Add dfile_lock & dfobj flags to analysis functions

This commit makes changes to the execution path when analyzing a dockerfile or utilizing the dockerfile lock functionality. Instead of using a True/False 'dockerfile' flag to indicate there is a Dockerfile to analyze, provide a 'dfobj' dockerfile object instead. When using a dockerfile object, the file path is still available to access via dfobj.filepath. This commit also adds a dfile_lock True/False flag as an argument to a handful of functions to differentiate between a "dockerfile lock" dockerfile and regular dockerfile analysis. Even though the execution path is similar for both options, this distinction is important for determining the output file that should be generated. Works towards tern-tools#522 Signed-off-by: Rose Judge <[email protected]>
rnjudge · Mar 27, 2020 · 3e2e2d8 · 3e2e2d8
1 parent 1b0f454
commit 3e2e2d8
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 11 deletions.
diff --git a/tern/analyze/docker/analyze.py b/tern/analyze/docker/analyze.py
@@ -25,7 +25,7 @@
 logger = logging.getLogger(constants.logger_name)
 
 
-def analyze_docker_image(image_obj, redo=False, dockerfile=False, dfobj=None):
+def analyze_docker_image(image_obj, redo=False, dfile_lock=False, dfobj=None):
     '''Given a DockerImage object, for each layer, retrieve the packages, first
     looking up in cache and if not there then looking up in the command
     library. For looking up in command library first mount the filesystem
@@ -35,11 +35,12 @@ def analyze_docker_image(image_obj, redo=False, dockerfile=False, dfobj=None):
 
     # set up empty master list of packages
     master_list = []
-    prepare_for_analysis(image_obj, dockerfile)
+    prepare_for_analysis(image_obj, dfobj)
     # Analyze the first layer and get the shell
     shell = analyze_first_layer(image_obj, master_list, redo)
     # Analyze the remaining layers
-    analyze_subsequent_layers(image_obj, shell, master_list, redo, dfobj)
+    analyze_subsequent_layers(image_obj, shell, master_list, redo, dfobj,
+                              dfile_lock)
     common.save_to_cache(image_obj)
 
 
@@ -67,9 +68,9 @@ def get_shell(image_obj, binary):
     return shell
 
 
-def prepare_for_analysis(image_obj, dockerfile):
+def prepare_for_analysis(image_obj, dfobj):
     # find the layers that are imported
-    if dockerfile:
+    if dfobj:
         dhelper.set_imported_layers(image_obj)
     # add notices for each layer if it is imported
     image_setup(image_obj)
@@ -127,7 +128,8 @@ def analyze_first_layer(image_obj, master_list, redo):
     return shell
 
 
-def analyze_subsequent_layers(image_obj, shell, master_list, redo, dfobj=None):  # pylint:disable=too-many-branches
+def analyze_subsequent_layers(image_obj, shell, master_list, redo, dfobj=None,
+                              dfile_lock=False):  # noqa: R0912,R0913
     # get packages for subsequent layers
     curr_layer = 1
     while curr_layer < len(image_obj.layers):  # pylint:disable=too-many-nested-blocks
@@ -160,7 +162,7 @@ def analyze_subsequent_layers(image_obj, shell, master_list, redo, dfobj=None):
                         logger.critical(errors.keyboard_interrupt)
                         abort_analysis()
                 # pin any installed packages to a locked dockerfile.
-                if dfobj is not None:
+                if dfile_lock:
                     # collect list of RUN commands that could install pkgs
                     run_dict = d_file.get_run_layers(dfobj)
                     for package in image_obj.layers[curr_layer].packages:

diff --git a/tern/report/report.py b/tern/report/report.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright (c) 2017-2019 VMware, Inc. All Rights Reserved.
+# Copyright (c) 2017-2020 VMware, Inc. All Rights Reserved.
 # SPDX-License-Identifier: BSD-2-Clause
 
 """
@@ -41,15 +41,15 @@ def write_report(report, args):
         f.write(report)
 
 
-def setup(dockerfile=None, image_tag_string=None):
+def setup(dfobj=None, image_tag_string=None):
     '''Any initial setup'''
     # generate random names for image, container, and tag
     general.initialize_names()
     # load the cache
     cache.load()
     # load dockerfile if present
-    if dockerfile:
-        dhelper.load_docker_commands(dockerfile)
+    if dfobj is not None:
+        dhelper.load_docker_commands(dfobj)
     # check if the docker image is present
     if image_tag_string and general.check_tar(image_tag_string) is False:
         if container.check_image(image_tag_string) is None: