Skip to content

ROX-9280: Scan image with local Scanner #517

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
RTann merged 165 commits into from
Feb 24, 2022
Merged

ROX-9280: Scan image with local Scanner #517

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
165 commits
Select commit Hold shift + click to select a range
727c183
for now
RTann Jan 14, 2022
2684b49
Merge branch 'master' into ROX-8401-registry-store
RTann Jan 17, 2022
aea8089
updates
RTann Jan 18, 2022
6e0a192
Merge branch 'master' into ROX-8401-registry-store
RTann Jan 18, 2022
d0df329
simple test
RTann Jan 18, 2022
8397df4
style
RTann Jan 18, 2022
0350677
initial
RTann Jan 18, 2022
fd63945
for now
RTann Jan 18, 2022
3563322
updates
RTann Jan 18, 2022
c82d99e
Merge branch 'master' into ROX-8401-registry-store
RTann Jan 18, 2022
cc09606
Merge branch 'ROX-8401-registry-store' into ROX-8401-interactions
RTann Jan 18, 2022
196eb1c
for now
RTann Jan 19, 2022
cf04865
Merge branch 'master' into ROX-8401-registry-store
RTann Jan 19, 2022
2d53f13
updates
RTann Jan 19, 2022
36419a1
Merge branch 'ROX-8401-registry-store' into ROX-8401-interactions
RTann Jan 19, 2022
fdcbdfc
debug logs
RTann Jan 19, 2022
4bfb84f
for now
RTann Jan 20, 2022
53b9aef
Merge branch 'master' into ROX-8401-registry-store
RTann Jan 24, 2022
aa30729
update factory opts
RTann Jan 24, 2022
2a9538c
Merge branch 'master' into ROX-8401-registry-store
RTann Jan 24, 2022
2b53677
debug
RTann Jan 24, 2022
93550ab
style
RTann Jan 24, 2022
1539c6c
Merge branch 'master' into ROX-8401-registry-store
RTann Jan 25, 2022
325beeb
update
RTann Jan 25, 2022
ee746c3
Merge branch 'master' into ROX-8401-registry-store
RTann Jan 25, 2022
b12da60
add more logs
RTann Jan 25, 2022
1d6baf9
remove log
RTann Jan 25, 2022
e6b48cd
remove logs
RTann Jan 25, 2022
9a7d890
merge
RTann Jan 25, 2022
5560267
updates
RTann Jan 26, 2022
6656825
update scanner version
RTann Jan 26, 2022
346abf9
remove logs
RTann Jan 26, 2022
944fbd3
update comment
RTann Jan 26, 2022
bf3ec4b
updates
RTann Jan 26, 2022
c26e0f6
Merge branch 'master' into ROX-8401-registry-store
RTann Jan 26, 2022
6df210a
Merge branch 'ROX-8401-registry-store' into ROX-8401-interactions
RTann Jan 26, 2022
0130294
revert comment change
RTann Jan 26, 2022
b578ded
updates
RTann Jan 26, 2022
9733eeb
updates
RTann Jan 26, 2022
1fa80ca
Merge branch 'ROX-8401-registry-store' into ROX-8401-interactions
RTann Jan 26, 2022
73b254e
updates
RTann Jan 26, 2022
d49f63e
Merge branch 'master' into ROX-8401-registry-store
RTann Feb 1, 2022
fcf5ce5
for now
RTann Feb 1, 2022
f345db0
scanner proto location update
RTann Feb 1, 2022
17f38f5
update
RTann Feb 1, 2022
7cb1dcf
Merge branch 'master' into ROX-8401-registry-store
RTann Feb 1, 2022
7915ae0
Merge branch 'ROX-8401-registry-store' into ROX-8401-interactions
RTann Feb 1, 2022
23e50fc
merge
RTann Feb 1, 2022
c0d2a06
conflict
RTann Feb 1, 2022
a4bcc19
minor updates
RTann Feb 1, 2022
a911491
style
RTann Feb 1, 2022
40dfc0d
logs for debugging
RTann Feb 1, 2022
c22ad52
update log
RTann Feb 1, 2022
168daac
remove debug logs and add feature flag check
RTann Feb 1, 2022
dbef706
Merge branch 'master' into ROX-8401-registry-store
RTann Feb 2, 2022
3638f17
