github.com/aws/smithy-go v1.6.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= github.com/aws/smithy-go v1.11.0/go.mod h1:3xHYmszWVx2c0kIwQeEVf9uSm4fYZt67FBJnwub1bgM= -github.com/aws/smithy-go v1.13.2 h1:TBLKyeJfXTrTXRHmsv4qWt9IQGYyWThLYaJWSahTOGE= -github.com/aws/smithy-go v1.13.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= +github.com/aws/smithy-go v1.13.3 h1:l7LYxGuzK6/K+NzJ2mC+VvLUbae0sL3bXU//04MkmnA= +github.com/aws/smithy-go v1.13.3/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220517224237-e6f29200ae04 h1:p2I85zYI9z5/c/3Q0LiO3RtNXcmXHTtJfml/hV16zNg= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220517224237-e6f29200ae04/go.mod h1:Z+bXnIbhKJYSvxNwsNnwde7pDKxuqlEZCbUBoTwAqf0= github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= @@ -1068,8 +1068,8 @@ github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pf github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM= github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM= -github.com/googleapis/gax-go/v2 v2.4.0 h1:dS9eYAjhrE2RjmzYw2XAPvcXfmcQLtFEQWn0CR82awk= github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= +github.com/googleapis/gax-go/v2 v2.5.1 h1:kBRZU0PSuI7PspsSb/ChWoVResUcwNVIdpB049pKTiw= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= github.com/googleapis/gnostic v0.5.5 h1:9fHAtK0uDfpveeqqo1hkEZJcFvYXAiCN3UutL8F9xHw= @@ -1127,8 +1127,8 @@ github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4G github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.2 h1:BqHID5W5qnMkug0Z8UmL8tN0gAy4jQ+B4WFt8cCgluU= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.2/go.mod h1:ZbS3MZTZq/apAfAEHGoB5HbsQQstoqP92SjAqtQ9zeg= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 h1:lLT7ZLSzGLI08vc9cpd+tYmNWjdKDqyr/2L+f6U12Fk= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= github.com/hashicorp/consul/api v1.10.1/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M= @@ -1186,8 +1186,8 @@ github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2p github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk= -github.com/hashicorp/vault/api v1.7.2 h1:kawHE7s/4xwrdKbkmwQi0wYaIeUhk5ueek7ljuezCVQ= -github.com/hashicorp/vault/sdk v0.5.3 h1:PWY8sq/9pRrK9vUIy75qCH2Jd8oeENAgkaa/qbhzFrs= +github.com/hashicorp/vault/api v1.8.0 h1:7765sW1XBt+qf4XKIYE4ebY9qc/yi9V2/egzGSUNMZU= +github.com/hashicorp/vault/sdk v0.6.0 h1:6Z+In5DXHiUfZvIZdMx7e2loL1PPyDjA4bVh9ZTIAhs= github.com/hashicorp/yamux v0.1.0 h1:DzDIF6Sd7GD2sX0kDFpHAsJMY4L+OfTvtuaQsOYXxzk= github.com/honeycombio/beeline-go v1.1.1 h1:sU8r4ae34uEL3/CguSl8Mr+Asz9DL1nfH9Wwk85Pc7U= github.com/honeycombio/libhoney-go v1.15.2 h1:5NGcjOxZZma13dmzNcl3OtGbF1hECA0XHJNHEb2t2ck= @@ -1774,14 +1774,14 @@ github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFR github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sigstore/cosign v1.12.1 h1:GgzIS+Ikdyx1MTh8S2pREUcaD/bSxYXxLeyY6Dl+I9Q= -github.com/sigstore/cosign v1.12.1/go.mod h1:8sOfWG332VGdFJBud/LPgwC/HGx6eoKr8LIFRDKcUk0= -github.com/sigstore/fulcio v0.5.3 h1:fwdl2BHv1RjL3GJJ44T+tPsvmQ028zv54psxVhSwUGA= -github.com/sigstore/fulcio v0.5.3/go.mod h1:4yzMqOao6r9Nul1Dgt4LL7loKdkkgbDemLYrXUuAc+Y= +github.com/sigstore/cosign v1.13.0 h1:K0a0RIVRd+ZF9yYhdEa/cD8jqZu3pLP+PSnExaz5/zw= +github.com/sigstore/cosign v1.13.0/go.mod h1:skm4FeAWJOH/dznlNBSQ2R8TMdyPNutfA6Uc37Qwgsg= +github.com/sigstore/fulcio v0.6.0 h1:YNfnGm9EjYPlzHiPDcIVhslYj846jkPtHQH+FTKNncw= +github.com/sigstore/fulcio v0.6.0/go.mod h1:lwxzHDYYQ0lVVWqaj68ZQNkcP847aoF7AIa7ra9rRqA= github.com/sigstore/rekor v0.12.1-0.20220915152154-4bb6f441c1b2 h1:LD8LcwygdD2DxaINWwbkaUEBAknr205wmn66/N05s7c= github.com/sigstore/rekor v0.12.1-0.20220915152154-4bb6f441c1b2/go.mod h1:C/jZ3EZywl/Kew48fGMWQoh+1LxOMk0BkP3DHmtB+8M= -github.com/sigstore/sigstore v1.4.1 h1:e/tfXseQRymIjgiykskciGrp75AZVCfYokZ2r9tg5vw= -github.com/sigstore/sigstore v1.4.1/go.mod h1:4+s4d6oTDdoQkf5lwpZBoOlWWV+hXhur1my9WdN5PjU= +github.com/sigstore/sigstore v1.4.2 h1:fTppzuZBAmQ/skgl7FWJRLyby70pxCqJGKyWfkSuMR8= +github.com/sigstore/sigstore v1.4.2/go.mod h1:wCv58Fia7u1snVJyPcxdgIh/3uw1XdOLhxPExTwwyt4= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= @@ -1908,8 +1908,8 @@ github.com/thales-e-security/pool v0.0.2 h1:RAPs4q2EbWsTit6tpzuvTFlgFRJ3S8Evf5gt github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= github.com/therootcompany/xz v1.0.1 h1:CmOtsn1CbtmyYiusbfmhmkpAAETj0wBIH6kCYaX+xzw= github.com/therootcompany/xz v1.0.1/go.mod h1:3K3UH1yCKgBneZYhuQUvJ9HPD19UEXEI0BWbMn8qNMY= -github.com/theupdateframework/go-tuf v0.5.0 h1:aQ7i9CBw4q9QEZifCaW6G8qGQwoN23XGaZkOA+F50z4= -github.com/theupdateframework/go-tuf v0.5.0/go.mod h1:vAqWV3zEs89byeFsAYoh/Q14vJTgJkHwnnRCWBBBINY= +github.com/theupdateframework/go-tuf v0.5.1-0.20220920170306-f237d7ca5b42 h1:6XOcL5aU3UGndqoDyG/NM2y0/Piin2x5zt/pew4tR1w= +github.com/theupdateframework/go-tuf v0.5.1-0.20220920170306-f237d7ca5b42/go.mod h1:vAqWV3zEs89byeFsAYoh/Q14vJTgJkHwnnRCWBBBINY= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= github.com/timakin/bodyclose v0.0.0-20200424151742-cb6215831a94/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= @@ -2217,8 +2217,8 @@ golang.org/x/crypto v0.0.0-20220131195533-30dcbda58838/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM= -golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0 h1:a5Yg6ylndHHYJqIPrdq0AhvR6KTvDTAvgBtaidhEevY= +golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -2371,8 +2371,9 @@ golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= -golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 h1:2o1E+E8TpNLklK9nHiPiK1uzIYrIHt+cQx3ynCwq9V8= golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 h1:lxqLZaMad/dJHMFZH0NiNpiEZI/nhgWhe4wgzpE+MuA= +golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2538,8 +2539,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220907062415-87db552b00fd h1:AZeIEzg+8RCELJYq8w+ODLVxFgLMMigSwO/ffKPEd9U= -golang.org/x/sys v0.0.0-20220907062415-87db552b00fd/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8 h1:h+EGohizhe9XlX18rfpa8k8RAc5XyaeamM+0VHRd4lc= +golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -2754,8 +2755,8 @@ google.golang.org/api v0.77.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69 google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw= google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg= google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o= -google.golang.org/api v0.96.0 h1:F60cuQPJq7K7FzsxMYHAUJSiXh2oKctHxBMbDygxhfM= -google.golang.org/api v0.96.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= +google.golang.org/api v0.98.0 h1:yxZrcxXESimy6r6mdL5Q6EnZwmewDJK2dVg3g75s5Dg= +google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -2880,8 +2881,8 @@ google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= -google.golang.org/genproto v0.0.0-20220805133916-01dd62135a58 h1:sRT5xdTkj1Kbk30qbYC7VyMj73N5pZYsw6v+Nrzdhno= -google.golang.org/genproto v0.0.0-20220805133916-01dd62135a58/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc= +google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006 h1:mmbq5q8M1t7dhkLw320YK4PsOXm6jdnUAkErImaIqOg= +google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006/go.mod h1:ht8XFiar2npT/g4vkk7O0WYS1sHOHbdujxbEp7CJWbw= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= From 780e1c310cdfb145bd59d5fdde3f61d6eb65056b Mon Sep 17 00:00:00 2001 From: Keith Zantow Date: Mon, 10 Oct 2022 16:16:47 -0400 Subject: [PATCH 5/5] refactor: Remove experimental Anchore Enterprise upload functionality (#1257) --- README.md | 22 - cmd/syft/cli/options/packages.go | 64 +-- cmd/syft/cli/packages/packages.go | 59 --- go.mod | 2 - go.sum | 3 - internal/anchore/client.go | 115 ------ internal/anchore/client_test.go | 210 ---------- internal/anchore/import.go | 145 ------- internal/anchore/import_config.go | 50 --- internal/anchore/import_config_test.go | 129 ------ internal/anchore/import_dockerfile.go | 42 -- internal/anchore/import_dockerfile_test.go | 123 ------ internal/anchore/import_manifest.go | 50 --- internal/anchore/import_manifest_test.go | 129 ------ internal/anchore/import_package_sbom.go | 119 ------ internal/anchore/import_package_sbom_test.go | 398 ------------------- internal/config/anchore.go | 21 - internal/config/application.go | 9 - test/cli/packages_cmd_test.go | 42 -- 19 files changed, 7 insertions(+), 1725 deletions(-) delete mode 100644 internal/anchore/client.go delete mode 100644 internal/anchore/client_test.go delete mode 100644 internal/anchore/import.go delete mode 100644 internal/anchore/import_config.go delete mode 100644 internal/anchore/import_config_test.go delete mode 100644 internal/anchore/import_dockerfile.go delete mode 100644 internal/anchore/import_dockerfile_test.go delete mode 100644 internal/anchore/import_manifest.go delete mode 100644 internal/anchore/import_manifest_test.go delete mode 100644 internal/anchore/import_package_sbom.go delete mode 100644 internal/anchore/import_package_sbom_test.go delete mode 100644 internal/config/anchore.go diff --git a/README.md b/README.md index 235285ef8a4..cd09cf40733 100644 --- a/README.md +++ b/README.md @@ -610,28 +610,6 @@ log: # location to write the log file (default is not to have a log file) # same as SYFT_LOG_FILE env var file: "" - -# uploading package SBOM is exposed through the packages subcommand -anchore: - # (feature-preview) the Anchore Enterprise Host or URL to upload results to (supported on Enterprise 3.0+) - # same as -H ; SYFT_ANCHORE_HOST env var - host: "" - - # (feature-preview) the path after the host to the Anchore External API (supported on Enterprise 3.0+) - # same as SYFT_ANCHORE_PATH env var - path: "" - - # (feature-preview) the username to authenticate against Anchore Enterprise (supported on Enterprise 3.0+) - # same as -u ; SYFT_ANCHORE_USERNAME env var - username: "" - - # (feature-preview) the password to authenticate against Anchore Enterprise (supported on Enterprise 3.0+) - # same as -p ; SYFT_ANCHORE_PASSWORD env var - password: "" - - # (feature-preview) path to dockerfile to be uploaded with the syft results to Anchore Enterprise (supported on Enterprise 3.0+) - # same as -d ; SYFT_ANCHORE_DOCKERFILE env var - dockerfile: "" ``` ### Adding an SBOM to an image as an attestation using Syft diff --git a/cmd/syft/cli/options/packages.go b/cmd/syft/cli/options/packages.go index d6783bf6f27..08ff362b21a 100644 --- a/cmd/syft/cli/options/packages.go +++ b/cmd/syft/cli/options/packages.go @@ -14,19 +14,13 @@ import ( ) type PackagesOptions struct { - Scope string - Output []string - OutputTemplatePath string - File string - Platform string - Host string - Username string - Password string - Dockerfile string - Exclude []string - OverwriteExistingImage bool - ImportTimeout uint - Catalogers []string + Scope string + Output []string + OutputTemplatePath string + File string + Platform string + Exclude []string + Catalogers []string } var _ Interface = (*PackagesOptions)(nil) @@ -47,30 +41,12 @@ func (o *PackagesOptions) AddFlags(cmd *cobra.Command, v *viper.Viper) error { cmd.Flags().StringVarP(&o.Platform, "platform", "", "", "an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux')") - cmd.Flags().StringVarP(&o.Host, "host", "H", "", - "the hostname or URL of the Anchore Enterprise instance to upload to") - - cmd.Flags().StringVarP(&o.Username, "username", "u", "", - "the username to authenticate against Anchore Enterprise") - - cmd.Flags().StringVarP(&o.Password, "password", "p", "", - "the password to authenticate against Anchore Enterprise") - - cmd.Flags().StringVarP(&o.Dockerfile, "dockerfile", "d", "", - "include dockerfile for upload to Anchore Enterprise") - cmd.Flags().StringArrayVarP(&o.Exclude, "exclude", "", nil, "exclude paths from being scanned using a glob expression") cmd.Flags().StringArrayVarP(&o.Catalogers, "catalogers", "", nil, "enable one or more package catalogers") - cmd.Flags().BoolVarP(&o.OverwriteExistingImage, "overwrite-existing-image", "", false, - "overwrite an existing image during the upload to Anchore Enterprise") - - cmd.Flags().UintVarP(&o.ImportTimeout, "import-timeout", "", 30, - "set a timeout duration (in seconds) for the upload to Anchore Enterprise") - return bindPackageConfigOptions(cmd.Flags(), v) } @@ -105,31 +81,5 @@ func bindPackageConfigOptions(flags *pflag.FlagSet, v *viper.Viper) error { return err } - // Upload options ////////////////////////////////////////////////////////// - - if err := v.BindPFlag("anchore.host", flags.Lookup("host")); err != nil { - return err - } - - if err := v.BindPFlag("anchore.username", flags.Lookup("username")); err != nil { - return err - } - - if err := v.BindPFlag("anchore.password", flags.Lookup("password")); err != nil { - return err - } - - if err := v.BindPFlag("anchore.dockerfile", flags.Lookup("dockerfile")); err != nil { - return err - } - - if err := v.BindPFlag("anchore.overwrite-existing-image", flags.Lookup("overwrite-existing-image")); err != nil { - return err - } - - if err := v.BindPFlag("anchore.import-timeout", flags.Lookup("import-timeout")); err != nil { - return err - } - return nil } diff --git a/cmd/syft/cli/packages/packages.go b/cmd/syft/cli/packages/packages.go index 40681b944db..72bea0c78d2 100644 --- a/cmd/syft/cli/packages/packages.go +++ b/cmd/syft/cli/packages/packages.go @@ -3,8 +3,6 @@ package packages import ( "context" "fmt" - "io" - "os" "github.com/wagoodman/go-partybus" @@ -12,7 +10,6 @@ import ( "github.com/anchore/syft/cmd/syft/cli/eventloop" "github.com/anchore/syft/cmd/syft/cli/options" "github.com/anchore/syft/internal" - "github.com/anchore/syft/internal/anchore" "github.com/anchore/syft/internal/bus" "github.com/anchore/syft/internal/config" "github.com/anchore/syft/internal/log" @@ -88,13 +85,6 @@ func execWorker(app *config.Application, si source.Input, writer sbom.Writer) <- errs <- fmt.Errorf("no SBOM produced for %q", si.UserInput) } - if app.Anchore.Host != "" { - if err := runPackageSbomUpload(src, *s, app); err != nil { - errs <- err - return - } - } - bus.Publish(partybus.Event{ Type: event.Exit, Value: func() error { return writer.Write(*s) }, @@ -144,55 +134,6 @@ func MergeRelationships(cs ...<-chan artifact.Relationship) (relationships []art return relationships } -func runPackageSbomUpload(src *source.Source, s sbom.SBOM, app *config.Application) error { - log.Infof("uploading results to %s", app.Anchore.Host) - - if src.Metadata.Scheme != source.ImageScheme { - return fmt.Errorf("unable to upload results: only images are supported") - } - - var dockerfileContents []byte - if app.Anchore.Dockerfile != "" { - if _, err := os.Stat(app.Anchore.Dockerfile); os.IsNotExist(err) { - return fmt.Errorf("unable dockerfile=%q does not exist: %w", app.Anchore.Dockerfile, err) - } - - fh, err := os.Open(app.Anchore.Dockerfile) - if err != nil { - return fmt.Errorf("unable to open dockerfile=%q: %w", app.Anchore.Dockerfile, err) - } - - dockerfileContents, err = io.ReadAll(fh) - if err != nil { - return fmt.Errorf("unable to read dockerfile=%q: %w", app.Anchore.Dockerfile, err) - } - } - - c, err := anchore.NewClient(anchore.Configuration{ - BaseURL: app.Anchore.Host, - Username: app.Anchore.Username, - Password: app.Anchore.Password, - }) - - if err != nil { - return fmt.Errorf("failed to create anchore client: %w", err) - } - - importCfg := anchore.ImportConfig{ - ImageMetadata: src.Image.Metadata, - SBOM: s, - Dockerfile: dockerfileContents, - OverwriteExistingUpload: app.Anchore.OverwriteExistingImage, - Timeout: app.Anchore.ImportTimeout, - } - - if err := c.Import(context.Background(), importCfg); err != nil { - return fmt.Errorf("failed to upload results to host=%s: %+v", app.Anchore.Host, err) - } - - return nil -} - func validateOutputOptions(app *config.Application) error { var