UNPKG

snyk-docker-plugin

Version:

Snyk CLI docker plugin

github.com/snyk/snyk-docker-plugin

snyk/snyk-docker-plugin

99 lines (86 loc) 3.11 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
import * as Debug from "debug"; import { DockerFileAnalysis } from "../../dockerfile/types"; import { ExtractedLayers } from "../../extractor/types"; import { getOsReleaseStatic as getOsRelease } from "../../inputs/os-release"; import { OsReleaseFilePath } from "../../types"; import { OSRelease } from "../types"; import { tryAlpineRelease, tryCentosRelease, tryDebianVersion, tryLsbRelease, tryOracleRelease, tryOSRelease, tryRedHatRelease, } from "./release-analyzer"; const debug = Debug("snyk"); type OsReleaseHandler = (text: string) => Promise<OSRelease | null>; const releaseDetectors: Record<OsReleaseFilePath, OsReleaseHandler> = { [OsReleaseFilePath.Linux]: tryOSRelease, // Fallback for the case where the same file exists in different location or is a symlink to the other location [OsReleaseFilePath.LinuxFallback]: tryOSRelease, // Generic fallback [OsReleaseFilePath.Lsb]: tryLsbRelease, // Fallbacks for specific older distributions [OsReleaseFilePath.Debian]: tryDebianVersion, [OsReleaseFilePath.Alpine]: tryAlpineRelease, [OsReleaseFilePath.Oracle]: tryOracleRelease, [OsReleaseFilePath.RedHat]: tryRedHatRelease, [OsReleaseFilePath.Centos]: tryCentosRelease, }; export async function detect( extractedLayers: ExtractedLayers, dockerfileAnalysis: DockerFileAnalysis | undefined, ): Promise<OSRelease> { /** * We want to detect whether the OS release file existed, but it just could not be parsed successfully. * This is so that we can distinguish between images with multiple "os-release" files - some of them * may fail to parse while others will succeed. This will depend purely on the order of our handlers. * We want to run all handlers and only then decide if detection succeeded or not. */ let hadOsReleaseFile = false; let osRelease: OSRelease | null = null; for (const [type, handler] of Object.entries(releaseDetectors)) { const osReleaseFile = getOsRelease( extractedLayers, type as OsReleaseFilePath, ); if (!osReleaseFile) { continue; } hadOsReleaseFile = true; try { osRelease = await handler(osReleaseFile); } catch (err) { debug("Malformed OS release file", JSON.stringify(err)); } if (osRelease) { break; } } if (!osRelease && hadOsReleaseFile) { throw new Error("Failed to parse OS release file"); } if (!osRelease) { if (dockerfileAnalysis && dockerfileAnalysis.baseImage === "scratch") { // If the docker file was build from a scratch image // then we don't have a known OS osRelease = { name: "scratch", version: "0.0", prettyName: "" }; } else { osRelease = { name: "unknown", version: "0.0", prettyName: "" }; } } // Oracle Linux identifies itself as "ol" if (osRelease.name.trim() === "ol") { osRelease.name = "oracle"; } // Support round version. ie change SLES 15 to SLES 15.0 if ( osRelease.name.trim() === "sles" && osRelease.version && !osRelease.version.includes(".") ) { osRelease.version += ".0"; } return osRelease; }