Merge branch 'ROX-8401-registry-store' into ROX-8401-interactions
RTann Feb 2, 2022
06b0584
gogen
RTann Feb 2, 2022
5e72ab6
update proto
RTann Feb 2, 2022
bf2c6bf
update error
RTann Feb 2, 2022
2651778
Merge branch 'ROX-8401-registry-store' into ROX-8401-interactions
RTann Feb 2, 2022
d902fa6
Merge branch 'master' into ROX-8401-registry-store
RTann Feb 2, 2022
63588ab
unit test
RTann Feb 2, 2022
a3c78c0
update unit tests
RTann Feb 3, 2022
3c1e2a7
comments
RTann Feb 3, 2022
f1253f0
Merge branch 'ROX-8401-registry-store' into ROX-8401-interactions
RTann Feb 3, 2022
873df32
update TODO
RTann Feb 3, 2022
a21592d
add debug log
RTann Feb 3, 2022
0e01dc1
Merge branch 'ROX-8401-registry-store' into ROX-8401-interactions
RTann Feb 3, 2022
8b864a9
add some debug logs
RTann Feb 3, 2022
d80ed18
Merge branch 'master' into ROX-8401-registry-store
RTann Feb 3, 2022
4aa4af7
Merge branch 'ROX-8401-registry-store' into ROX-8401-interactions
RTann Feb 3, 2022
7f8290a
remove annoying log
RTann Feb 3, 2022
6ba4d8a
Merge branch 'master' into ROX-8401-registry-store
RTann Feb 3, 2022
59049ee
update log
RTann Feb 3, 2022
37c68c4
Merge branch 'ROX-8401-registry-store' into ROX-8401-interactions
RTann Feb 3, 2022
32a556d
add log
RTann Feb 4, 2022
6ebb97e
add another log
RTann Feb 4, 2022
1ba3004
add TODO
RTann Feb 4, 2022
6816611
dont actually print metadata
RTann Feb 4, 2022
f74f93d
update authz
RTann Feb 4, 2022
575870c
Merge branch 'master' into ROX-8401-registry-store
RTann Feb 4, 2022
90b5d55
Revert "Revert various Scanner updates for 68 (#483)"
RTann Feb 4, 2022
f9712db
Revert "Revert "ROX-8742: Include executable dependent component (#74…
RTann Feb 4, 2022
2f940c6
Revert "Revert "update scanner version for updated proto path (#232)"…
RTann Feb 4, 2022
ebfadeb
update CHANGELOG
RTann Feb 4, 2022
b8a6f81
Merge branch 'master' into ross/revert-68-reverts
RTann Feb 4, 2022
383cc5e
Merge branch 'master' into ROX-8401-registry-store
RTann Feb 4, 2022
21e0b83
Merge branch 'ROX-8401-registry-store' into ROX-8401-interactions
RTann Feb 4, 2022
05f3e05
merge
RTann Feb 4, 2022
a17663f
Merge branch 'master' into ROX-8401-registry-store
RTann Feb 4, 2022
b25e7ef
merge
RTann Feb 4, 2022
d0d0540
Merge branch 'master' into ROX-8401-registry-store
RTann Feb 7, 2022
6ee9f65
PR udpates
RTann Feb 8, 2022
15e362f
PR udpates
RTann Feb 8, 2022
d2687bd
style
RTann Feb 8, 2022
9900b2d
add ctx and comment fixes
RTann Feb 8, 2022
6e937c3
Merge branch 'master' into ROX-8401-registry-store
RTann Feb 8, 2022
05fa6c6
style
RTann Feb 8, 2022
783c196
Merge branch 'ROX-8401-registry-store' into ROX-8401-interactions
RTann Feb 8, 2022
b06b402
rename checkTLS for clarity
RTann Feb 8, 2022
e3ca98e
Merge branch 'ROX-8401-registry-store' into ROX-8401-interactions
RTann Feb 8, 2022
9c63f53
update scanner version
RTann Feb 8, 2022
7d6f8b0
merge
RTann Feb 9, 2022
6ddd902
Merge branch 'master' into ROX-8401-interactions
RTann Feb 9, 2022
1a2e2b0
minor updates
RTann Feb 9, 2022
b145ebd
info for now
RTann Feb 10, 2022
f890ecc
fix Scanner connection issues
RTann Feb 10, 2022
9187cac
add debug logs
RTann Feb 10, 2022
bfae643
minor updates
RTann Feb 10, 2022
831456a
more updates
RTann Feb 10, 2022
3d8a1d3
