public static async Task ProcessImages(DirectoryInfo logDir) { var imageSet = await Anchore.GetAggregatedImages(); foreach (var tagKey in imageSet.Keys.OrderBy(s => s)) { var images = imageSet[tagKey]; for (int i = 0; i < images.Count; i++) { var image = images[i]; var vulnerabilities = await Anchore.GetVulnerabilitiesForImage(image); var result = VulnerabilityStore.Save(logDir, image, null, vulnerabilities); WriteLine($"{image.Tag}; {image.Digest}; New: {result}"); if (i + 1 >= images.Count) { continue; } for (int j = i + 1; j < images.Count; j++) { var image2 = images[j]; var vulnerabilities2 = await Anchore.GetVulnerabilitiesForImage(image); var result2 = VulnerabilityStore.Save(logDir, image2, image, vulnerabilities2); } } } }
public static async Task Load(string tag) { var image = new ImageInfo(); image.Tag = tag; Docker.PullImage(image.Tag); var(code, timeStamp) = Docker.GetTimestampForImage(image.Tag); image.TimeStamp = timeStamp; var result = await Anchore.RegisterImage(image); WriteLine($"Added: {image.Tag}; Analyzed: {result}"); }
private static async Task DiffVulnerabilitiesForTwoImages(DirectoryInfo logDir, ImageInfo imageA, ImageInfo imageB) { var vulnerabilitiesA = VulnerabilityStore.LoadVulnerabilitiesForDigest(logDir, imageA, null); var vulnerabilitiesB = VulnerabilityStore.LoadVulnerabilitiesForDigest(logDir, imageB, imageA); var vulnerabilitiesUniqueToA = vulnerabilitiesA.Except(vulnerabilitiesB).ToList(); var vulnerabilitiesUniqueToB = vulnerabilitiesB.Except(vulnerabilitiesA).ToList(); var vulnerabilitiesShared = vulnerabilitiesA.Intersect(vulnerabilitiesB).ToList(); WriteLine($"New Image: {imageA.TimeStamp}; {imageA.Digest}"); WriteLine($"Old Image: {imageB.TimeStamp}; {imageB.Digest}"); WriteLine("New vulnerabilities:"); await PrintVulnerabilitySummary(vulnerabilitiesUniqueToA); PrintArrayOfStrings(vulnerabilitiesUniqueToA); WriteLine("Fixed vulnerabilities:"); await PrintVulnerabilitySummary(vulnerabilitiesUniqueToB); PrintArrayOfStrings(vulnerabilitiesUniqueToB); WriteLine("Shared vulnerabilities:"); await PrintVulnerabilitySummary(vulnerabilitiesShared); PrintArrayOfStrings(vulnerabilitiesShared); void PrintArrayOfStrings(List <string> strings) { if (strings.Count == 0) { WriteLine("None"); return; } foreach (var s in strings) { WriteLine(s); } } async Task PrintVulnerabilitySummary(List <string> vulns) { if (vulns == null || vulns.Count == 0) { return; } var vulnerabilities = await Anchore.GetVulnerabilitiesForVulns(vulns); var vulnSummary = GetSummary(vulnerabilities); WriteLine(vulnSummary); } }
public static async Task LoadFromFile(FileInfo file) { var streamReader = file.OpenText(); string line = string.Empty; while ((line = await streamReader.ReadLineAsync()) != null) { var image = new ImageInfo(); image.Tag = line; Docker.PullImage(image.Tag); var(code, timeStamp) = Docker.GetTimestampForImage(image.Tag); image.TimeStamp = timeStamp; var result = await Anchore.RegisterImage(image); WriteLine($"Added: {image.Tag}; Analyzed: {result}"); } }
public static async Task DiffVulnerabilities(DirectoryInfo logDir, string tag) { var imageDictionary = await Anchore.GetAggregatedImages(); var selectedTags = new List <string>(); foreach (var tagKey in imageDictionary.Keys) { if (tagKey.EndsWith(tag)) { selectedTags.Clear(); selectedTags.Add(tagKey); break; } else if (tagKey.Contains(tag)) { selectedTags.Add(tagKey); } } foreach (var selectedTag in selectedTags) { var images = imageDictionary[selectedTag]; if (images == null) { WriteLine($"No image found for {tag}."); } else if (images.Count == 1) { WriteLine($"Only 1 image found for {selectedTag}."); } else { WriteLine($"Diff {images.Count} images for {selectedTag}."); for (int i = 0; i < images.Count - 1; i++) { await DiffVulnerabilitiesForTwoImages(logDir, images[i], images[i + 1]); WriteLine(); } } } }
static async Task Main(string[] args) { var status = await Anchore.CheckStatus(); if (!status) { WriteLine($"Anchore Engine is not available at {Anchore.BaseUrl}"); return; } var logLocation = Path.Combine(Directory.GetCurrentDirectory(), "logs"); var logDir = new DirectoryInfo(logLocation); void PrintMenu() { WriteLine("commands:"); WriteLine(" help -- prints help"); WriteLine(" list -- lists images"); WriteLine(" add [file] -- add images in file"); WriteLine(" vuln [image] [high | low | all] -- summarizes vulnerabilities for image"); WriteLine(" q -- quits program"); } string input = "help"; while (true) { if (input == "q") { return; } else if (input == "help") { PrintMenu(); } else if (input.StartsWith("addtag")) { var arguments = input.Split(' '); await Image.Load(arguments[1]); } else if (input.StartsWith("add")) { await Image.LoadFromFile(new FileInfo(@"c:\git\containersec\images.txt")); } else if (input.StartsWith("deleteall")) { await Anchore.DeleteAllImages(); } else if (input.StartsWith("diff")) { var arguments = input.Split(' '); await VulnerabilityAnalysis.DiffVulnerabilities(logDir, arguments[1]); } else if (input.StartsWith("process")) { await VulnerabilityAnalysis.ProcessImages(logDir); } else if (input == "list") { await foreach (var image in Anchore.GetImages()) { var analysis = (image.Analysis == "analyzed") ? string.Empty : $"[{image.Analysis}] "; WriteLine($"{analysis}{image.Tag}"); } } else if (input.StartsWith("vuln")) { var arguments = input.Split(' '); if (arguments.Length < 2) { WriteLine("Missing argument -- specify image"); } else { var vulnerabilities = await Anchore.GetVulnerabilitiesForTag(arguments[1]); var summary = VulnerabilityAnalysis.GetSummary(vulnerabilities); if (arguments.Length == 3) { var severityLevel = arguments[2]; var(valid, count) = VulnerabilityAnalysis.GetCountForSeverityLevel(summary, severityLevel); if (valid) { WriteLine($"{severityLevel}: {count}"); } else { WriteLine($"{severityLevel} not a valid severity level"); } } else { WriteLine(summary); } } } else { WriteLine("Unknown command"); } WriteLine(); input = ReadLine(); } }