Fix getting local image hash from repo digest (#126)

* fix: getting local image hash from repo digest
Co-authored-by: Idan Frimark <40820488+FrimIdan@users.noreply.github.com>

cli/cmd/analyze.go

@@ -100,15 +100,14 @@ func analyzeContent(cmd *cobra.Command, args []string) {
 	}
 
 	manager := job_manager.New(appConfig.SharedConfig.Analyzer.AnalyzerList, appConfig.SharedConfig, logger, job.CreateAnalyzerJob)
-	src := utils.SetSource(appConfig.LocalImageScan, sourceType, args[0])
-	results, err := manager.Run(sourceType, src)
+	results, err := manager.Run(sourceType, args[0])
 	if err != nil {
 		logger.Fatalf("Failed to run job manager: %v", err)
 	}
 
-	hash, err := utils.GenerateHash(sourceType, src)
+	hash, err := utils.GenerateHash(sourceType, args[0])
 	if err != nil {
-		logger.Fatalf("Failed to generate hash for source %s: %v", src, err)
+		logger.Fatalf("Failed to generate hash for source %s: %v", args[0], err)
 	}
 
 	outputFormat := appConfig.SharedConfig.Analyzer.OutputFormat

cli/cmd/scan.go

@@ -112,8 +112,7 @@ func vulnerabilityScanner(cmd *cobra.Command, args []string) {
 	}
 
 	manager := job_manager.New(appConfig.SharedConfig.Scanner.ScannersList, appConfig.SharedConfig, logger, job.CreateJob)
-	src := utils.SetSource(appConfig.LocalImageScan, sourceType, args[0])
-	results, err := manager.Run(sourceType, src)
+	results, err := manager.Run(sourceType, args[0])
 	if err != nil {
 		logger.Fatalf("Failed to run job manager: %v", err)
 	}
@@ -130,15 +129,15 @@ func vulnerabilityScanner(cmd *cobra.Command, args []string) {
 	switch sourceType {
 	case sharedutils.SBOM:
 		// handle SBOM
-		inputSBOM, err := os.ReadFile(src)
+		inputSBOM, err := os.ReadFile(args[0])
 		if err != nil {
-			logger.Fatalf("Failed to read SBOM file %s: %v", src, err)
+			logger.Fatalf("Failed to read SBOM file %s: %v", args[0], err)
 		}
 		// TODO need to check input SBOM if xml or json format
 		input := formatter.New(formatter.CycloneDXFormat, inputSBOM)
 		// use the formatter
 		if err := input.Decode(formatter.CycloneDXFormat); err != nil {
-			logger.Fatalf("Unable to decode input SBOM %s: %v", src, err)
+			logger.Fatalf("Unable to decode input SBOM %s: %v", args[0], err)
 		}
 		bomMetaComponent := input.GetSBOM().(*cdx.BOM).Metadata.Component
 		hash = cdx_helper.GetComponentHash(bomMetaComponent)
@@ -151,9 +150,9 @@ func vulnerabilityScanner(cmd *cobra.Command, args []string) {
 		// do nothing
 		// grype set the fields of the source during scan
 	default:
-		hash, err = utils.GenerateHash(sourceType, src)
+		hash, err = utils.GenerateHash(sourceType, args[0])
 		if err != nil {
-			logger.Fatalf("Failed to generate hash for source %s", src)
+			logger.Fatalf("Failed to generate hash for source %s", args[0])
 		}
 		mergedResults.SetHash(hash)
 	}
@@ -170,7 +169,7 @@ func vulnerabilityScanner(cmd *cobra.Command, args []string) {
 		logger.Fatalf("Failed to present results: %v", err)
 	}
 
-	layerCommands, err := getLayerCommandsIfNeeded(sourceType, src, appConfig.SharedConfig.Registry)
+	layerCommands, err := getLayerCommandsIfNeeded(sourceType, args[0], appConfig.SharedConfig)
 	if err != nil {
 		logger.Fatalf("Failed get layer commands. %v", err)
 	}
@@ -203,11 +202,11 @@ func getWriter(filePath string) (io.Writer, func() error) {
 	}
 }
 
