/
scan.go
67 lines (58 loc) · 1.57 KB
/
scan.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package scanner
import (
"context"
"flag"
"os"
"github.com/goodwithtech/docker-guard/pkg/types"
"github.com/goodwithtech/docker-guard/pkg/assessor"
"github.com/knqyf263/fanal/analyzer"
"github.com/knqyf263/fanal/extractor"
"golang.org/x/crypto/ssh/terminal"
"golang.org/x/xerrors"
)
func ScanImage(imageName, filePath string) (assessments []*types.Assessment, err error) {
ctx := context.Background()
var target string
var files extractor.FileMap
// add required files to fanal's analyzer
analyzer.AddRequiredFilenames(assessor.LoadRequiredFiles())
if imageName != "" {
target = imageName
dockerOption, err := types.GetDockerOption()
if err != nil {
return nil, xerrors.Errorf("failed to get docker option: %w", err)
}
files, err = analyzer.Analyze(ctx, imageName, dockerOption)
if err != nil {
return nil, xerrors.Errorf("failed to analyze image: %w", err)
}
} else if filePath != "" {
target = filePath
rc, err := openStream(filePath)
if err != nil {
return nil, xerrors.Errorf("failed to open stream: %w", err)
}
files, err = analyzer.AnalyzeFromFile(ctx, rc)
if err != nil {
return nil, err
}
} else {
return nil, xerrors.New("image name or image file must be specified")
}
assessments = assessor.GetAssessments(files)
if len(assessments) == 0 {
return nil, xerrors.Errorf("failed scan %s: %w", target, err)
}
return assessments, nil
}
func openStream(path string) (*os.File, error) {
if path == "-" {
if terminal.IsTerminal(0) {
flag.Usage()
os.Exit(64)
} else {
return os.Stdin, nil
}
}
return os.Open(path)
}