update trivy, and unsupport image scanning feature (#971)

* update trivy, fanal. unsupport image scanning * Update models/library.go Co-authored-by: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp> * add -no-progress flag to report/tui cmd * Display trivy vuln info to tui/report * add detection method to vulninfo detected by trivy * fix(uuid): change uuid lib to go-uuid #929 (#969) * update trivy, fanal. unsupport image scanning * Update models/library.go Co-authored-by: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp> * add -no-progress flag to report/tui cmd * Display trivy vuln info to tui/report * add detection method to vulninfo detected by trivy * unique ref links in TUI * download trivy DB only when lock file is specified in config.toml Co-authored-by: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp>
2020-05-08 15:24:39 +09:00
parent 9dd025437b
commit ebe5f858c8
22 changed files with 475 additions and 677 deletions
--- a/scan/serverapi.go
+++ b/scan/serverapi.go
@@ -109,18 +109,6 @@ func detectOS(c config.ServerInfo) (osType osTypeInterface) {
 		return
 	}

-	itsMe, osType, fatalErr = detectContainerImage(c)
-	if fatalErr != nil {
-		osType.setErrs(
-			[]error{xerrors.Errorf("Failed to detect OS: %w", fatalErr)},
-		)
-		return
-	}
-	if itsMe {
-		util.Log.Debugf("Container")
-		return
-	}
-
 	itsMe, osType, fatalErr = detectDebianWithRetry(c)
 	if fatalErr != nil {
 		osType.setErrs([]error{
@@ -179,28 +167,9 @@ func PrintSSHableServerNames() bool {
 	return true
 }

-func needScans() (needBaseServer, scanContainer, scanImage bool) {
-	scanContainer = true
-	scanImage = true
-	if !config.Conf.ContainersOnly && !config.Conf.ImagesOnly {
-		needBaseServer = true
-	}
-
-	if config.Conf.ImagesOnly && !config.Conf.ContainersOnly {
-		scanContainer = false
-	}
-
-	if config.Conf.ContainersOnly && !config.Conf.ImagesOnly {
-		scanImage = false
-	}
-	return needBaseServer, scanContainer, scanImage
-}
-
 // InitServers detect the kind of OS distribution of target servers
 func InitServers(timeoutSec int) error {
-	needBaseServers, scanContainer, scanImage := needScans()
-
-	// use global servers, errServers when scan containers and images
+	// use global servers, errServers when scan containers
 	servers, errServers = detectServerOSes(timeoutSec)
 	if len(servers) == 0 {
 		return xerrors.New("No scannable base servers")
@@ -208,23 +177,16 @@ func InitServers(timeoutSec int) error {

 	// scan additional servers
 	var actives, inactives []osTypeInterface
-	if scanImage {
-		oks, errs := detectImageOSes(timeoutSec)
-		actives = append(actives, oks...)
-		inactives = append(inactives, errs...)
-	}
-	if scanContainer {
-		oks, errs := detectContainerOSes(timeoutSec)
-		actives = append(actives, oks...)
-		inactives = append(inactives, errs...)
-	}
+	oks, errs := detectContainerOSes(timeoutSec)
+	actives = append(actives, oks...)
+	inactives = append(inactives, errs...)

-	if needBaseServers {
-		servers = append(servers, actives...)
-		errServers = append(errServers, inactives...)
-	} else {
+	if config.Conf.ContainersOnly {
 		servers = actives
 		errServers = inactives
+	} else {
+		servers = append(servers, actives...)
+		errServers = append(errServers, inactives...)
 	}

 	if len(servers) == 0 {
@@ -434,81 +396,6 @@ func detectContainerOSesOnServer(containerHost osTypeInterface) (oses []osTypeIn
 	return oses
 }

-func detectImageOSes(timeoutSec int) (actives, inactives []osTypeInterface) {
-	util.Log.Info("Detecting OS of static containers... ")
-	osTypesChan := make(chan []osTypeInterface, len(servers))
-	defer close(osTypesChan)
-	for _, s := range servers {
-		go func(s osTypeInterface) {
-			defer func() {
-				if p := recover(); p != nil {
-					util.Log.Debugf("Panic: %s on %s",
-						p, s.getServerInfo().GetServerName())
-				}
-			}()
-			osTypesChan <- detectImageOSesOnServer(s)
-		}(s)
-	}
-
-	timeout := time.After(time.Duration(timeoutSec) * time.Second)
-	for i := 0; i < len(servers); i++ {
-		select {
-		case res := <-osTypesChan:
-			for _, osi := range res {
-				sinfo := osi.getServerInfo()
-				if 0 < len(osi.getErrs()) {
-					inactives = append(inactives, osi)
-					util.Log.Errorf("Failed: %s err: %+v", sinfo.ServerName, osi.getErrs())
-					continue
-				}
-				actives = append(actives, osi)
-				util.Log.Infof("Detected: %s@%s: %s",
-					sinfo.Image.Name, sinfo.ServerName, osi.getDistro())
-			}
-		case <-timeout:
-			msg := "Timed out while detecting static containers"
-			util.Log.Error(msg)
-			for servername, sInfo := range config.Conf.Servers {
-				found := false
-				for _, o := range append(actives, inactives...) {
-					if servername == o.getServerInfo().ServerName {
-						found = true
-						break
-					}
-				}
-				if !found {
-					u := &unknown{}
-					u.setServerInfo(sInfo)
-					u.setErrs([]error{
-						xerrors.New("Timed out"),
-					})
-					inactives = append(inactives)
-					util.Log.Errorf("Timed out: %s", servername)
-				}
-			}
-		}
-	}
-	return
-}
-
-func detectImageOSesOnServer(containerHost osTypeInterface) (oses []osTypeInterface) {
-	containerHostInfo := containerHost.getServerInfo()
-	if len(containerHostInfo.Images) == 0 {
-		return
-	}
-
-	for idx, img := range containerHostInfo.Images {
-		copied := containerHostInfo
-		// change servername for original
-		copied.ServerName = fmt.Sprintf("%s@%s", idx, containerHostInfo.ServerName)
-		copied.Image = img
-		copied.Type = ""
-		os := detectOS(copied)
-		oses = append(oses, os)
-	}
-	return oses
-}
-
 // CheckScanModes checks scan mode
 func CheckScanModes() error {
 	for _, s := range servers {