-func getLayerCommandsIfNeeded(sourceType sharedutils.SourceType, source string, registryConf *sharedconfig.Registry) ([]*image_helper.FsLayerCommand, error) {
+func getLayerCommandsIfNeeded(sourceType sharedutils.SourceType, source string, sharedConf *sharedconfig.Config) ([]*image_helper.FsLayerCommand, error) {
 	if sourceType != sharedutils.IMAGE {
 		return nil, nil
 	}
-	layerCommands, err := image_helper.GetImageLayerCommands(source, sharedconfig.CreateRegistryOptions(registryConf))
+	layerCommands, err := image_helper.GetImageLayerCommands(source, sharedConf)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get layer commands: %v", err)
 	}

cli/pkg/config/config.go

@@ -22,30 +22,28 @@ import (
 )
 
 const (
-	LogLevel       = "LOG_LEVEL"
-	EnableJSONLog  = "ENABLE_JSON_LOG"
-	LocalImageScan = "LOCAL_IMAGE_SCAN"
+	LogLevel      = "LOG_LEVEL"
+	EnableJSONLog = "ENABLE_JSON_LOG"
 )
 
 type Config struct {
-	LogLevel       string
-	EnableJSONLog  bool
-	LocalImageScan bool
-	Backend        *Backend
-	SharedConfig   *shared.Config
+	LogLevel      string
+	EnableJSONLog bool
+	Backend       *Backend
+	SharedConfig  *shared.Config
 }
 
 func LoadConfig() *Config {
 	setConfigDefaults()
 	return &Config{
-		LogLevel:       viper.GetString(LogLevel),
-		EnableJSONLog:  viper.GetBool(EnableJSONLog),
-		LocalImageScan: viper.GetBool(LocalImageScan),
-		Backend:        loadBackendConfig(),
+		LogLevel:      viper.GetString(LogLevel),
+		EnableJSONLog: viper.GetBool(EnableJSONLog),
+		Backend:       loadBackendConfig(),
 		SharedConfig: &shared.Config{
-			Registry: loadRegistryConfig(),
-			Analyzer: shared.LoadAnalyzerConfig(),
-			Scanner:  shared.LoadScannerConfig(),
+			Registry:       loadRegistryConfig(),
+			Analyzer:       shared.LoadAnalyzerConfig(),
+			Scanner:        shared.LoadScannerConfig(),
+			LocalImageScan: viper.GetBool(shared.LocalImageScan),
 		},
 	}
 }

runtime_k8s_scanner/pkg/scanner/scanner.go

@@ -32,7 +32,6 @@ import (
 	"github.com/cisco-open/kubei/runtime_k8s_scanner/pkg/version"
 	"github.com/cisco-open/kubei/runtime_scan/api/client/models"
 	"github.com/cisco-open/kubei/shared/pkg/analyzer"
-	sharedconfig "github.com/cisco-open/kubei/shared/pkg/config"
 	"github.com/cisco-open/kubei/shared/pkg/utils/image_helper"
 )
 
@@ -160,8 +159,7 @@ func createLogger(conf *_config.Config) *log.Entry {
 
 func getLayerCommands(conf *_config.Config) []*image_helper.FsLayerCommand {
 	logger := createLogger(conf)
-	registryOptions := sharedconfig.CreateRegistryOptions(conf.SharedConfig.Registry)
-	layerCommands, err := image_helper.GetImageLayerCommands(conf.ImageNameToScan, registryOptions)
+	layerCommands, err := image_helper.GetImageLayerCommands(conf.ImageNameToScan, conf.SharedConfig)
 	if err != nil {
 		logger.Errorf("failed to get commands from image=%s: %v", conf.ImageIDToScan, err)
 	}

shared/pkg/analyzer/analyzer.go

@@ -36,13 +36,13 @@ type AppInfo struct {
 	SourceHash string
 }
 
-func CreateResults(sbomBytes []byte, analyzerName, src string, srcType utils.SourceType) *Results {
+func CreateResults(sbomBytes []byte, analyzerName, userInput string, srcType utils.SourceType) *Results {
 	return &Results{
 		Sbom:         sbomBytes,
 		AnalyzerInfo: analyzerName,
 		AppInfo: AppInfo{
 			SourceType: srcType,
-			SourcePath: src,
+			SourcePath: userInput,
 		},
 	}
 }

shared/pkg/analyzer/cdx_gomod/cyclonedx_gomod.go

@@ -55,7 +55,7 @@ func New(conf *config.Config,
 	}
 }
 
-func (a *Analyzer) Run(sourceType utils.SourceType, src string) error {
+func (a *Analyzer) Run(sourceType utils.SourceType, userInput string) error {
 	go func() {
 		res := &analyzer.Results{}
 		if sourceType != utils.DIR {
@@ -67,7 +67,7 @@ func (a *Analyzer) Run(sourceType utils.SourceType, src string) error {
 		zeroLogger := newZeroLogger(a.logger)
 		licenseDetector := local.NewDetector(zeroLogger)
 
