Skip to content

Commit

Permalink
Add options for remic (aquasecurity#4)
Browse files Browse the repository at this point in the history
* Fix filename

* Add options
  • Loading branch information
masahiro331 authored and knqyf263 committed May 11, 2019
1 parent af00bde commit a3219f1
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 10 deletions.
13 changes: 13 additions & 0 deletions cmd/remic/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,19 @@ OPTIONS:
Name: "output, o",
Usage: "output file name",
},
cli.IntFlag{
Name: "exit-code",
Usage: "Exit code when vulnerabilities were found",
Value: 0,
},
cli.BoolFlag{
Name: "skip-update",
Usage: "skip db update",
},
cli.BoolFlag{
Name: "ignore-unfixed",
Usage: "display only fixed vulnerabilities",
},
cli.BoolFlag{
Name: "debug, d",
Usage: "debug mode",
Expand Down
21 changes: 17 additions & 4 deletions pkg/remic/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@ func Run(c *cli.Context) (err error) {

args := c.Args()
if len(args) == 0 {
return xerrors.New(`remic" requires at least 1 argument.`)
log.Logger.Info(`remic" requires at least 1 argument.`)
cli.ShowAppHelpAndExit(c, 1)
}

o := c.String("output")
Expand All @@ -51,8 +52,10 @@ func Run(c *cli.Context) (err error) {
return err
}

if err = vulnsrc.Update(); err != nil {
return err
if !c.Bool("skip-update") {
if err = vulnsrc.Update(); err != nil {
return xerrors.Errorf("error in vulnerability DB update: %w", err)
}
}

fileName := args[0]
Expand All @@ -62,7 +65,8 @@ func Run(c *cli.Context) (err error) {
}
defer f.Close()

result, err := scanner.ScanFile(f, severities)
ignoreUnfixed := c.Bool("ignore-unfixed")
result, err := scanner.ScanFile(f, severities, ignoreUnfixed)
if err != nil {
return xerrors.Errorf("failed to scan a file: %w", err)
}
Expand All @@ -81,5 +85,14 @@ func Run(c *cli.Context) (err error) {
return xerrors.Errorf("failed to write results: %w", err)
}

exitCode := c.Int("exit-code")
if exitCode != 0 {
for _, result := range []report.Result{result} {
if len(result.Vulnerabilities) > 0 {
os.Exit(exitCode)
}
}
}

return nil
}
2 changes: 1 addition & 1 deletion pkg/scanner/library/scan.go
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ func Scan(files extractor.FileMap) (map[string][]types.Vulnerability, error) {
}

func ScanFile(f *os.File) ([]types.Vulnerability, error) {
scanner := NewScanner(f.Name())
scanner := NewScanner(filepath.Base(f.Name()))
if scanner == nil {
return nil, xerrors.New("unknown file type")
}
Expand Down
10 changes: 5 additions & 5 deletions pkg/scanner/scan.go
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ func ScanImage(imageName, filePath string, severities []vulnerability.Severity,

osFamily, osVersion, osVulns, err := ospkg.Scan(files)
if err != nil {
return nil, xerrors.New("failed to scan image")
return nil, xerrors.Errorf("failed to scan image: %w", err)

}

Expand All @@ -83,7 +83,7 @@ func ScanImage(imageName, filePath string, severities []vulnerability.Severity,

libVulns, err := library.Scan(files)
if err != nil {
return nil, xerrors.New("failed to scan libraries")
return nil, xerrors.Errorf("failed to scan libraries: %w", err)
}
for path, vulns := range libVulns {
results = append(results, report.Result{
Expand All @@ -95,14 +95,14 @@ func ScanImage(imageName, filePath string, severities []vulnerability.Severity,
return results, nil
}

func ScanFile(f *os.File, severities []vulnerability.Severity) (report.Result, error) {
func ScanFile(f *os.File, severities []vulnerability.Severity, ignoreUnfixed bool) (report.Result, error) {
vulns, err := library.ScanFile(f)
if err != nil {
return report.Result{}, xerrors.New("failed to scan libraries in file")
return report.Result{}, xerrors.Errorf("failed to scan libraries in file: %w", err)
}
result := report.Result{
FileName: f.Name(),
Vulnerabilities: processVulnerabilties(vulns, severities, false),
Vulnerabilities: processVulnerabilties(vulns, severities, ignoreUnfixed),
}
return result, nil
}
Expand Down

0 comments on commit a3219f1

Please sign in to comment.