forked from aquasecurity/fanal
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker.go
131 lines (114 loc) · 3.16 KB
/
docker.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
package applier
import (
"time"
"github.com/aquasecurity/fanal/types"
godeptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
"github.com/knqyf263/nested"
)
type Config struct {
ContainerConfig containerConfig `json:"container_config"`
History []History
}
type containerConfig struct {
Env []string
}
type History struct {
Created time.Time
CreatedBy string `json:"created_by"`
}
func containsPackage(e types.Package, s []types.Package) bool {
for _, a := range s {
if a.Name == e.Name && a.Version == e.Version && a.Release == e.Release {
return true
}
}
return false
}
func containsLibrary(e godeptypes.Library, s []types.LibraryInfo) bool {
for _, a := range s {
if e.Name == a.Library.Name && e.Version == a.Library.Version {
return true
}
}
return false
}
func lookupOriginLayerForPkg(pkg types.Package, layers []types.BlobInfo) (string, string) {
for _, layer := range layers {
for _, info := range layer.PackageInfos {
if containsPackage(pkg, info.Packages) {
return layer.Digest, layer.DiffID
}
}
}
return "", ""
}
func lookupOriginLayerForLib(filePath string, lib godeptypes.Library, layers []types.BlobInfo) (string, string) {
for _, layer := range layers {
for _, layerApp := range layer.Applications {
if filePath != layerApp.FilePath {
continue
}
if containsLibrary(lib, layerApp.Libraries) {
return layer.Digest, layer.DiffID
}
}
}
return "", ""
}
func ApplyLayers(layers []types.BlobInfo) types.ArtifactDetail {
sep := "/"
nestedMap := nested.Nested{}
var mergedLayer types.ArtifactDetail
for _, layer := range layers {
for _, opqDir := range layer.OpaqueDirs {
_ = nestedMap.DeleteByString(opqDir, sep)
}
for _, whFile := range layer.WhiteoutFiles {
_ = nestedMap.DeleteByString(whFile, sep)
}
if layer.OS != nil {
mergedLayer.OS = layer.OS
}
for _, pkgInfo := range layer.PackageInfos {
nestedMap.SetByString(pkgInfo.FilePath, sep, pkgInfo)
}
for _, app := range layer.Applications {
nestedMap.SetByString(app.FilePath, sep, app)
}
for _, config := range layer.Configs {
config.Layer = types.Layer{
Digest: layer.Digest,
DiffID: layer.DiffID,
}
nestedMap.SetByString(config.FilePath, sep, config)
}
}
_ = nestedMap.Walk(func(keys []string, value interface{}) error {
switch v := value.(type) {
case types.PackageInfo:
mergedLayer.Packages = append(mergedLayer.Packages, v.Packages...)
case types.Application:
mergedLayer.Applications = append(mergedLayer.Applications, v)
case types.Config:
mergedLayer.Configs = append(mergedLayer.Configs, v)
}
return nil
})
for i, pkg := range mergedLayer.Packages {
originLayerDigest, originLayerDiffID := lookupOriginLayerForPkg(pkg, layers)
mergedLayer.Packages[i].Layer = types.Layer{
Digest: originLayerDigest,
DiffID: originLayerDiffID,
}
}
for _, app := range mergedLayer.Applications {
for i, libInfo := range app.Libraries {
originLayerDigest, originLayerDiffID := lookupOriginLayerForLib(app.FilePath, libInfo.Library, layers)
app.Libraries[i].Layer = types.Layer{
Digest: originLayerDigest,
DiffID: originLayerDiffID,
}
}
}
return mergedLayer
}