-
Notifications
You must be signed in to change notification settings - Fork 1
/
get_cve.go
141 lines (116 loc) · 3.78 KB
/
get_cve.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
package cmd
import (
"io"
"github.com/spf13/cobra"
"fmt"
"github.com/jenkins-x/jx/pkg/cve"
"github.com/jenkins-x/jx/pkg/jx/cmd/templates"
"github.com/jenkins-x/jx/pkg/kube"
"github.com/jenkins-x/jx/pkg/log"
"github.com/jenkins-x/jx/pkg/util"
)
// GetGitOptions the command line options
type GetCVEOptions struct {
GetOptions
ImageName string
ImageID string
Version string
Env string
VulnerabilityType string
}
var (
getCVELong = templates.LongDesc(`
Display Common Vulnerabilities and Exposures (CVEs)
`)
getCVEExample = templates.Examples(`
# List all Common Vulnerabilities and Exposures (CVEs)
jx get cve # using current dir as the context for app name
jx get cve --app foo
jx get cve --app foo --version 1.0.0
jx get cve --app foo --environment staging
jx get cve --environment staging
`)
)
// NewCmdGetCVE creates the command
func NewCmdGetCVE(f Factory, out io.Writer, errOut io.Writer) *cobra.Command {
options := &GetCVEOptions{
GetOptions: GetOptions{
CommonOptions: CommonOptions{
Factory: f,
Out: out,
Err: errOut,
},
},
}
cmd := &cobra.Command{
Use: "cve [flags]",
Short: "Display Common Vulnerabilities and Exposures (CVEs)",
Long: getCVELong,
Example: getCVEExample,
Aliases: []string{"cves"},
Run: func(cmd *cobra.Command, args []string) {
options.Cmd = cmd
options.Args = args
err := options.Run()
CheckErr(err)
},
}
options.addCommonFlags(cmd)
options.addGetCVEFlags(cmd)
return cmd
}
func (o *GetCVEOptions) addGetCVEFlags(cmd *cobra.Command) {
cmd.Flags().StringVarP(&o.ImageName, "image-name", "", "", "Full image name e.g. jenkinsxio/nexus ")
cmd.Flags().StringVarP(&o.ImageID, "image-id", "", "", "Image ID in CVE engine if already known")
cmd.Flags().StringVarP(&o.Version, "version", "", "", "Version or tag e.g. 0.0.1")
cmd.Flags().StringVarP(&o.Env, "environment", "e", "", "The Environment to find running applications")
}
// Run implements this command
func (o *GetCVEOptions) Run() error {
_, _, err := o.KubeClient()
if err != nil {
return fmt.Errorf("cannot connect to kubernetes cluster: %v", err)
}
jxClient, _, err := o.JXClient()
if err != nil {
return fmt.Errorf("cannot create jx client: %v", err)
}
externalURL, err := o.ensureAddonServiceAvailable(kube.AddonServices[defaultAnchoreName])
if err != nil {
log.Warnf("no CVE provider service found, are you in your teams dev environment? Type `jx env` to switch.\n")
return fmt.Errorf("if no CVE provider running, try running `jx create addon anchore` in your teams dev environment: %v", err)
}
// if no flags are set try and guess the image name from the current directory
if o.ImageID == "" && o.ImageName == "" && o.Env == "" {
return fmt.Errorf("no --image-name, --image-id or --environment flags set\n")
}
server, auth, err := o.CommonOptions.getAddonAuthByKind(kube.ValueKindCVE, externalURL)
if err != nil {
return fmt.Errorf("error getting anchore engine auth details, %v", err)
}
p, err := cve.NewAnchoreProvider(server, auth)
if err != nil {
return fmt.Errorf("error creating anchore provider, %v", err)
}
table := o.CreateTable()
table.AddRow("Image", util.ColorInfo("Severity"), "Vulnerability", "URL", "Package", "Fix")
query := cve.CVEQuery{
ImageID: o.ImageID,
ImageName: o.ImageName,
Environment: o.Env,
Vesion: o.Version,
}
if o.Env != "" {
targetNamespace, err := kube.GetEnvironmentNamespace(jxClient, o.currentNamespace, o.Env)
if err != nil {
return err
}
query.TargetNamespace = targetNamespace
}
err = p.GetImageVulnerabilityTable(jxClient, o.KubeClientCached, &table, query)
if err != nil {
return fmt.Errorf("error getting vulnerability table for image %s: %v", query.ImageID, err)
}
table.Render()
return nil
}