UNPKG

snyk-docker-plugin

Version:

Snyk CLI docker plugin

github.com/snyk/snyk-docker-plugin

snyk/snyk-docker-plugin

122 lines 5.05 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.getManifestLayers = exports.createGetImageIdFromManifest = exports.createExtractArchive = exports.kanikoArchiveConfig = exports.dockerArchiveConfig = exports.InvalidArchiveError = void 0; const Debug = require("debug"); const fs_1 = require("fs"); const gunzip = require("gunzip-maybe"); const path_1 = require("path"); const tar_stream_1 = require("tar-stream"); const error_utils_1 = require("../error-utils"); const stream_utils_1 = require("../stream-utils"); class InvalidArchiveError extends Error { constructor(message) { super(); this.name = "InvalidArchiveError"; this.message = message; } } exports.InvalidArchiveError = InvalidArchiveError; const types_1 = require("../types"); const layer_1 = require("./layer"); const debug = Debug("snyk"); exports.dockerArchiveConfig = { isLayerFile: (name) => (0, path_1.basename)(name).endsWith(".tar"), isImageConfigFile: (name) => new RegExp("[A-Fa-f0-9]{64}\\.json").test(name), formatLabel: "Docker", layerErrorType: "tar", extractImageId: (configValue) => configValue.split(".")[0], }; exports.kanikoArchiveConfig = { isLayerFile: (name) => (0, path_1.basename)(name).endsWith(".tar.gz"), isImageConfigFile: (name) => new RegExp("sha256:[A-Fa-f0-9]{64}").test(name), formatLabel: "Kaniko", layerErrorType: "tar.gz", extractImageId: (configValue) => configValue, }; function createExtractArchive(config) { return (archiveFilesystemPath, extractActions, _options) => new Promise((resolve, reject) => { const tarExtractor = (0, tar_stream_1.extract)(); const layers = {}; let manifest; let imageConfig; tarExtractor.on("entry", async (header, stream, next) => { if (header.type === "file") { const normalizedName = (0, path_1.normalize)(header.name); if (config.isLayerFile(normalizedName)) { try { layers[normalizedName] = await (0, layer_1.extractImageLayer)(stream, extractActions); } catch (error) { debug(`Error extracting layer content from: '${(0, error_utils_1.getErrorMessage)(error)}'`); reject(new Error(`Error reading ${config.layerErrorType} archive`)); } } else if (isManifestFile(normalizedName)) { const manifestArray = await getManifestFile(stream); manifest = manifestArray[0]; } else if (config.isImageConfigFile(normalizedName)) { imageConfig = await getManifestFile(stream); } } stream.resume(); next(); }); tarExtractor.on("finish", () => { try { resolve(assembleLayersAndManifest(manifest, imageConfig, layers)); } catch (error) { debug(`Error getting layers and manifest content from ${config.formatLabel} archive: ${(0, error_utils_1.getErrorMessage)(error)}`); reject(new InvalidArchiveError(`Invalid ${config.formatLabel} archive`)); } }); tarExtractor.on("error", (error) => reject(error)); (0, fs_1.createReadStream)(archiveFilesystemPath) .on("error", (error) => reject(error)) .pipe(gunzip()) .pipe(tarExtractor); }); } exports.createExtractArchive = createExtractArchive; function assembleLayersAndManifest(manifest, imageConfig, layers) { const layersWithNormalizedNames = manifest.Layers.map((layerName) => (0, path_1.normalize)(layerName)); const filteredLayers = layersWithNormalizedNames .filter((layerName) => layers[layerName]) .map((layerName) => layers[layerName]) .reverse(); if (filteredLayers.length === 0) { throw new Error("We found no layers in the provided image"); } return { layers: filteredLayers, manifest, imageConfig, }; } async function getManifestFile(stream) { return (0, stream_utils_1.streamToJson)(stream); } function isManifestFile(name) { return name === "manifest.json"; } function createGetImageIdFromManifest(config) { return (manifest) => { try { const imageId = config.extractImageId(manifest.Config); if (imageId.includes(":")) { return imageId; } return `${types_1.HashAlgorithm.Sha256}:${imageId}`; } catch (err) { throw new Error("Failed to extract image ID from archive manifest"); } }; } exports.createGetImageIdFromManifest = createGetImageIdFromManifest; function getManifestLayers(manifest) { return manifest.Layers.map((layer) => (0, path_1.normalize)(layer)); } exports.getManifestLayers = getManifestLayers; //# sourceMappingURL=generic-archive-extractor.js.map