/
advisory_export.go
141 lines (118 loc) · 4.04 KB
/
advisory_export.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
package cli
import (
"fmt"
"io"
"os"
"strings"
"github.com/google/osv-scanner/pkg/models"
"github.com/spf13/cobra"
"github.com/chainguard-dev/clog"
"github.com/wolfi-dev/wolfictl/pkg/advisory"
"github.com/wolfi-dev/wolfictl/pkg/configs"
v2 "github.com/wolfi-dev/wolfictl/pkg/configs/advisory/v2"
rwos "github.com/wolfi-dev/wolfictl/pkg/configs/rwfs/os"
"github.com/wolfi-dev/wolfictl/pkg/distro"
)
func cmdAdvisoryExport() *cobra.Command {
p := &exportParams{}
cmd := &cobra.Command{
Use: "export",
Short: "Export advisory data (experimental)",
SilenceErrors: true,
Args: cobra.NoArgs,
Hidden: true,
PreRunE: func(cmd *cobra.Command, _ []string) error {
ctx := cmd.Context()
if p.format == OutputOSV {
if _, err := os.Stat(p.outputLocation); os.IsNotExist(err) {
clog.FromContext(ctx).Errorf("directory %s does not exist, please create that first", p.outputLocation)
return err
}
}
return nil
},
RunE: func(cmd *cobra.Command, _ []string) error {
if len(p.advisoriesRepoDirs) == 0 {
if p.doNotDetectDistro {
return fmt.Errorf("no advisories repo dir specified")
}
d, err := distro.Detect()
if err != nil {
return fmt.Errorf("no advisories repo dir specified, and distro auto-detection failed: %w", err)
}
p.advisoriesRepoDirs = append(p.advisoriesRepoDirs, d.Local.AdvisoriesRepo.Dir)
_, _ = fmt.Fprint(os.Stderr, renderDetectedDistro(d))
}
indices := make([]*configs.Index[v2.Document], 0, len(p.advisoriesRepoDirs))
for _, dir := range p.advisoriesRepoDirs {
advisoryFsys := rwos.DirFS(dir)
index, err := v2.NewIndex(cmd.Context(), advisoryFsys)
if err != nil {
return fmt.Errorf("unable to index advisory configs for directory %q: %w", dir, err)
}
indices = append(indices, index)
}
opts := advisory.ExportOptions{
AdvisoryDocIndices: indices,
Ecosystem: models.Ecosystem(p.ecosystem),
}
var export io.Reader
var err error
switch p.format {
case OutputYAML:
export, err = advisory.ExportYAML(opts)
case OutputCSV:
export, err = advisory.ExportCSV(opts)
case OutputOSV:
err = advisory.ExportOSV(opts, p.outputLocation)
default:
return fmt.Errorf("unrecognized format: %q. Valid formats are: [%s]", p.format, strings.Join([]string{OutputYAML, OutputCSV, OutputOSV}, ", "))
}
if err != nil {
return fmt.Errorf("unable to export advisory data: %w", err)
}
if p.format != OutputOSV {
var outputFile *os.File
if p.outputLocation == "" {
outputFile = os.Stdout
} else {
outputFile, err = os.Create(p.outputLocation)
if err != nil {
return fmt.Errorf("unable to create output file: %w", err)
}
defer outputFile.Close()
}
_, err = io.Copy(outputFile, export)
if err != nil {
return fmt.Errorf("unable to export data to specified location: %w", err)
}
}
return nil
},
}
p.addFlagsTo(cmd)
return cmd
}
type exportParams struct {
doNotDetectDistro bool
advisoriesRepoDirs []string
outputLocation string
// format controls how commands will produce their output.
format string
ecosystem string
}
const (
// OutputYAML YAML output.
OutputYAML = "yaml"
// OutputCSV CSV output.
OutputCSV = "csv"
// OutputOSV OSV output.
OutputOSV = "osv"
)
func (p *exportParams) addFlagsTo(cmd *cobra.Command) {
addNoDistroDetectionFlag(&p.doNotDetectDistro, cmd)
cmd.Flags().StringSliceVarP(&p.advisoriesRepoDirs, "advisories-repo-dir", "a", nil, "directory containing an advisories repository")
cmd.Flags().StringVarP(&p.outputLocation, "output", "o", "", "output location (default: stdout). In case using OSV format this will be the output directory.")
cmd.Flags().StringVarP(&p.format, "format", "f", OutputCSV, fmt.Sprintf("Output format. One of: [%s]", strings.Join([]string{OutputYAML, OutputCSV, OutputOSV}, ", ")))
cmd.Flags().StringVarP(&p.ecosystem, "ecosystem", "e", "Wolfi", fmt.Sprintf("Ecosystem format. One of: [%s]", strings.Join([]string{"Wolfi", "Chainguard"}, ", ")))
}