usesTemplateOutput bool for _, o := range app.Outputs { diff --git a/go.mod b/go.mod index 32c702771e2..7fd5b91ab85 100644 --- a/go.mod +++ b/go.mod @@ -8,12 +8,10 @@ require ( github.com/acobaugh/osrelease v0.1.0 github.com/adrg/xdg v0.3.3 github.com/alecthomas/jsonschema v0.0.0-20210301060011-54c507b6f074 - github.com/anchore/client-go v0.0.0-20210222170800-9c70f9b80bcf github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7 - github.com/antihax/optional v1.0.0 github.com/bmatcuk/doublestar/v4 v4.0.2 github.com/dustin/go-humanize v1.0.0 github.com/facebookincubator/nvdtools v0.1.4 diff --git a/go.sum b/go.sum index bdb30270218..42e92c903a1 100644 --- a/go.sum +++ b/go.sum @@ -270,8 +270,6 @@ github.com/alibabacloud-go/tea-xml v1.1.2/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCE github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw= github.com/aliyun/credentials-go v1.2.3 h1:Vmodnr52Rz1mcbwn0kzMhLRKb6soizewuKXdfZiNemU= github.com/aliyun/credentials-go v1.2.3/go.mod h1:/KowD1cfGSLrLsH28Jr8W+xwoId0ywIy5lNzDz6O1vw= -github.com/anchore/client-go v0.0.0-20210222170800-9c70f9b80bcf h1:DYssiUV1pBmKqzKsm4mqXx8artqC0Q8HgZsVI3lMsAg= -github.com/anchore/client-go v0.0.0-20210222170800-9c70f9b80bcf/go.mod h1:FaODhIA06mxO1E6R32JE0TL1JWZZkmjRIAd4ULvHUKk= github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb h1:iDMnx6LIjtjZ46C0akqveX83WFzhpTD3eqOthawb5vU= github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb/go.mod h1:DmTY2Mfcv38hsHbG78xMiTDdxFtkHpgYNVDPsF2TgHk= github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 h1:VzprUTpc0vW0nnNKJfJieyH/TZ9UYAnTZs5/gHTdAe8= @@ -290,7 +288,6 @@ github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= -github.com/antihax/optional v1.0.0 h1:xK2lYat7ZLaVVcIuj82J8kIro4V6kDe0AUDFboUCwcg= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= github.com/apache/beam v2.28.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= diff --git a/internal/anchore/client.go b/internal/anchore/client.go deleted file mode 100644 index b048fcdcaa3..00000000000 --- a/internal/anchore/client.go +++ /dev/null @@ -1,115 +0,0 @@ -package anchore - -import ( - "context" - "errors" - "fmt" - "path" - "strings" - "unicode" - - "github.com/anchore/client-go/pkg/external" - "github.com/anchore/syft/internal" - "github.com/anchore/syft/internal/version" -) - -type Configuration struct { - BaseURL string - Username string - Password string - UserAgent string -} - -type Client struct { - config Configuration - client *external.APIClient -} - -func NewClient(cfg Configuration) (*Client, error) { - if cfg.UserAgent == "" { - versionInfo := version.FromBuild() - // format: product / product-version comment - cfg.UserAgent = fmt.Sprintf("%s / %s %s", internal.ApplicationName, versionInfo.Version, versionInfo.Platform) - } - - baseURL, err := prepareBaseURLForClient(cfg.BaseURL) - if err != nil { - return nil, fmt.Errorf("unable to create client: %w", err) - } - - return &Client{ - config: cfg, - client: external.NewAPIClient(&external.Configuration{ - BasePath: baseURL, - UserAgent: cfg.UserAgent, - }), - }, nil -} - -func (c *Client) newRequestContext(parentContext context.Context) context.Context { - if parentContext == nil { - parentContext = context.Background() - } - return context.WithValue( - parentContext, - external.ContextBasicAuth, - external.BasicAuth{ - UserName: c.config.Username, - Password: c.config.Password, - }, - ) -} - -var ErrInvalidBaseURLInput = errors.New("invalid base URL input") - -func prepareBaseURLForClient(baseURL string) (string, error) { - if err := checkBaseURLInput(baseURL); err != nil { - return "", err - } - - scheme, urlWithoutScheme := splitSchemeFromURL(baseURL) - - if scheme == "" { - scheme = "http" - } - - urlWithoutScheme = path.Clean(urlWithoutScheme) - - const requiredSuffix = "v1" - if path.Base(urlWithoutScheme) != requiredSuffix { - urlWithoutScheme = path.Join(urlWithoutScheme, requiredSuffix) - } - - preparedBaseURL := scheme + "://" + urlWithoutScheme - return preparedBaseURL, nil -} - -func checkBaseURLInput(url string) error { - if url == "" { - return ErrInvalidBaseURLInput - } - - firstCharacter := rune(url[0]) - if !(unicode.IsLetter(firstCharacter)) { - return ErrInvalidBaseURLInput - } - - return nil -} - -func splitSchemeFromURL(url string) (scheme, urlWithoutScheme string) { - if hasScheme(url) { - urlParts := strings.SplitN(url, "://", 2) - scheme = urlParts[0] - urlWithoutScheme = urlParts[1] - return - } - - return "", url -} - -func hasScheme(url string) bool { - parts := strings.Split(url, "://") - - return len(parts) > 1 -} diff --git a/internal/anchore/client_test.go b/internal/anchore/client_test.go deleted file mode 100644 index fc07ce70827..00000000000 --- a/internal/anchore/client_test.go +++ /dev/null @@ -1,210 +0,0 @@ -package anchore - -import "testing" - -func TestHasScheme(t *testing.T) { - cases := []struct { - url string - expected bool - }{ - { - url: "http://localhost", - expected: true, - }, - { - url: "https://anchore.com:8443", - expected: true, - }, - { - url: "google.com", - expected: false, - }, - { - url: "", - expected: false, - }, - } - - for _, testCase := range cases { - t.Run(testCase.url, func(t *testing.T) { - result := hasScheme(testCase.url) - - if testCase.expected != result { - t.Errorf("expected %t but got %t", testCase.expected, result) - } - }) - } -} - -func TestPrepareBaseURLForClient(t *testing.T) { - cases := []struct { - inputURL string - expectedURL string - expectedErr error - }{ - { - inputURL: "", - expectedURL: "", - expectedErr: ErrInvalidBaseURLInput, - }, - { - inputURL: "localhost", - expectedURL: "http://localhost/v1", - expectedErr: nil, - }, - { - inputURL: "https://localhost", - expectedURL: "https://localhost/v1", - expectedErr: nil, - }, - { - inputURL: "https://localhost/", - expectedURL: "https://localhost/v1", - expectedErr: nil, - }, - { - inputURL: "https://localhost/v1/", - expectedURL: "https://localhost/v1", - expectedErr: nil, - }, - { - inputURL: "https://localhost/v1//", - expectedURL: "https://localhost/v1", - expectedErr: nil, - }, - { - inputURL: "http://something.com/platform/v1/services/anchore", - expectedURL: "http://something.com/platform/v1/services/anchore/v1", - expectedErr: nil, - }, - { - inputURL: "my-host:8228", - expectedURL: "http://my-host:8228/v1", - expectedErr: nil, - }, - { - inputURL: "v1/v1", - expectedURL: "http://v1/v1", - expectedErr: nil, - }, - { - inputURL: "/v1", - expectedURL: "", - expectedErr: ErrInvalidBaseURLInput, - }, - { - inputURL: "/imports/images", - expectedURL: "", - expectedErr: ErrInvalidBaseURLInput, - }, - } - - for _, testCase := range cases { - t.Run(testCase.inputURL, func(t *testing.T) { - resultURL, err := prepareBaseURLForClient(testCase.inputURL) - if err != testCase.expectedErr { - t.Errorf("expected err to be '%v' but got '%v'", testCase.expectedErr, err) - } - - if resultURL != testCase.expectedURL { - t.Errorf("expected URL to be '%v' but got '%v'", testCase.expectedURL, resultURL) - } - }) - } -} - -func TestCheckBaseURLInput(t *testing.T) { - cases := []struct { - input string - expected error - }{ - { - input: "", - expected: ErrInvalidBaseURLInput, - }, - { - input: "x", - expected: nil, - }, - { - input: "localhost:8000", - expected: nil, - }, - { - input: ":80", - expected: ErrInvalidBaseURLInput, - }, - { - input: "/v1", - expected: ErrInvalidBaseURLInput, - }, - } - - for _, testCase := range cases { - t.Run(testCase.input, func(t *testing.T) { - resultErr := checkBaseURLInput(testCase.input) - - if testCase.expected != resultErr { - t.Errorf("expected err to be '%v' but got '%v'", testCase.expected, resultErr) - } - }) - } -} - -func TestSplitSchemeFromURL(t *testing.T) { - cases := []struct { - input string - expectedScheme string - expectedURLWithoutScheme string - }{ - { - input: "", - expectedScheme: "", - expectedURLWithoutScheme: "", - }, - { - input: "localhost", - expectedScheme: "", - expectedURLWithoutScheme: "localhost", - }, - { - input: "https://anchore.com/path", - expectedScheme: "https", - expectedURLWithoutScheme: "anchore.com/path", - }, - { - input: "tcp://host:1234", - expectedScheme: "tcp", - expectedURLWithoutScheme: "host:1234", - }, - { - input: "/hello", - expectedScheme: "", - expectedURLWithoutScheme: "/hello", - }, - { - input: "://host", - expectedScheme: "", - expectedURLWithoutScheme: "host", - }, - { - input: "http//localhost", - expectedScheme: "", - expectedURLWithoutScheme: "http//localhost", - }, - } - - for _, testCase := range cases { - t.Run(testCase.input, func(t *testing.T) { - resultScheme, resultURLWithoutScheme := splitSchemeFromURL(testCase.input) - - if testCase.expectedScheme != resultScheme { - t.Errorf("expected scheme to be '%s' but got '%s'", testCase.expectedScheme, resultScheme) - } - - if testCase.expectedURLWithoutScheme != resultURLWithoutScheme { - t.Errorf("expected urlWithoutScheme to be '%s' but got '%s'", testCase.expectedURLWithoutScheme, resultURLWithoutScheme) - } - }) - } -} diff --git a/internal/anchore/import.go b/internal/anchore/import.go deleted file mode 100644 index e3459a26f08..00000000000 --- a/internal/anchore/import.go +++ /dev/null @@ -1,145 +0,0 @@ -package anchore - -import ( - "context" - "errors" - "fmt" - "time" - - "github.com/antihax/optional" - "github.com/wagoodman/go-partybus" - "github.com/wagoodman/go-progress" - - "github.com/anchore/client-go/pkg/external" - "github.com/anchore/stereoscope/pkg/image" - "github.com/anchore/syft/internal/bus" - "github.com/anchore/syft/syft/event" - "github.com/anchore/syft/syft/sbom" -) - -type ImportConfig struct { - ImageMetadata image.Metadata - SBOM sbom.SBOM - Dockerfile []byte - OverwriteExistingUpload bool - Timeout uint -} - -func importProgress(source string) (*progress.Stage, *progress.Manual) { - stage := &progress.Stage{} - prog := &progress.Manual{ - // this is the number of stages to expect; start + individual endpoints + stop - Total: 6, - } - bus.Publish(partybus.Event{ - Type: event.ImportStarted, - Source: source, - Value: progress.StagedProgressable(&struct { - progress.Stager - progress.Progressable - }{ - Stager: progress.Stager(stage), - Progressable: prog, - }), - }) - - return stage, prog -} - -//nolint:funlen -func (c *Client) Import(ctx context.Context, cfg ImportConfig) error { - stage, prog := importProgress(c.config.BaseURL) - - timeout := time.Duration(cfg.Timeout) * time.Second - ctxWithTimeout, cancel := context.WithTimeout(ctx, timeout) - defer cancel() - - authedCtx := c.newRequestContext(ctxWithTimeout) - - stage.Current = "starting session" - startOperation, createResponse, err := c.client.ImportsApi.CreateOperation(authedCtx) - if err != nil { - var detail = "no details given" - var openAPIErr external.GenericOpenAPIError - if errors.As(err, &openAPIErr) { - detail = string(openAPIErr.Body()) - } - return fmt.Errorf("unable to start import session: %w: %s", err, detail) - } - defer createResponse.Body.Close() - - prog.N++ - sessionID := startOperation.Uuid - - packageDigest, err := importPackageSBOM(authedCtx, c.client.ImportsApi, sessionID, cfg.SBOM, stage) - if err != nil { - return fmt.Errorf("failed to import Package SBOM: %w", err) - } - prog.N++ - - manifestDigest, err := importManifest(authedCtx, c.client.ImportsApi, sessionID, cfg.SBOM.Source.ImageMetadata.RawManifest, stage) - if err != nil { - return fmt.Errorf("failed to import Manifest: %w", err) - } - prog.N++ - - configDigest, err := importConfig(authedCtx, c.client.ImportsApi, sessionID, cfg.SBOM.Source.ImageMetadata.RawConfig, stage) - if err != nil { - return fmt.Errorf("failed to import Config: %w", err) - } - prog.N++ - - dockerfileDigest, err := importDockerfile(authedCtx, c.client.ImportsApi, sessionID, cfg.Dockerfile, stage) - if err != nil { - return fmt.Errorf("failed to import Dockerfile: %w", err) - } - prog.N++ - - stage.Current = "finalizing" - imageModel := addImageModel(cfg.ImageMetadata, packageDigest, manifestDigest, dockerfileDigest, configDigest, sessionID) - opts := external.AddImageOpts{ - Force: optional.NewBool(cfg.OverwriteExistingUpload), - } - - _, addResponse, err := c.client.ImagesApi.AddImage(authedCtx, imageModel, &opts) - if err != nil { - var detail = "no details given" - var openAPIErr external.GenericOpenAPIError - if errors.As(err, &openAPIErr) { - detail = string(openAPIErr.Body()) - } - return fmt.Errorf("unable to complete import session=%q: %w: %s", sessionID, err, detail) - } - defer addResponse.Body.Close() - - prog.N++ - - stage.Current = "" - prog.SetCompleted() - - return nil -} - -func addImageModel(imageMetadata image.Metadata, packageDigest, manifestDigest, dockerfileDigest, configDigest, sessionID string) external.ImageAnalysisRequest { - var tags = make([]string, len(imageMetadata.Tags)) - for i, t := range imageMetadata.Tags { - tags[i] = t.String() - } - - return external.ImageAnalysisRequest{ - Source: external.ImageSource{ - Import: &external.ImageImportManifest{ - Contents: external.ImportContentDigests{ - Packages: packageDigest, - Manifest: manifestDigest, - Dockerfile: dockerfileDigest, - ImageConfig: configDigest, - }, - Tags: tags, - Digest: imageMetadata.ManifestDigest, - LocalImageId: imageMetadata.ID, - OperationUuid: sessionID, - }, - }, - } -} diff --git a/internal/anchore/import_config.go b/internal/anchore/import_config.go deleted file mode 100644 index feedc0aa3c4..00000000000 --- a/internal/anchore/import_config.go +++ /dev/null @@ -1,50 +0,0 @@ -//nolint:dupl -package anchore - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "net/http" - - "github.com/wagoodman/go-progress" - - "github.com/anchore/client-go/pkg/external" - "github.com/anchore/syft/internal/log" -) - -type configImportAPI interface { - ImportImageConfig(ctx context.Context, sessionID string, contents interface{}) (external.ImageImportContentResponse, *http.Response, error) -} - -func importConfig(ctx context.Context, api configImportAPI, sessionID string, config []byte, stage *progress.Stage) (string, error) { - if len(config) > 0 { - log.Debug("importing image config") - stage.Current = "image config" - - // API requires an object, but we do not verify the shape of this object locally - var sender map[string]interface{} - if err := json.Unmarshal(config, &sender); err != nil { - return "", err - } - - response, httpResponse, err := api.ImportImageConfig(ctx, sessionID, sender) - if err != nil { - var openAPIErr external.GenericOpenAPIError - if errors.As(err, &openAPIErr) { - log.Errorf("api response: %+v", string(openAPIErr.Body())) - } - return "", fmt.Errorf("unable to import Config: %w", err) - } - - defer httpResponse.Body.Close() - - if httpResponse.StatusCode != 200 { - return "", fmt.Errorf("unable to import Config: %s", httpResponse.Status) - } - - return response.Digest, nil - } - return "", nil -} diff --git a/internal/anchore/import_config_test.go b/internal/anchore/import_config_test.go deleted file mode 100644 index ecd964be302..00000000000 --- a/internal/anchore/import_config_test.go +++ /dev/null @@ -1,129 +0,0 @@ -package anchore - -import ( - "context" - "encoding/json" - "fmt" - "net/http" - "strings" - "testing" - - "github.com/docker/docker/pkg/ioutils" - "github.com/go-test/deep" - "github.com/wagoodman/go-progress" - - "github.com/anchore/client-go/pkg/external" -) - -type mockConfigImportAPI struct { - sessionID string - model interface{} - httpResponse *http.Response - err error - ctx context.Context - responseDigest string - wasCalled bool -} - -func (m *mockConfigImportAPI) ImportImageConfig(ctx context.Context, sessionID string, contents interface{}) (external.ImageImportContentResponse, *http.Response, error) { - m.wasCalled = true - m.model = contents - m.sessionID = sessionID - m.ctx = ctx - if m.httpResponse == nil { - m.httpResponse = &http.Response{} - } - m.httpResponse.Body = ioutils.NewReadCloserWrapper(strings.NewReader(""), func() error { return nil }) - return external.ImageImportContentResponse{Digest: m.responseDigest}, m.httpResponse, m.err -} - -func TestConfigImport(t *testing.T) { - - sessionID := "my-session" - - tests := []struct { - name string - manifestJSONStr string - api *mockConfigImportAPI - expectsError bool - expectsCall bool - }{ - - { - name: "Go case: import works", - manifestJSONStr: `{ "key": "the-manifest-contents!" }`, - api: &mockConfigImportAPI{ - httpResponse: &http.Response{StatusCode: 200}, - responseDigest: "digest!", - }, - expectsCall: true, - }, - { - name: "No manifest provided", - manifestJSONStr: "", - api: &mockConfigImportAPI{}, - expectsCall: false, - }, - { - name: "API returns an error", - manifestJSONStr: `{ "key": "the-manifest-contents!" }`, - api: &mockConfigImportAPI{ - err: fmt.Errorf("api error, something went wrong"), - }, - expectsError: true, - expectsCall: true, - }, - { - name: "API HTTP-level error", - manifestJSONStr: `{ "key": "the-manifest-contents!" }`, - api: &mockConfigImportAPI{ - httpResponse: &http.Response{StatusCode: 404}, - }, - expectsError: true, - expectsCall: true, - }, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - - digest, err := importConfig(context.TODO(), test.api, sessionID, []byte(test.manifestJSONStr), &progress.Stage{}) - - // validate error handling - if err != nil && !test.expectsError { - t.Fatalf("did not expect an error, but got: %+v", err) - } else if err == nil && test.expectsError { - t.Fatalf("did expect an error, but got none") - } - - if !test.api.wasCalled && test.expectsCall { - t.Fatalf("was not called!") - } else if test.api.wasCalled && !test.expectsCall { - t.Fatalf("should not have been called") - } - - if !test.expectsCall { - return - } - - if digest != test.api.responseDigest { - t.Errorf("unexpected content digest: %q != %q", digest, test.api.responseDigest) - } - - // validating that the mock got the right parameters - if test.api.sessionID != sessionID { - t.Errorf("different session ID: %s != %s", test.api.sessionID, sessionID) - } - - var expected map[string]interface{} - if err := json.Unmarshal([]byte(test.manifestJSONStr), &expected); err != nil { - t.Fatalf("could not unmarshal expected results") - } - - for _, d := range deep.Equal(test.api.model, expected) { - t.Errorf("model difference: %s", d) - } - - }) - } -} diff --git a/internal/anchore/import_dockerfile.go b/internal/anchore/import_dockerfile.go deleted file mode 100644 index 83fd31633bd..00000000000 --- a/internal/anchore/import_dockerfile.go +++ /dev/null @@ -1,42 +0,0 @@ -package anchore - -import ( - "context" - "errors" - "fmt" - "net/http" - - "github.com/wagoodman/go-progress" - - "github.com/anchore/client-go/pkg/external" - "github.com/anchore/syft/internal/log" -) - -type dockerfileImportAPI interface { - ImportImageDockerfile(ctx context.Context, sessionID string, contents string) (external.ImageImportContentResponse, *http.Response, error) -} - -func importDockerfile(ctx context.Context, api dockerfileImportAPI, sessionID string, dockerfile []byte, stage *progress.Stage) (string, error) { - if len(dockerfile) > 0 { - log.Debug("importing dockerfile") - stage.Current = "dockerfile" - - response, httpResponse, err := api.ImportImageDockerfile(ctx, sessionID, string(dockerfile)) - if err != nil { - var openAPIErr external.GenericOpenAPIError - if errors.As(err, &openAPIErr) { - log.Errorf("api response: %+v", string(openAPIErr.Body())) - } - return "", fmt.Errorf("unable to import Dockerfile: %w", err) - } - - defer httpResponse.Body.Close() - - if httpResponse.StatusCode != 200 { - return "", fmt.Errorf("unable to import Dockerfile: %s", httpResponse.Status) - } - - return response.Digest, nil - } - return "", nil -} diff --git a/internal/anchore/import_dockerfile_test.go b/internal/anchore/import_dockerfile_test.go deleted file mode 100644 index 336fea1c491..00000000000 --- a/internal/anchore/import_dockerfile_test.go +++ /dev/null @@ -1,123 +0,0 @@ -package anchore - -import ( - "context" - "fmt" - "net/http" - "strings" - "testing" - - "github.com/docker/docker/pkg/ioutils" - "github.com/go-test/deep" - "github.com/wagoodman/go-progress" - - "github.com/anchore/client-go/pkg/external" -) - -type mockDockerfileImportAPI struct { - sessionID string - model string - httpResponse *http.Response - err error - ctx context.Context - responseDigest string - wasCalled bool -} - -func (m *mockDockerfileImportAPI) ImportImageDockerfile(ctx context.Context, sessionID string, contents string) (external.ImageImportContentResponse, *http.Response, error) { - m.wasCalled = true - m.model = contents - m.sessionID = sessionID - m.ctx = ctx - if m.httpResponse == nil { - m.httpResponse = &http.Response{} - } - m.httpResponse.Body = ioutils.NewReadCloserWrapper(strings.NewReader(""), func() error { return nil }) - return external.ImageImportContentResponse{Digest: m.responseDigest}, m.httpResponse, m.err -} - -func TestDockerfileImport(t *testing.T) { - - sessionID := "my-session" - - tests := []struct { - name string - dockerfile string - api *mockDockerfileImportAPI - expectsError bool - expectsCall bool - }{ - - { - name: "Go case: import works", - dockerfile: "the-manifest-contents!", - api: &mockDockerfileImportAPI{ - httpResponse: &http.Response{StatusCode: 200}, - responseDigest: "digest!", - }, - expectsCall: true, - }, - { - name: "No manifest provided", - dockerfile: "", - api: &mockDockerfileImportAPI{}, - expectsCall: false, - }, - { - name: "API returns an error", - dockerfile: "the-manifest-contents!", - api: &mockDockerfileImportAPI{ - err: fmt.Errorf("api error, something went wrong"), - }, - expectsError: true, - expectsCall: true, - }, - { - name: "API HTTP-level error", - dockerfile: "the-manifest-contents!", - api: &mockDockerfileImportAPI{ - httpResponse: &http.Response{StatusCode: 404}, - }, - expectsError: true, - expectsCall: true, - }, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - - digest, err := importDockerfile(context.TODO(), test.api, sessionID, []byte(test.dockerfile), &progress.Stage{}) - - // validate error handling - if err != nil && !test.expectsError { - t.Fatalf("did not expect an error, but got: %+v", err) - } else if err == nil && test.expectsError { - t.Fatalf("did expect an error, but got none") - } - - if !test.api.wasCalled && test.expectsCall { - t.Fatalf("was not called!") - } else if test.api.wasCalled && !test.expectsCall { - t.Fatalf("should not have been called") - } - - if !test.expectsCall { - return - } - - if digest != test.api.responseDigest { - t.Errorf("unexpected content digest: %q != %q", digest, test.api.responseDigest) - } - - // validating that the mock got the right parameters - if test.api.sessionID != sessionID { - t.Errorf("different session ID: %s != %s", test.api.sessionID, sessionID) - } - - for _, d := range deep.Equal(test.api.model, test.dockerfile) { - t.Errorf("model difference: %s", d) - } - - }) - } -} diff --git a/internal/anchore/import_manifest.go b/internal/anchore/import_manifest.go deleted file mode 100644 index f1fb7d905cf..00000000000 --- a/internal/anchore/import_manifest.go +++ /dev/null @@ -1,50 +0,0 @@ -//nolint:dupl -package anchore - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "net/http" - - "github.com/wagoodman/go-progress" - - "github.com/anchore/client-go/pkg/external" - "github.com/anchore/syft/internal/log" -) - -type manifestImportAPI interface { - ImportImageManifest(ctx context.Context, sessionID string, contents interface{}) (external.ImageImportContentResponse, *http.Response, error) -} - -func importManifest(ctx context.Context, api manifestImportAPI, sessionID string, manifest []byte, stage *progress.Stage) (string, error) { - if