analyze: dockerfile: Parse with dockerfile_parse #525
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nishakm
force-pushed
the
use-dockerfile-parse
branch
3 times, most recently
from
ad55c14 to
97e21f0
Compare
nishakm
force-pushed
the
use-dockerfile-parse
branch
from
97e21f0 to
8ebc8b2
Compare
This is work towards tern-tools#522 We add initial functionality for parsing dockerfiles using dockerfile_parse. We also add some tests for the functions therein and some extra functions to parse various pieces of the Dockerfile we will need. Most of the work is in tern/analyze/docker/dockerfile.py. We add a class called Dockerfile which will contain the information parsed using the function get_dockerfile_obj. The typical workflow is to create a Dockerfile object using get_dockerfile_obj from an existing Dockerfile file. Then we can use the other functions to return the information we want - replace_env will do a key-value replacement of any piece of the Dockerfile object's structure property with any key-value dict. The typical use for this is to replace ENVs with their values in any Dockerfile line. - expand_vars will do the replacement wholesale for the Dockerfile content. - parse_from_image will get a dictionary containing tokens in the image string for each FROM line in the Dockerfile. In order for this to work, we also add a function called parse_image_string to tern/utils/general.py which will do the parsing of the image string. This helps us use this parsing for image names passed via command line using the -i flag. - Added tests for these functions in test_analyze_docker_dockerfile.py For these tests, we also add some dockerfiles. Other changes include: - Add dockerfile-parse to the list of requirements. - Add tests for dockerfile and general to the CI tests. Signed-off-by: Nisha K <[email protected]>
nishakm
force-pushed
the
use-dockerfile-parse
branch
from
8ebc8b2 to
1b8e5fd
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is work towards #522
We add initial functionality for parsing dockerfiles using
dockerfile_parse. We also add some tests for the functions therein.
A key feature of using dockerfile_parse is that we can now do
variable expansion i.e. for ENV instructions, replace the keys
with the values for the content in the dockerfile. This allows for
more accurate analysis of possible packages installed using scripts
that don't use a system package manager.
In order to test the functions, we also added some example
dockerfiles we would test against. They vary in complexity.
We added the new test to the ci test suite and the dockerfile-parse
module to requirements.txt
Signed-off-by: Nisha K [email protected]