Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Change container scan setting in config.toml

Browse Source
This commit is contained in:
Kota Kanbe
2017-03-14 20:07:51 +09:00
parent 92e213ca32
commit 735aa835a6
11 changed files with 107 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
scan/base.go
View File

@@ -77,7 +77,7 @@ func (l base) getPlatform() models.Platform {
}
func (l base) allContainers() (containers []config.Container, err error) {
switch l.ServerInfo.Container.Type {
switch l.ServerInfo.Containers.Type {
case "", "docker":
stdout, err := l.dockerPs("-a --format '{{.ID}} {{.Names}} {{.Image}}'")
if err != nil {
@@ -92,12 +92,12 @@ func (l base) allContainers() (containers []config.Container, err error) {
return l.parseLxdPs(stdout)
default:
return containers, fmt.Errorf(
"Not supported yet: %s", l.ServerInfo.Container.Type)
"Not supported yet: %s", l.ServerInfo.Containers.Type)
}
}
func (l *base) runningContainers() (containers []config.Container, err error) {
switch l.ServerInfo.Container.Type {
switch l.ServerInfo.Containers.Type {
case "", "docker":
stdout, err := l.dockerPs("--format '{{.ID}} {{.Names}} {{.Image}}'")
if err != nil {
@@ -112,12 +112,12 @@ func (l *base) runningContainers() (containers []config.Container, err error) {
return l.parseLxdPs(stdout)
default:
return containers, fmt.Errorf(
"Not supported yet: %s", l.ServerInfo.Container.Type)
"Not supported yet: %s", l.ServerInfo.Containers.Type)
}
}
func (l *base) exitedContainers() (containers []config.Container, err error) {
switch l.ServerInfo.Container.Type {
switch l.ServerInfo.Containers.Type {
case "", "docker":
stdout, err := l.dockerPs("--filter 'status=exited' --format '{{.ID}} {{.Names}} {{.Image}}'")
if err != nil {
@@ -132,7 +132,7 @@ func (l *base) exitedContainers() (containers []config.Container, err error) {
return l.parseLxdPs(stdout)
default:
return containers, fmt.Errorf(
"Not supported yet: %s", l.ServerInfo.Container.Type)
"Not supported yet: %s", l.ServerInfo.Containers.Type)
}
}
@@ -271,10 +271,15 @@ func (l *base) convertToModel() models.ScanResult {
}
sort.Sort(l.VulnInfos)
ctype := l.ServerInfo.Containers.Type
if l.ServerInfo.Container.ContainerID != "" && ctype == "" {
ctype = "docker"
}
container := models.Container{
ContainerID: l.ServerInfo.Container.ContainerID,
Name: l.ServerInfo.Container.Name,
Image: l.ServerInfo.Container.Image,
Type: ctype,
}
errs := []string{}

2
scan/executil.go
View File

@@ -339,7 +339,7 @@ func decorateCmd(c conf.ServerInfo, cmd string, sudo bool) string {
// }
if c.IsContainer() {
switch c.Container.Type {
switch c.Containers.Type {
case "", "docker":
cmd = fmt.Sprintf(`docker exec %s /bin/bash -c "%s"`, c.Container.ContainerID, cmd)
case "lxd":

18
scan/serverapi.go
View File

@@ -259,7 +259,7 @@ func detectContainerOSes() (actives, inactives []osTypeInterface) {
func detectContainerOSesOnServer(containerHost osTypeInterface) (oses []osTypeInterface) {
containerHostInfo := containerHost.getServerInfo()
if len(containerHostInfo.Containers) == 0 {
if len(containerHostInfo.Containers.Includes) == 0 {
return
}
@@ -271,14 +271,24 @@ func detectContainerOSesOnServer(containerHost osTypeInterface) (oses []osTypeIn
return append(oses, containerHost)
}
if containerHostInfo.Containers[0] == "${running}" {
if containerHostInfo.Containers.Includes[0] == "${running}" {
for _, containerInfo := range running {
found := false
for _, ex := range containerHost.getServerInfo().Containers.Excludes {
if containerInfo.Name == ex || containerInfo.ContainerID == ex {
found = true
}
}
if found {
continue
}
copied := containerHostInfo
copied.SetContainer(config.Container{
ContainerID: containerInfo.ContainerID,
Name: containerInfo.Name,
Image: containerInfo.Image,
Type: containerHostInfo.Container.Type,
})
os := detectOS(copied)
oses = append(oses, os)
@@ -295,7 +305,7 @@ func detectContainerOSesOnServer(containerHost osTypeInterface) (oses []osTypeIn
}
var exited, unknown []string
for _, container := range containerHostInfo.Containers {
for _, container := range containerHostInfo.Containers.Includes {
found := false
for _, c := range running {
if c.ContainerID == container || c.Name == container {