len(manifest) > 0 { - log.Debug("importing image manifest") - stage.Current = "image manifest" - - // API requires an object, but we do not verify the shape of this object locally - var sender map[string]interface{} - if err := json.Unmarshal(manifest, &sender); err != nil { - return "", err - } - - response, httpResponse, err := api.ImportImageManifest(ctx, sessionID, sender) - if err != nil { - var openAPIErr external.GenericOpenAPIError - if errors.As(err, &openAPIErr) { - log.Errorf("api response: %+v", string(openAPIErr.Body())) - } - return "", fmt.Errorf("unable to import Manifest: %w", err) - } - - defer httpResponse.Body.Close() - - if httpResponse.StatusCode != 200 { - return "", fmt.Errorf("unable to import Manifest: %s", httpResponse.Status) - } - - return response.Digest, nil - } - return "", nil -} diff --git a/internal/anchore/import_manifest_test.go b/internal/anchore/import_manifest_test.go deleted file mode 100644 index e4edea3a0d0..00000000000 --- a/internal/anchore/import_manifest_test.go +++ /dev/null @@ -1,129 +0,0 @@ -package anchore - -import ( - "context" - "encoding/json" - "fmt" - "net/http" - "strings" - "testing" - - "github.com/docker/docker/pkg/ioutils" - "github.com/go-test/deep" - "github.com/wagoodman/go-progress" - - "github.com/anchore/client-go/pkg/external" -) - -type mockManifestImportAPI struct { - sessionID string - model interface{} - httpResponse *http.Response - err error - ctx context.Context - responseDigest string - wasCalled bool -} - -func (m *mockManifestImportAPI) ImportImageManifest(ctx context.Context, sessionID string, contents interface{}) (external.ImageImportContentResponse, *http.Response, error) { - m.wasCalled = true - m.model = contents - m.sessionID = sessionID - m.ctx = ctx - if m.httpResponse == nil { - m.httpResponse = &http.Response{} - } - m.httpResponse.Body = ioutils.NewReadCloserWrapper(strings.NewReader(""), func() error { return nil }) - return external.ImageImportContentResponse{Digest: m.responseDigest}, m.httpResponse, m.err -} - -func TestManifestImport(t *testing.T) { - - sessionID := "my-session" - - tests := []struct { - name string - manifest string - api *mockManifestImportAPI - expectsError bool - expectsCall bool - }{ - - { - name: "Go case: import works", - manifest: `{ "key": "the-config-contents!" }`, - api: &mockManifestImportAPI{ - httpResponse: &http.Response{StatusCode: 200}, - responseDigest: "digest!", - }, - expectsCall: true, - }, - { - name: "No manifest provided", - manifest: "", - api: &mockManifestImportAPI{}, - expectsCall: false, - }, - { - name: "API returns an error", - manifest: `{ "key": "the-config-contents!" }`, - api: &mockManifestImportAPI{ - err: fmt.Errorf("api error, something went wrong"), - }, - expectsError: true, - expectsCall: true, - }, - { - name: "API HTTP-level error", - manifest: `{ "key": "the-config-contents!" }`, - api: &mockManifestImportAPI{ - httpResponse: &http.Response{StatusCode: 404}, - }, - expectsError: true, - expectsCall: true, - }, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - - digest, err := importManifest(context.TODO(), test.api, sessionID, []byte(test.manifest), &progress.Stage{}) - - // validate error handling - if err != nil && !test.expectsError { - t.Fatalf("did not expect an error, but got: %+v", err) - } else if err == nil && test.expectsError { - t.Fatalf("did expect an error, but got none") - } - - if !test.api.wasCalled && test.expectsCall { - t.Fatalf("was not called!") - } else if test.api.wasCalled && !test.expectsCall { - t.Fatalf("should not have been called") - } - - if !test.expectsCall { - return - } - - if digest != test.api.responseDigest { - t.Errorf("unexpected content digest: %q != %q", digest, test.api.responseDigest) - } - - // validating that the mock got the right parameters - if test.api.sessionID != sessionID { - t.Errorf("different session ID: %s != %s", test.api.sessionID, sessionID) - } - - var expected map[string]interface{} - if err := json.Unmarshal([]byte(test.manifest), &expected); err != nil { - t.Fatalf("could not unmarshal expected results") - } - - for _, d := range deep.Equal(test.api.model, expected) { - t.Errorf("model difference: %s", d) - } - - }) - } -} diff --git a/internal/anchore/import_package_sbom.go b/internal/anchore/import_package_sbom.go deleted file mode 100644 index cf655197208..00000000000 --- a/internal/anchore/import_package_sbom.go +++ /dev/null @@ -1,119 +0,0 @@ -package anchore - -import ( - "bytes" - "context" - "encoding/json" - "errors" - "fmt" - "net/http" - - "github.com/wagoodman/go-progress" - - "github.com/anchore/client-go/pkg/external" - "github.com/anchore/syft/internal/log" - "github.com/anchore/syft/syft/formats/syftjson" - syftjsonModel "github.com/anchore/syft/syft/formats/syftjson/model" - "github.com/anchore/syft/syft/sbom" -) - -type packageSBOMImportAPI interface { - ImportImagePackages(context.Context, string, external.ImagePackageManifest) (external.ImageImportContentResponse, *http.Response, error) -} - -// importSBOM mirrors all elements found on the syftjson model format object relative to the anchore engine import schema. -type importSBOM struct { - Artifacts []syftjsonModel.Package `json:"artifacts"` // Artifacts is the list of packages discovered and placed into the catalog - ArtifactRelationships []syftjsonModel.Relationship `json:"artifactRelationships"` - Files []syftjsonModel.File `json:"files,omitempty"` // note: must have omitempty - Secrets []syftjsonModel.Secrets `json:"secrets,omitempty"` // note: must have omitempty - Source syftjsonModel.Source `json:"source"` // Source represents the original object that was cataloged - Distro external.ImportDistribution `json:"distro"` // Distro represents the Linux distribution that was detected from the source - Descriptor syftjsonModel.Descriptor `json:"descriptor"` // Descriptor is a block containing self-describing information about syft - Schema syftjsonModel.Schema `json:"schema"` // Schema is a block reserved for defining the version for the shape of this JSON document and where to find the schema document to validate the shape -} - -// toImportSBOMModel transforms the current sbom shape into what is needed for the current anchore import api shape. -func toImportSBOMModel(s sbom.SBOM) importSBOM { - m := syftjson.ToFormatModel(s) - - var idLike string - if len(m.Distro.IDLike) > 0 { - idLike = m.Distro.IDLike[0] - } - - var version = m.Distro.VersionID // note: version is intentionally not used as the default - if version == "" { - version = m.Distro.Version - } - - var name = m.Distro.ID // note: name is intentionally not used as the default - if name == "" { - name = m.Distro.Name - } - - return importSBOM{ - Artifacts: m.Artifacts, - ArtifactRelationships: m.ArtifactRelationships, - Files: m.Files, - Secrets: m.Secrets, - Source: m.Source, - Distro: external.ImportDistribution{ - Name: name, - Version: version, - IdLike: idLike, - }, - Descriptor: m.Descriptor, - Schema: m.Schema, - } -} - -func packageSbomModel(s sbom.SBOM) (*external.ImagePackageManifest, error) { - var buf bytes.Buffer - - doc := toImportSBOMModel(s) - - enc := json.NewEncoder(&buf) - // prevent > and < from being escaped in the payload - enc.SetEscapeHTML(false) - enc.SetIndent("", " ") - - if err := enc.Encode(&doc); err != nil { - return nil, fmt.Errorf("unable to encode import JSON model: %w", err) - } - - // the model is 1:1 the JSON output of today. As the schema changes, this will need to be converted into individual mappings. - var model external.ImagePackageManifest - if err := json.Unmarshal(buf.Bytes(), &model); err != nil { - return nil, fmt.Errorf("unable to convert JSON output to import model: %w", err) - } - - return &model, nil -} - -func importPackageSBOM(ctx context.Context, api packageSBOMImportAPI, sessionID string, s sbom.SBOM, stage *progress.Stage) (string, error) { - log.Debug("importing