/
advisory_secdb.go
111 lines (90 loc) · 3.16 KB
/
advisory_secdb.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package cli
import (
"fmt"
"log/slog"
"os"
"github.com/chainguard-dev/clog"
"github.com/spf13/cobra"
"github.com/wolfi-dev/wolfictl/pkg/advisory"
"github.com/wolfi-dev/wolfictl/pkg/configs"
v2 "github.com/wolfi-dev/wolfictl/pkg/configs/advisory/v2"
rwos "github.com/wolfi-dev/wolfictl/pkg/configs/rwfs/os"
"github.com/wolfi-dev/wolfictl/pkg/distro"
)
func cmdAdvisorySecDB() *cobra.Command {
p := &dbParams{}
cmd := &cobra.Command{
Use: "secdb",
Aliases: []string{"db"},
Short: "Build an Alpine-style security database from advisory data",
SilenceErrors: true,
Args: cobra.NoArgs,
RunE: func(cmd *cobra.Command, _ []string) error {
logger := clog.NewLogger(slog.Default())
ctx := clog.WithLogger(cmd.Context(), logger)
if len(p.advisoriesRepoDirs) == 0 {
if p.doNotDetectDistro {
return fmt.Errorf("no advisories repo dir specified")
}
d, err := distro.Detect()
if err != nil {
return fmt.Errorf("no advisories repo dir specified, and distro auto-detection failed: %w", err)
}
p.advisoriesRepoDirs = append(p.advisoriesRepoDirs, d.Local.AdvisoriesRepo.Dir)
_, _ = fmt.Fprint(os.Stderr, renderDetectedDistro(d))
}
indices := make([]*configs.Index[v2.Document], 0, len(p.advisoriesRepoDirs))
for _, dir := range p.advisoriesRepoDirs {
advisoryFsys := rwos.DirFS(dir)
index, err := v2.NewIndex(cmd.Context(), advisoryFsys)
if err != nil {
return fmt.Errorf("unable to index advisory configs for directory %q: %w", dir, err)
}
indices = append(indices, index)
}
opts := advisory.BuildSecurityDatabaseOptions{
AdvisoryDocIndices: indices,
URLPrefix: p.urlPrefix,
Archs: p.archs,
Repo: p.repo,
}
database, err := advisory.BuildSecurityDatabase(ctx, opts)
if err != nil {
return err
}
var outputFile *os.File
if p.outputLocation == "" {
outputFile = os.Stdout
} else {
outputFile, err = os.Create(p.outputLocation)
if err != nil {
return fmt.Errorf("unable to open output file: %w", err)
}
defer outputFile.Close()
}
_, err = outputFile.Write(database)
if err != nil {
return fmt.Errorf("unable to write the security database to specified location: %w", err)
}
return nil
},
}
p.addFlagsTo(cmd)
return cmd
}
type dbParams struct {
doNotDetectDistro bool
advisoriesRepoDirs []string
outputLocation string
urlPrefix string
archs []string
repo string
}
func (p *dbParams) addFlagsTo(cmd *cobra.Command) {
addNoDistroDetectionFlag(&p.doNotDetectDistro, cmd)
cmd.Flags().StringSliceVarP(&p.advisoriesRepoDirs, "advisories-repo-dir", "a", nil, "directory containing an advisories repository")
cmd.Flags().StringVarP(&p.outputLocation, "output", "o", "", "output location (default: stdout)")
cmd.Flags().StringVar(&p.urlPrefix, "url-prefix", "https://packages.wolfi.dev", "URL scheme and hostname for the package repository")
cmd.Flags().StringSliceVar(&p.archs, "arch", []string{"x86_64"}, "the package architectures the security database is for")
cmd.Flags().StringVar(&p.repo, "repo", "os", "the name of the package repository")
}