Merge branch 'master' into ROX-8401-interactions
RTann Feb 10, 2022
6d400bb
updates
RTann Feb 10, 2022
799d633
Merge branch 'master' into ROX-8401-interactions
RTann Feb 10, 2022
f4e0e87
update scanner
RTann Feb 10, 2022
e2b661f
update debug logs
RTann Feb 10, 2022
f0eacf3
Merge branch 'master' into ROX-8401-interactions
RTann Feb 11, 2022
cd48d2c
fix sensor panic
RTann Feb 11, 2022
114a193
update doc
RTann Feb 11, 2022
bd62aec
debugging
RTann Feb 11, 2022
6bea7f4
updates
RTann Feb 11, 2022
34a083b
Merge branch 'ross/hotreload-sensor' into ROX-8401-interactions
RTann Feb 11, 2022
635e60a
Merge branch 'master' into ROX-8401-interactions
RTann Feb 12, 2022
66910c1
Merge branch 'master' into ROX-8401-interactions
RTann Feb 14, 2022
64bc993
PR updates
RTann Feb 14, 2022
19b50a8
bump scanner version
RTann Feb 14, 2022
be76219
update scanner endpoint
RTann Feb 14, 2022
77e685b
minor updates and minimize chance of panic
RTann Feb 15, 2022
4248573
for now
RTann Feb 15, 2022
65c7cef
Merge branch 'master' into ROX-8401-interactions
RTann Feb 16, 2022
5554816
accidental commit
RTann Feb 16, 2022
50fb121
allow scheme
RTann Feb 16, 2022
5a52ee6
only allow https as a scheme
RTann Feb 16, 2022
67f6bab
for now
RTann Feb 16, 2022
62bd50c
Merge branch 'master' into ROX-8401-interactions
RTann Feb 16, 2022
6378679
update image sent to Scanner
RTann Feb 16, 2022
7541d0c
Merge branch 'master' into ROX-8401-interactions
RTann Feb 16, 2022
45ad400
update go.sum?
RTann Feb 16, 2022
86c7bcb
updates
RTann Feb 16, 2022
8bea0c2
forgot to update comment
RTann Feb 16, 2022
a4c378b
update comment
RTann Feb 17, 2022
a7029e4
update logs
RTann Feb 17, 2022
cc4b55e
Merge branch 'master' into ROX-8401-interactions
RTann Feb 17, 2022
f99129e
Merge branch 'master' into ROX-8401-interactions
RTann Feb 17, 2022
28a80c4
add a new env var to indicate if we want to use a local scanner
RTann Feb 17, 2022
e306eef
Merge branch 'master' into ROX-8401-interactions
RTann Feb 18, 2022
24e0633
for now
RTann Feb 18, 2022
16c3c21
Merge branch 'master' into ROX-8401-interactions
RTann Feb 21, 2022
931b477
remove testing
RTann Feb 21, 2022
2931ca9
one more
RTann Feb 21, 2022
e1f57fc
remove more remnants
RTann Feb 21, 2022
7f37d68
comment dial is non-blocking
RTann Feb 21, 2022
d587c3a
comment updates
RTann Feb 21, 2022
407a119
update log
RTann Feb 21, 2022
9c26fc2
Merge branch 'master' into ROX-8401-interactions
RTann Feb 21, 2022
bb17e5d
revert timeout
RTann Feb 22, 2022
b940ae9
Merge branch 'master' into ROX-8401-interactions
RTann Feb 22, 2022
0aa8d15
Merge branch 'master' into ROX-8401-interactions
RTann Feb 22, 2022
85cb679
Merge branch 'master' into ROX-8401-interactions
RTann Feb 22, 2022
6e799c1
updates
RTann Feb 22, 2022
64b1a40
style
RTann Feb 22, 2022
0f793e8
Merge branch 'master' into ROX-8401-interactions
RTann Feb 23, 2022
825f2c8
Merge branch 'master' into ROX-8401-interactions
RTann Feb 23, 2022
1c91514
add protos to qa tests
RTann Feb 23, 2022
586d543
Merge branch 'master' into ROX-8401-interactions
RTann Feb 23, 2022
8b09e03
restore go mod cache
RTann Feb 24, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1376,6 +1376,8 @@ commands:
- attach_workspace:
at: /go/src/github.com/stackrox/rox