package SBOM") - stage.Current = "package SBOM" - - model, err := packageSbomModel(s) - if err != nil { - return "", fmt.Errorf("unable to create PackageSBOM model: %w", err) - } - - response, httpResponse, err := api.ImportImagePackages(ctx, sessionID, *model) - if err != nil { - var openAPIErr external.GenericOpenAPIError - if errors.As(err, &openAPIErr) { - log.Errorf("api response: %+v", string(openAPIErr.Body())) - } - return "", fmt.Errorf("unable to import PackageSBOM: %w", err) - } - - defer httpResponse.Body.Close() - - if httpResponse.StatusCode != 200 { - return "", fmt.Errorf("unable to import PackageSBOM: %s", httpResponse.Status) - } - - return response.Digest, nil -} diff --git a/internal/anchore/import_package_sbom_test.go b/internal/anchore/import_package_sbom_test.go deleted file mode 100644 index c1603efd71c..00000000000 --- a/internal/anchore/import_package_sbom_test.go +++ /dev/null @@ -1,398 +0,0 @@ -package anchore - -import ( - "context" - "encoding/json" - "fmt" - "net/http" - "strings" - "testing" - - "github.com/docker/docker/pkg/ioutils" - "github.com/go-test/deep" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "github.com/wagoodman/go-progress" - - "github.com/anchore/client-go/pkg/external" - "github.com/anchore/syft/syft/artifact" - "github.com/anchore/syft/syft/formats/syftjson" - "github.com/anchore/syft/syft/linux" - "github.com/anchore/syft/syft/pkg" - "github.com/anchore/syft/syft/sbom" - "github.com/anchore/syft/syft/source" -) - -func must(c pkg.CPE, e error) pkg.CPE { - if e != nil { - panic(e) - } - return c -} - -type mockPackageSBOMImportAPI struct { - sessionID string - model external.ImagePackageManifest - httpResponse *http.Response - err error - ctx context.Context - responseDigest string -} - -func (m *mockPackageSBOMImportAPI) ImportImagePackages(ctx context.Context, sessionID string, model external.ImagePackageManifest) (external.ImageImportContentResponse, *http.Response, error) { - m.model = model - m.sessionID = sessionID - m.ctx = ctx - if m.httpResponse == nil { - m.httpResponse = &http.Response{} - } - m.httpResponse.Body = ioutils.NewReadCloserWrapper(strings.NewReader(""), func() error { return nil }) - return external.ImageImportContentResponse{Digest: m.responseDigest}, m.httpResponse, m.err -} - -func sbomFixture() sbom.SBOM { - return sbom.SBOM{ - Artifacts: sbom.Artifacts{ - PackageCatalog: pkg.NewCatalog(pkg.Package{ - Name: "name", - Version: "version", - FoundBy: "foundBy", - Locations: source.NewLocationSet( - source.Location{ - Coordinates: source.Coordinates{ - RealPath: "path", - FileSystemID: "layerID", - }, - }, - ), - Licenses: []string{"license"}, - Language: pkg.Python, - Type: pkg.PythonPkg, - CPEs: []pkg.CPE{ - must(pkg.NewCPE("cpe:2.3:*:some:package:1:*:*:*:*:*:*:*")), - }, - PURL: "purl", - MetadataType: pkg.PythonPackageMetadataType, - Metadata: pkg.PythonPackageMetadata{ - Name: "p-name", - Version: "p-version", - License: "p-license", - Author: "p-author", - AuthorEmail: "p-email", - Platform: "p-platform", - Files: []pkg.PythonFileRecord{ - { - Path: "p-path", - Digest: &pkg.PythonFileDigest{ - Algorithm: "p-alg", - Value: "p-digest", - }, - Size: "p-size", - }, - }, - SitePackagesRootPath: "p-site-packages-root", - TopLevelPackages: []string{"top-level"}, - }, - }), - LinuxDistribution: &linux.Release{ - ID: "centos", - Version: "8.0", - VersionID: "8.0", - IDLike: []string{"rhel"}, - }, - }, - Relationships: []artifact.Relationship{ - { - From: source.NewLocation("/place1"), - To: source.NewLocation("/place2"), - Type: artifact.ContainsRelationship, - }, - }, - Source: source.Metadata{ - Scheme: source.ImageScheme, - ImageMetadata: source.ImageMetadata{ - UserInput: "user-in", - Layers: nil, - Size: 10, - ManifestDigest: "sha256:digest!", - MediaType: "mediatype!", - Tags: nil, - }, - }, - } - -} - -func TestPackageSbomImport(t *testing.T) { - sbomResult := sbomFixture() - theModel, err := packageSbomModel(sbomResult) - if err != nil { - t.Fatalf("could not get sbom model: %+v", err) - } - - sessionID := "my-session" - - tests := []struct { - name string - api *mockPackageSBOMImportAPI - expectsError bool - }{ - - { - name: "Go case: import works", - api: &mockPackageSBOMImportAPI{ - httpResponse: &http.Response{StatusCode: 200}, - responseDigest: "digest!", - }, - }, - { - name: "API returns an error", - api: &mockPackageSBOMImportAPI{ - err: fmt.Errorf("API error, something went wrong."), - }, - expectsError: true, - }, - { - name: "API HTTP-level error", - api: &mockPackageSBOMImportAPI{ - httpResponse: &http.Response{StatusCode: 404}, - }, - expectsError: true, - }, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - - digest, err := importPackageSBOM(context.TODO(), test.api, sessionID, sbomResult, &progress.Stage{}) - - // validate error handling - if err != nil && !test.expectsError { - t.Fatalf("did not expect an error, but got: %+v", err) - } else if err == nil && test.expectsError { - t.Fatalf("did expect an error, but got none") - } - - if digest != test.api.responseDigest { - t.Errorf("unexpected content digest: %q != %q", digest, test.api.responseDigest) - } - - // validating that the mock got the right parameters (api.ImportImagePackages) - if test.api.sessionID != sessionID { - t.Errorf("different session ID: %s != %s", test.api.sessionID, sessionID) - } - - for _, d := range deep.Equal(&test.api.model, theModel) { - t.Errorf("model difference: %s", d) - } - - }) - } -} - -type modelAssertion func(t *testing.T, model *external.ImagePackageManifest) - -func Test_packageSbomModel(t *testing.T) { - fix := sbomFixture() - - tests := []struct { - name string - sbom sbom.SBOM - traits []modelAssertion - }{ - { - name: "distro: has single distro id-like", - sbom: sbom.SBOM{ - Artifacts: sbom.Artifacts{ - LinuxDistribution: &linux.Release{ - Name: "centos-name", - ID: "centos-id", - IDLike: []string{ - "centos-id-like-1", - }, - Version: "version", - VersionID: "version-id", - }, - }, - }, - traits: []modelAssertion{ - hasDistroInfo("centos-id", "version-id", "centos-id-like-1"), - }, - }, - { - name: "distro: has multiple distro id-like", - sbom: sbom.SBOM{ - Artifacts: sbom.Artifacts{ - LinuxDistribution: &linux.Release{ - Name: "centos-name", - ID: "centos-id", - IDLike: []string{ - "centos-id-like-1", - "centos-id-like-2", - }, - Version: "version", - VersionID: "version-id", - }, - }, - }, - traits: []modelAssertion{ - hasDistroInfo("centos-id", "version-id", "centos-id-like-1"), - }, - }, - { - name: "distro: has no distro id-like", - sbom: sbom.SBOM{ - Artifacts: sbom.Artifacts{ - LinuxDistribution: &linux.Release{ - Name: "centos-name", - ID: "centos-id", - IDLike: []string{}, - Version: "version", - VersionID: "version-id", - }, - }, - }, - traits: []modelAssertion{ - hasDistroInfo("centos-id", "version-id", ""), - }, - }, - { - name: "distro: has no version-id", - sbom: sbom.SBOM{ - Artifacts: sbom.Artifacts{ - LinuxDistribution: &linux.Release{ - Name: "centos-name", - ID: "centos-id", - IDLike: []string{}, - Version: "version", - VersionID: "", - }, - }, - }, - traits: []modelAssertion{ - hasDistroInfo("centos-id", "version", ""), - }, - }, - { - name: "distro: has no id", - sbom: sbom.SBOM{ - Artifacts: sbom.Artifacts{ - LinuxDistribution: &linux.Release{ - Name: "centos-name", - ID: "", - IDLike: []string{}, - Version: "version", - VersionID: "version-id", - }, - }, - }, - traits: []modelAssertion{ - hasDistroInfo("centos-name", "version-id", ""), - }, - }, - { - name: "should have expected packages", - sbom: fix, - traits: []modelAssertion{ - func(t *testing.T, model *external.ImagePackageManifest) { - require.Len(t, model.Artifacts, 1) - - modelPkg := model.Artifacts - modelBytes, err := json.Marshal(&modelPkg) - require.NoError(t, err) - - fixPkg := syftjson.ToFormatModel(fix).Artifacts - fixBytes, err := json.Marshal(&fixPkg) - require.NoError(t, err) - - assert.JSONEq(t, string(fixBytes), string(modelBytes)) - }, - }, - }, - { - name: "should have expected relationships", - sbom: fix, - traits: []modelAssertion{ - func(t *testing.T, model *external.ImagePackageManifest) { - modelPkg := model.ArtifactRelationships - modelBytes, err := json.Marshal(&modelPkg) - require.NoError(t, err) - - fixPkg := syftjson.ToFormatModel(fix).ArtifactRelationships - fixBytes, err := json.Marshal(&fixPkg) - require.NoError(t, err) - - assert.JSONEq(t, string(fixBytes), string(modelBytes)) - }, - }, - }, - { - name: "should have expected schema", - sbom: fix, - traits: []modelAssertion{ - func(t *testing.T, model *external.ImagePackageManifest) { - modelPkg := model.Schema - modelBytes, err := json.Marshal(&modelPkg) - require.NoError(t, err) - - fixPkg := syftjson.ToFormatModel(fix).Schema - fixBytes, err := json.Marshal(&fixPkg) - require.NoError(t, err) - - assert.JSONEq(t, string(fixBytes), string(modelBytes)) - }, - }, - }, - { - name: "should have expected descriptor", - sbom: fix, - traits: []modelAssertion{ - func(t *testing.T, model *external.ImagePackageManifest) { - modelPkg := model.Descriptor - modelBytes, err := json.Marshal(&modelPkg) - require.NoError(t, err) - - fixPkg := syftjson.ToFormatModel(fix).Descriptor - fixBytes, err := json.Marshal(&fixPkg) - require.NoError(t, err) - - assert.JSONEq(t, string(fixBytes), string(modelBytes)) - }, - }, - }, - { - name: "should have expected source", - sbom: fix, - traits: []modelAssertion{ - func(t *testing.T, model *external.ImagePackageManifest) { - modelPkg := model.Source - modelBytes, err := json.Marshal(&modelPkg) - require.NoError(t, err) - - fixPkg := syftjson.ToFormatModel(fix).Source - fixBytes, err := json.Marshal(&fixPkg) - require.NoError(t, err) - - assert.JSONEq(t, string(fixBytes), string(modelBytes)) - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got, err := packageSbomModel(tt.sbom) - require.NoError(t, err) - for _, fn := range tt.traits { - fn(t, got) - } - }) - } -} - -func hasDistroInfo(name, version, idLike string) modelAssertion { - return func(t *testing.T, model *external.ImagePackageManifest) { - assert.Equal(t, name, model.Distro.Name) - assert.Equal(t, version, model.Distro.Version) - assert.Equal(t, idLike, model.Distro.IdLike) - } -} diff --git a/internal/config/anchore.go b/internal/config/anchore.go deleted file mode 100644 index 7e3bc281c9d..00000000000 --- a/internal/config/anchore.go +++ /dev/null @@ -1,21 +0,0 @@ -package config - -import "github.com/spf13/viper" - -type anchore struct { - // upload options - Host string `yaml:"host" json:"host" mapstructure:"host"` // -H , hostname of the engine/enterprise instance to upload to (setting this value enables upload) - Path string `yaml:"path" json:"path" mapstructure:"path"` // override the engine/enterprise API upload path - // IMPORTANT: do not show the username in any YAML/JSON output (sensitive information) - Username string `yaml:"-" json:"-" mapstructure:"username"` // -u , username to authenticate upload - // IMPORTANT: do not show the password in any YAML/JSON output (sensitive information) - Password string `yaml:"-" json:"-" mapstructure:"password"` // -p , password to authenticate upload - Dockerfile string `yaml:"dockerfile" json:"dockerfile" mapstructure:"dockerfile"` // -d , dockerfile to attach for upload - OverwriteExistingImage bool `yaml:"overwrite-existing-image" json:"overwrite-existing-image" mapstructure:"overwrite-existing-image"` // --overwrite-existing-image , if any of the SBOM components have already been uploaded this flag will ensure they are overwritten with the current upload - ImportTimeout uint `yaml:"import-timeout" json:"import-timeout" mapstructure:"import-timeout"` // --import-timeout - // , customize the number of seconds within which the SBOM import must be completed or canceled -} - -func (cfg anchore) loadDefaultValues(v *viper.Viper) { - v.SetDefault("anchore.path", "") -} diff --git a/internal/config/application.go b/internal/config/application.go index 037412c5870..13ec69979f4 100644 --- a/internal/config/application.go +++ b/internal/config/application.go @@ -43,7 +43,6 @@ type Application struct { OutputTemplatePath string `yaml:"output-template-path" json:"output-template-path" mapstructure:"output-template-path"` // -t template file to use for output File string `yaml:"file" json:"file" mapstructure:"file"` // --file, the file to write report output to CheckForAppUpdate bool `yaml:"check-for-app-update" json:"check-for-app-update" mapstructure:"check-for-app-update"` // whether to check for an application update on start up or not - Anchore anchore `yaml:"anchore" json:"anchore" mapstructure:"anchore"` // options for interacting with Anchore Engine/Enterprise Dev development `yaml:"dev" json:"dev" mapstructure:"dev"` Log logging `yaml:"log" json:"log" mapstructure:"log"` // all logging-related options Catalogers []string `yaml:"catalogers" json:"catalogers" mapstructure:"catalogers"` @@ -112,7 +111,6 @@ func (cfg *Application) parseConfigValues() error { // parse application config options for _, optionFn := range []func() error{ - cfg.parseUploadOptions, cfg.parseLogLevelOption, cfg.parseFile, } { @@ -136,13 +134,6 @@ func (cfg *Application) parseConfigValues() error { return nil } -func (cfg *Application) parseUploadOptions() error { - if cfg.Anchore.Host == "" && cfg.Anchore.Dockerfile != "" { - return fmt.Errorf("cannot provide dockerfile option without enabling upload") - } - return nil -} - func (cfg *Application) parseLogLevelOption() error { switch { case cfg.Quiet: diff --git a/test/cli/packages_cmd_test.go b/test/cli/packages_cmd_test.go index abd3d8e2e7c..2170c6bc506 100644 --- a/test/cli/packages_cmd_test.go +++ b/test/cli/packages_cmd_test.go @@ -132,48 +132,6 @@ func TestPackagesCmdFlags(t *testing.T) { assertSuccessfulReturnCode, }, }, - { - name: "attempt-upload-on-cli-switches", - args: []string{"packages", "-vv", "-H", "localhost:8080", "-u", "the-username", "-d", "test-fixtures/image-pkg-coverage/Dockerfile", "--overwrite-existing-image", coverageImage}, - env: map[string]string{ - "SYFT_ANCHORE_PATH": "path/to/api", - "SYFT_ANCHORE_PASSWORD": "the-password", - }, - assertions: []traitAssertion{ - // we cannot easily assert a successful upload behavior, so instead we are doing the next best thing - // and asserting that the parsed configuration has the expected values and we see log entries - // indicating an upload attempt. - assertNotInOutput("the-username"), - assertNotInOutput("the-password"), - assertInOutput("uploading results to localhost:8080"), - assertInOutput(`dockerfile: test-fixtures/image-pkg-coverage/Dockerfile`), - assertInOutput(`overwrite-existing-image: true`), - assertInOutput(`path: path/to/api`), - assertInOutput(`host: localhost:8080`), - assertFailingReturnCode, // upload can't go anywhere, so if this passes that would be surprising - }, - }, - { - name: "dockerfile-without-upload-is-invalid", - args: []string{"packages", "-vv", "-d", "test-fixtures/image-pkg-coverage/Dockerfile", coverageImage}, - assertions: []traitAssertion{ - - assertNotInOutput("uploading results to localhost:8080"), - assertInOutput("invalid application config: cannot provide dockerfile option without enabling upload"), - assertFailingReturnCode, - }, - }, - { - name: "attempt-upload-with-env-host-set", - args: []string{"packages", "-vv", coverageImage}, - env: map[string]string{ - "SYFT_ANCHORE_HOST": "localhost:8080", - }, - assertions: []traitAssertion{ - assertInOutput("uploading results to localhost:8080"), - assertFailingReturnCode, // upload can't go anywhere, so if this passes that would be surprising - }, - }, { // we want to make certain that syft can catalog a single go binary and get a SBOM report that is not empty name: "catalog-single-go-binary",