-		generator, err := mod.NewGenerator(src,
+		generator, err := mod.NewGenerator(userInput,
 			mod.WithLogger(zeroLogger),
 			mod.WithComponentType(cdx.ComponentTypeApplication),
 			mod.WithIncludeStdlib(true),
@@ -112,7 +112,7 @@ func (a *Analyzer) Run(sourceType utils.SourceType, src string) error {
 			return
 		}
 
-		res = analyzer.CreateResults(output.GetSBOMBytes(), a.name, src, sourceType)
+		res = analyzer.CreateResults(output.GetSBOMBytes(), a.name, userInput, sourceType)
 		a.logger.Infof("Sending successful results")
 		a.resultChan <- res
 	}()

shared/pkg/analyzer/syft/syft.go

@@ -41,6 +41,7 @@ type Analyzer struct {
 	logger     *log.Entry
 	config     config.SyftConfig
 	resultChan chan job_manager.Result
+	localImage bool
 }
 
 func New(conf *config.Config,
@@ -51,11 +52,12 @@ func New(conf *config.Config,
 		logger:     logger.Dup().WithField("analyzer", AnalyzerName),
 		config:     config.CreateSyftConfig(conf.Analyzer, conf.Registry),
 		resultChan: resultChan,
+		localImage: conf.LocalImageScan,
 	}
 }
 
-func (a *Analyzer) Run(sourceType utils.SourceType, src string) error {
-	src = utils.CreateUserInput(sourceType, src)
+func (a *Analyzer) Run(sourceType utils.SourceType, userInput string) error {
+	src := utils.CreateSource(sourceType, userInput, a.localImage)
 	a.logger.Infof("Called %s analyzer on source %s", a.name, src)
 	s, _, err := source.New(src, a.config.RegistryOptions, []string{})
 	if err != nil {
@@ -92,7 +94,7 @@ func (a *Analyzer) Run(sourceType utils.SourceType, src string) error {
 		// Get the RepoDigest from image metadata and use it as SourceHash in the Result
 		// that will be added to the component hash of metadata during the merge.
 		if sourceType == utils.IMAGE {
-			res.AppInfo.SourceHash = getImageHash(sbom, src)
+			res.AppInfo.SourceHash = getImageHash(sbom, userInput)
 		}
 		a.logger.Infof("Sending successful results")
 		a.resultChan <- res

shared/pkg/config/config.go

@@ -16,7 +16,10 @@
 package config
 
 type Config struct {
-	Registry *Registry
-	Analyzer *Analyzer
-	Scanner  *Scanner
+	Registry       *Registry
+	Analyzer       *Analyzer
+	Scanner        *Scanner
+	LocalImageScan bool
 }
+
+const LocalImageScan = "LOCAL_IMAGE_SCAN"

shared/pkg/job_manager/manager.go

@@ -41,7 +41,7 @@ func New(jobNames []string, config *config.Config, logger *logrus.Entry, createR
 	}
 }
 
-func (m *Manager) Run(sourceType utils.SourceType, source string) (map[string]Result, error) {
+func (m *Manager) Run(sourceType utils.SourceType, userInput string) (map[string]Result, error) {
 	nameToResultChan := make(map[string]chan Result, len(m.jobNames))
 
 	// create jobs
@@ -53,7 +53,7 @@ func (m *Manager) Run(sourceType utils.SourceType, source string) (map[string]Re
 
 	// start jobs
 	for _, j := range jobs {
-		err := j.Run(sourceType, source)
+		err := j.Run(sourceType, userInput)
 		if err != nil {
 			return nil, fmt.Errorf("failed to run job: %v", err)
 		}