- *restoreGoModCache

- *setupRoxctl
- setup-gcp
- setup-dep-env:
Expand Down
28 changes: 23 additions & 5 deletions central/image/service/service_impl.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,12 @@ var (
"/v1.ImageService/CountImages",
"/v1.ImageService/ListImages",
},
or.Or(idcheck.SensorsOnly(), idcheck.AdmissionControlOnly()): {
or.SensorOrAuthorizer(idcheck.AdmissionControlOnly()): {
"/v1.ImageService/ScanImageInternal",
},
idcheck.SensorsOnly(): {
"/v1.ImageService/GetImageVulnerabilitiesInternal",
},
user.With(permissions.Modify(permissions.WithLegacyAuthForSAC(resources.Image, true))): {
"/v1.ImageService/DeleteImages",
"/v1.ImageService/ScanImage",
Expand Down Expand Up @@ -108,9 +111,10 @@ func (s *serviceImpl) GetImage(ctx context.Context, request *v1.GetImageRequest)
if request.GetId() == "" {
return nil, errors.Wrap(errorhelpers.ErrInvalidArgs, "id must be specified")
}
request.Id = types.NewDigest(request.Id).Digest()

image, exists, err := s.datastore.GetImage(ctx, request.GetId())
id := types.NewDigest(request.GetId()).Digest()

image, exists, err := s.datastore.GetImage(ctx, id)
if err != nil {
return nil, err
}
Expand All @@ -122,6 +126,11 @@ func (s *serviceImpl) GetImage(ctx context.Context, request *v1.GetImageRequest)
// This modifies the image object
utils.FilterSuppressedCVEsNoClone(image)
}
if request.GetStripDescription() {
// This modifies the image object
utils.StripCVEDescriptionsNoClone(image)
}

return image, nil
}

Expand Down Expand Up @@ -175,7 +184,7 @@ func internalScanRespFromImage(img *storage.Image) *v1.ScanImageInternalResponse
}
}

// ScanImageInternal handles an image request from Sensor
// ScanImageInternal handles an image request from Sensor and Admission Controller.
func (s *serviceImpl) ScanImageInternal(ctx context.Context, request *v1.ScanImageInternalRequest) (*v1.ScanImageInternalResponse, error) {
if err := s.internalScanSemaphore.Acquire(concurrency.AsContext(concurrency.Timeout(maxSemaphoreWaitTime)), 1); err != nil {
s, err := status.New(codes.Unavailable, err.Error()).WithDetails(&v1.ScanImageInternalResponseDetails_TooManyParallelScans{})
Expand All @@ -192,7 +201,8 @@ func (s *serviceImpl) ScanImageInternal(ctx context.Context, request *v1.ScanIma
if err != nil {
return nil, err
}
// If the scan exists and it is less than the reprocessing interval then return the scan. Otherwise, fetch it from the DB
// If the scan exists, and it is less than the reprocessing interval, then return the scan.
// Otherwise, fetch it from the DB.
Copy link
Contributor Author

@RTann RTann Feb 17, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thinking about it now, I don't think this comment makes a lot of sense...

if exists {
return internalScanRespFromImage(img), nil
}
Expand Down Expand Up @@ -251,6 +261,14 @@ func (s *serviceImpl) ScanImage(ctx context.Context, request *v1.ScanImageReques
return img, nil
}

// GetImageVulnerabilitiesInternal retrieves the vulnerabilities related to the image
// specified by the given components and scan notes.
// This is meant to be called by Sensor.
// TODO(ROX-9281): Implement me.
func (s *serviceImpl) GetImageVulnerabilitiesInternal(ctx context.Context, request *v1.GetImageVulnerabilitiesInternalRequest) (*v1.ScanImageInternalResponse, error) {
return nil, nil
}

// DeleteImages deletes images based on query
func (s *serviceImpl) DeleteImages(ctx context.Context, request *v1.DeleteImagesRequest) (*v1.DeleteImagesResponse, error) {
if request.GetQuery() == nil {
Expand Down
726 changes: 651 additions & 75 deletions generated/api/v1/image_service.pb.go
View file
Open in desktop

Large diffs are not rendered by default.

