public static async Task ProcessImages(DirectoryInfo logDir)
{
var imageSet = await Anchore.GetAggregatedImages();
foreach (var tagKey in imageSet.Keys.OrderBy(s => s))
{
var images = imageSet[tagKey];
for (int i = 0; i < images.Count; i++)
{
var image = images[i];
var vulnerabilities = await Anchore.GetVulnerabilitiesForImage(image);
var result = VulnerabilityStore.Save(logDir, image, null, vulnerabilities);
WriteLine($"{image.Tag}; {image.Digest}; New: {result}");
if (i + 1 >= images.Count)
{
continue;
}
for (int j = i + 1; j < images.Count; j++)
{
var image2 = images[j];
var vulnerabilities2 = await Anchore.GetVulnerabilitiesForImage(image);
var result2 = VulnerabilityStore.Save(logDir, image2, image, vulnerabilities2);
}
}
}
}
public static async Task Load(string tag)
{
var image = new ImageInfo();
image.Tag = tag;
Docker.PullImage(image.Tag);
var(code, timeStamp) = Docker.GetTimestampForImage(image.Tag);
image.TimeStamp = timeStamp;
var result = await Anchore.RegisterImage(image);
WriteLine($"Added: {image.Tag}; Analyzed: {result}");
}
private static async Task DiffVulnerabilitiesForTwoImages(DirectoryInfo logDir, ImageInfo imageA, ImageInfo imageB)
{
var vulnerabilitiesA = VulnerabilityStore.LoadVulnerabilitiesForDigest(logDir, imageA, null);
var vulnerabilitiesB = VulnerabilityStore.LoadVulnerabilitiesForDigest(logDir, imageB, imageA);
var vulnerabilitiesUniqueToA = vulnerabilitiesA.Except(vulnerabilitiesB).ToList();
var vulnerabilitiesUniqueToB = vulnerabilitiesB.Except(vulnerabilitiesA).ToList();
var vulnerabilitiesShared = vulnerabilitiesA.Intersect(vulnerabilitiesB).ToList();
WriteLine($"New Image: {imageA.TimeStamp}; {imageA.Digest}");
WriteLine($"Old Image: {imageB.TimeStamp}; {imageB.Digest}");
WriteLine("New vulnerabilities:");
await PrintVulnerabilitySummary(vulnerabilitiesUniqueToA);
PrintArrayOfStrings(vulnerabilitiesUniqueToA);
WriteLine("Fixed vulnerabilities:");
await PrintVulnerabilitySummary(vulnerabilitiesUniqueToB);
PrintArrayOfStrings(vulnerabilitiesUniqueToB);
WriteLine("Shared vulnerabilities:");
await PrintVulnerabilitySummary(vulnerabilitiesShared);
PrintArrayOfStrings(vulnerabilitiesShared);
void PrintArrayOfStrings(List <string> strings)
{
if (strings.Count == 0)
{
WriteLine("None");
return;
}
foreach (var s in strings)
{
WriteLine(s);
}
}
async Task PrintVulnerabilitySummary(List <string> vulns)
{
if (vulns == null || vulns.Count == 0)
{
return;
}
var vulnerabilities = await Anchore.GetVulnerabilitiesForVulns(vulns);
var vulnSummary = GetSummary(vulnerabilities);
WriteLine(vulnSummary);
}
}
public static async Task LoadFromFile(FileInfo file)
{
var streamReader = file.OpenText();
string line = string.Empty;
while ((line = await streamReader.ReadLineAsync()) != null)
{
var image = new ImageInfo();
image.Tag = line;
Docker.PullImage(image.Tag);
var(code, timeStamp) = Docker.GetTimestampForImage(image.Tag);
image.TimeStamp = timeStamp;
var result = await Anchore.RegisterImage(image);
WriteLine($"Added: {image.Tag}; Analyzed: {result}");
}
}
public static async Task DiffVulnerabilities(DirectoryInfo logDir, string tag)
{
var imageDictionary = await Anchore.GetAggregatedImages();
var selectedTags = new List <string>();
foreach (var tagKey in imageDictionary.Keys)
{
if (tagKey.EndsWith(tag))
{
selectedTags.Clear();
selectedTags.Add(tagKey);
break;
}
else if (tagKey.Contains(tag))
{
selectedTags.Add(tagKey);
}
}
foreach (var selectedTag in selectedTags)
{
var images = imageDictionary[selectedTag];
if (images == null)
{
WriteLine($"No image found for {tag}.");
}
else if (images.Count == 1)
{
WriteLine($"Only 1 image found for {selectedTag}.");
}
else
{
WriteLine($"Diff {images.Count} images for {selectedTag}.");
for (int i = 0; i < images.Count - 1; i++)
{
await DiffVulnerabilitiesForTwoImages(logDir, images[i], images[i + 1]);
WriteLine();
}
}
}
}
static async Task Main(string[] args)
{
var status = await Anchore.CheckStatus();
if (!status)
{
WriteLine($"Anchore Engine is not available at {Anchore.BaseUrl}");
return;
}
var logLocation = Path.Combine(Directory.GetCurrentDirectory(), "logs");
var logDir = new DirectoryInfo(logLocation);
void PrintMenu()
{
WriteLine("commands:");
WriteLine(" help -- prints help");
WriteLine(" list -- lists images");
WriteLine(" add [file] -- add images in file");
WriteLine(" vuln [image] [high | low | all] -- summarizes vulnerabilities for image");
WriteLine(" q -- quits program");
}
string input = "help";
while (true)
{
if (input == "q")
{
return;
}
else if (input == "help")
{
PrintMenu();
}
else if (input.StartsWith("addtag"))
{
var arguments = input.Split(' ');
await Image.Load(arguments[1]);
}
else if (input.StartsWith("add"))
{
await Image.LoadFromFile(new FileInfo(@"c:\git\containersec\images.txt"));
}
else if (input.StartsWith("deleteall"))
{
await Anchore.DeleteAllImages();
}
else if (input.StartsWith("diff"))
{
var arguments = input.Split(' ');
await VulnerabilityAnalysis.DiffVulnerabilities(logDir, arguments[1]);
}
else if (input.StartsWith("process"))
{
await VulnerabilityAnalysis.ProcessImages(logDir);
}
else if (input == "list")
{
await foreach (var image in Anchore.GetImages())
{
var analysis = (image.Analysis == "analyzed") ? string.Empty : $"[{image.Analysis}] ";
WriteLine($"{analysis}{image.Tag}");
}
}
else if (input.StartsWith("vuln"))
{
var arguments = input.Split(' ');
if (arguments.Length < 2)
{
WriteLine("Missing argument -- specify image");
}
else
{
var vulnerabilities = await Anchore.GetVulnerabilitiesForTag(arguments[1]);
var summary = VulnerabilityAnalysis.GetSummary(vulnerabilities);
if (arguments.Length == 3)
{
var severityLevel = arguments[2];
var(valid, count) = VulnerabilityAnalysis.GetCountForSeverityLevel(summary, severityLevel);
if (valid)
{
WriteLine($"{severityLevel}: {count}");
}
else
{
WriteLine($"{severityLevel} not a valid severity level");
}
}
else
{
WriteLine(summary);
}
}
}
else
{
WriteLine("Unknown command");
}
WriteLine();
input = ReadLine();
}
}
