-
Notifications
You must be signed in to change notification settings - Fork 2.2k
/
client.go
94 lines (78 loc) · 2.31 KB
/
client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
package client
import (
"context"
"crypto/tls"
"net/http"
"golang.org/x/xerrors"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
r "github.com/aquasecurity/trivy/pkg/rpc"
"github.com/aquasecurity/trivy/pkg/types"
rpc "github.com/aquasecurity/trivy/rpc/scanner"
)
type options struct {
rpcClient rpc.Scanner
}
type Option func(*options)
// WithRPCClient takes rpc client for testability
func WithRPCClient(c rpc.Scanner) Option {
return func(opts *options) {
opts.rpcClient = c
}
}
// ScannerOption holds options for RPC client
type ScannerOption struct {
RemoteURL string
Insecure bool
CustomHeaders http.Header
}
// Scanner implements the RPC scanner
type Scanner struct {
customHeaders http.Header
client rpc.Scanner
}
// NewScanner is the factory method to return RPC Scanner
func NewScanner(scannerOptions ScannerOption, opts ...Option) Scanner {
httpClient := &http.Client{
Transport: &http.Transport{
Proxy: http.ProxyFromEnvironment,
TLSClientConfig: &tls.Config{
InsecureSkipVerify: scannerOptions.Insecure,
},
},
}
c := rpc.NewScannerProtobufClient(scannerOptions.RemoteURL, httpClient)
o := &options{rpcClient: c}
for _, opt := range opts {
opt(o)
}
return Scanner{customHeaders: scannerOptions.CustomHeaders, client: o.rpcClient}
}
// Scan scans the image
func (s Scanner) Scan(ctx context.Context, target, artifactKey string, blobKeys []string, opts types.ScanOptions) (types.Results, *ftypes.OS, error) {
ctx = WithCustomHeaders(ctx, s.customHeaders)
// Convert to the rpc struct
licenseCategories := map[string]*rpc.License{}
for category, names := range opts.LicenseCategories {
licenseCategories[string(category)] = &rpc.License{Names: names}
}
var res *rpc.ScanResponse
err := r.Retry(func() error {
var err error
res, err = s.client.Scan(ctx, &rpc.ScanRequest{
Target: target,
ArtifactId: artifactKey,
BlobIds: blobKeys,
Options: &rpc.ScanOptions{
VulnType: opts.VulnType,
SecurityChecks: opts.SecurityChecks,
ListAllPackages: opts.ListAllPackages,
LicenseCategories: licenseCategories,
},
})
return err
})
if err != nil {
return nil, nil, xerrors.Errorf("failed to detect vulnerabilities via RPC: %w", err)
}
return r.ConvertFromRPCResults(res.Results), r.ConvertFromRPCOS(res.Os), nil
}