240 changes: 225 additions & 15 deletions generated/api/v1/image_service.swagger.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,12 @@
"in": "query",
"required": false,
"type": "boolean"
},
{
"name": "stripDescription",
"in": "query",
"required": false,
"type": "boolean"
}
],
"tags": [
Expand Down Expand Up @@ -408,20 +414,6 @@
],
"default": "UI_NONE"
},
"EmbeddedImageScanComponentExecutable": {
"type": "object",
"properties": {
"path": {
"type": "string"
},
"dependencies": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"EmbeddedVulnerabilityVulnerabilityType": {
"type": "string",
"enum": [
Expand Down Expand Up @@ -480,6 +472,210 @@
}
}
},
"scannerV1Components": {
"type": "object",
"properties": {
"namespace": {
"type": "string"
},
"osComponents": {
"type": "array",
"items": {
"$ref": "#/definitions/scannerV1OSComponent"
}
},
"rhelComponents": {
"type": "array",
"items": {
"$ref": "#/definitions/scannerV1RHELComponent"
}
},
"languageComponents": {
"type": "array",
"items": {
"$ref": "#/definitions/scannerV1LanguageComponent"
}
}
}
},
"scannerV1Executable": {
"type": "object",
"properties": {
"path": {
"type": "string"
},
"requiredFeatures": {
"type": "array",
"items": {
"$ref": "#/definitions/scannerV1FeatureNameVersion"
}
}
}
},
"scannerV1FeatureNameVersion": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"version": {
"type": "string"
}
}
},
"scannerV1JavaComponent": {
"type": "object",
"properties": {
"implementationVersion": {
"type": "string"
},
"mavenVersion": {
"type": "string"
},
"origins": {
"type": "array",
"items": {
"type": "string"
}
},
"specificationVersion": {
"type": "string"
},
"bundleName": {
"type": "string"
}
}
},
"scannerV1LanguageComponent": {
"type": "object",
"properties": {
"type": {
"$ref": "#/definitions/scannerV1SourceType"
},
"name": {
"type": "string"
},
"version": {
"type": "string"
},
"location": {
"type": "string"
},
"java": {
"$ref": "#/definitions/scannerV1JavaComponent"
},
"python": {
"$ref": "#/definitions/scannerV1PythonComponent"
},
"addedBy": {
"type": "string"
}
}
},
"scannerV1Note": {
"type": "string",
"enum": [
"OS_CVES_UNAVAILABLE",
"OS_CVES_STALE",
"LANGUAGE_CVES_UNAVAILABLE",
"CERTIFIED_RHEL_SCAN_UNAVAILABLE"
],
"default": "OS_CVES_UNAVAILABLE"
},
"scannerV1OSComponent": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"namespace": {
"type": "string"
},
"version": {
"type": "string"
},
"addedBy": {
"type": "string"
},
"executables": {
"type": "array",
"items": {
"$ref": "#/definitions/scannerV1Executable"
}
}
}
},
"scannerV1PythonComponent": {
"type": "object",
"properties": {
"homepage": {
"type": "string"
},
"authorEmail": {
"type": "string"
},
"downloadUrl": {
"type": "string"
},
"summary": {
"type": "string"
},
"description": {
"type": "string"
}
}
},
"scannerV1RHELComponent": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "int64"
},
"name": {
"type": "string"
},
"namespace": {
"type": "string"
},
"version": {
"type": "string"
},
"arch": {
"type": "string"
},
"module": {
"type": "string"
},
"cpes": {
"type": "array",
"items": {
"type": "string"
}
},
"addedBy": {
"type": "string"
},
"executables": {
"type": "array",
"items": {
"$ref": "#/definitions/scannerV1Executable"
}
}
}
},
"scannerV1SourceType": {
"type": "string",
"enum": [
"UNSET_SOURCE_TYPE",
"JAVA",
"PYTHON",
"NPM",
"GEM",
"DOTNETCORERUNTIME"
],
"default": "UNSET_SOURCE_TYPE"
},
"storageCVSSV2": {
"type": "object",
"properties": {
Expand Down Expand Up @@ -721,13 +917,27 @@
"executables": {
"type": "array",
"items": {
"$ref": "#/definitions/EmbeddedImageScanComponentExecutable"
"$ref": "#/definitions/storageEmbeddedImageScanComponentExecutable"
},
"title": "Values are cleared after moving to cache, remove them from the grpc return as well"
}
},
"title": "Next Tag: 13"
},
"storageEmbeddedImageScanComponentExecutable": {
"type": "object",
"properties": {
"path": {
"type": "string"
},
"dependencies": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"storageEmbeddedVulnerability": {
"type": "object",
"properties": {
Expand Down
2 changes: 1 addition & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ go 1.16

// CAVEAT: This introduces a circular dependency. If you change this line, you MUST change the "exclude"
// directive at the bottom of the file as well.
require github.com/stackrox/scanner v0.0.0-20220106020903-2744339f7e9d
require github.com/stackrox/scanner v0.0.0-20220214215744-13c0e1db0298

require (
cloud.google.com/go/compute v1.3.0
Expand Down
Loading