-
Notifications
You must be signed in to change notification settings - Fork 2.2k
/
image_flags.go
126 lines (115 loc) · 3.34 KB
/
image_flags.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
package flag
import (
v1 "github.com/google/go-containerregistry/pkg/v1"
"golang.org/x/xerrors"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/types"
xstrings "github.com/aquasecurity/trivy/pkg/x/strings"
)
// e.g. config yaml
// image:
// removed-pkgs: true
// input: "/path/to/alpine"
var (
ImageConfigScannersFlag = Flag{
Name: "image-config-scanners",
ConfigName: "image.image-config-scanners",
Default: []string{},
Values: xstrings.ToStringSlice(types.Scanners{
types.MisconfigScanner,
types.SecretScanner,
}),
Usage: "comma-separated list of what security issues to detect on container image configurations",
}
ScanRemovedPkgsFlag = Flag{
Name: "removed-pkgs",
ConfigName: "image.removed-pkgs",
Default: false,
Usage: "detect vulnerabilities of removed packages (only for Alpine)",
}
InputFlag = Flag{
Name: "input",
ConfigName: "image.input",
Default: "",
Usage: "input file path instead of image name",
}
PlatformFlag = Flag{
Name: "platform",
ConfigName: "image.platform",
Default: "",
Usage: "set platform in the form os/arch if image is multi-platform capable",
}
DockerHostFlag = Flag{
Name: "docker-host",
ConfigName: "image.docker.host",
Default: "",
Usage: "unix domain socket path to use for docker scanning",
}
SourceFlag = Flag{
Name: "image-src",
ConfigName: "image.source",
Default: xstrings.ToStringSlice(ftypes.AllImageSources),
Values: xstrings.ToStringSlice(ftypes.AllImageSources),
Usage: "image source(s) to use, in priority order",
}
)
type ImageFlagGroup struct {
Input *Flag // local image archive
ImageConfigScanners *Flag
ScanRemovedPkgs *Flag
Platform *Flag
DockerHost *Flag
ImageSources *Flag
}
type ImageOptions struct {
Input string
ImageConfigScanners types.Scanners
ScanRemovedPkgs bool
Platform ftypes.Platform
DockerHost string
ImageSources ftypes.ImageSources
}
func NewImageFlagGroup() *ImageFlagGroup {
return &ImageFlagGroup{
Input: &InputFlag,
ImageConfigScanners: &ImageConfigScannersFlag,
ScanRemovedPkgs: &ScanRemovedPkgsFlag,
Platform: &PlatformFlag,
DockerHost: &DockerHostFlag,
ImageSources: &SourceFlag,
}
}
func (f *ImageFlagGroup) Name() string {
return "Image"
}
func (f *ImageFlagGroup) Flags() []*Flag {
return []*Flag{
f.Input,
f.ImageConfigScanners,
f.ScanRemovedPkgs,
f.Platform,
f.DockerHost,
f.ImageSources,
}
}
func (f *ImageFlagGroup) ToOptions() (ImageOptions, error) {
var platform ftypes.Platform
if p := getString(f.Platform); p != "" {
pl, err := v1.ParsePlatform(p)
if err != nil {
return ImageOptions{}, xerrors.Errorf("unable to parse platform: %w", err)
}
if pl.OS == "*" {
pl.OS = "" // Empty OS means any OS
}
platform = ftypes.Platform{Platform: pl}
}
return ImageOptions{
Input: getString(f.Input),
ImageConfigScanners: getUnderlyingStringSlice[types.Scanner](f.ImageConfigScanners),
ScanRemovedPkgs: getBool(f.ScanRemovedPkgs),
Platform: platform,
DockerHost: getString(f.DockerHost),
ImageSources: getUnderlyingStringSlice[ftypes.ImageSource](f.ImageSources),
}, nil
}