tblyler/reg
1
0
Fork 0
mirror of https://github.com/genuinetools/reg.git synced 2024-09-28 11:46:20 -04:00
Code Issues Projects Releases Wiki Activity

cleanup filtered layers

Browse source 
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
This commit is contained in:
Jess Frazelle 2018-06-06 13:34:09 -04:00
parent 98a949d93e
commit 53b01f037f
No known key found for this signature in database
GPG key ID: 18F3685C0022BFF3
1 changed files with 16 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
clair/vulns.go
View file

@ -8,9 +8,7 @@ import (
"github.com/docker/distribution" "github.com/docker/distribution"
"github.com/docker/distribution/manifest/schema1" "github.com/docker/distribution/manifest/schema1"
"github.com/docker/distribution/manifest/schema2"
"github.com/genuinetools/reg/registry" "github.com/genuinetools/reg/registry"
"github.com/sirupsen/logrus"
) )
// Vulnerabilities scans the given repo and tag. // Vulnerabilities scans the given repo and tag.
@ -23,14 +21,11 @@ func (c *Clair) Vulnerabilities(r *registry.Registry, repo, tag string) (Vulnera
VulnsBySeverity: make(map[string][]Vulnerability), VulnsBySeverity: make(map[string][]Vulnerability),
} }
// Get the manifest to pass to clair. filteredLayers, err := c.getFilteredLayers(r, repo, tag)
m2, err := r.Manifest(repo, tag)
if err != nil { if err != nil {
return report, fmt.Errorf("getting the v1 manifest for %s:%s failed: %v", repo, tag, err) return report, fmt.Errorf("getting filtered layers failed: %v", err)
} }
filteredLayers := getFilteredLayers(m2)
if len(filteredLayers) == 0 { if len(filteredLayers) == 0 {
fmt.Printf("No need to analyse image %s:%s as there is no non-emtpy layer", repo, tag) fmt.Printf("No need to analyse image %s:%s as there is no non-emtpy layer", repo, tag)
return report, nil return report, nil
@ -171,8 +166,15 @@ func (c *Clair) NewClairLayerV2(r *registry.Registry, image string, fsLayers []d
}, nil }, nil
} }
func getFilteredLayers(m2 distribution.Manifest) []distribution.Descriptor { func (c *Clair) getFilteredLayers(r *registry.Registry, repo, tag string) ([]distribution.Descriptor, error) {
mf, ok := m2.(schema2.DeserializedManifest) ok := true
// Get the manifest to pass to clair.
mf, err := r.ManifestV2(repo, tag)
if err != nil {
ok = false
c.Logf("couldn't retrieve manifest v2, falling back to v1")
// return nil, fmt.Errorf("getting the v2 manifest for %s:%s failed: %v", repo, tag, err)
}
var filteredLayers []distribution.Descriptor var filteredLayers []distribution.Descriptor
@ -183,19 +185,16 @@ func getFilteredLayers(m2 distribution.Manifest) []distribution.Descriptor {
filteredLayers = append(filteredLayers, layer) filteredLayers = append(filteredLayers, layer)
} }
} }
return filteredLayers return filteredLayers, nil
} }
logrus.Debug("couldn't retrieve manifest v2, falling back to v1") m, err := r.ManifestV1(repo, tag)
if err != nil {
m, ok := m2.(schema1.SignedManifest) return nil, fmt.Errorf("getting the v1 manifest for %s:%s failed: %v", repo, tag, err)
if !ok {
logrus.Fatal("converting to v1 manifest failed")
} }
for _, layer := range m.FSLayers { for _, layer := range m.FSLayers {
if !IsEmptyLayer(layer.BlobSum) { if !IsEmptyLayer(layer.BlobSum) {
newLayer := distribution.Descriptor{ newLayer := distribution.Descriptor{
Digest: layer.BlobSum, Digest: layer.BlobSum,
} }
@ -204,5 +203,5 @@ func getFilteredLayers(m2 distribution.Manifest) []distribution.Descriptor {
} }
} }
return filteredLayers return filteredLayers, nil
} }