Merge pull request #459 from snyk/feat/MYC-41-return-content-sets-fro…

…m-plugin feat: Return rpm repositories with the scanResult
snyk · Sep 23, 2022 · b03fd7b · b03fd7b
2 parents 38e1c55 + 6232182
commit b03fd7b
Show file tree

Hide file tree

Showing 17 changed files with 2,005 additions and 81 deletions.
diff --git a/lib/analyzer/static-analyzer.ts b/lib/analyzer/static-analyzer.ts
@@ -33,6 +33,10 @@ import {
   getPipAppFileContentAction,
   getPoetryAppFileContentAction,
 } from "../inputs/python/static";
+import {
+  getRedHatRepositoriesContentAction,
+  getRedHatRepositoriesFromExtractedLayers,
+} from "../inputs/redHat/static";
 import {
   getRpmDbFileContent,
   getRpmDbFileContentAction,
@@ -81,6 +85,7 @@ export async function analyze(
     getNodeBinariesFileContentAction,
     getOpenJDKBinariesFileContentAction,
     getDpkgPackageFileContentAction,
+    getRedHatRepositoriesContentAction,
   ];
 
   const checkForGlobs = shouldCheckForGlobs(globsToFind);
@@ -170,6 +175,9 @@ export async function analyze(
 
   const binaries = getBinariesHashes(extractedLayers);
 
+  const redHatRepositories =
+    getRedHatRepositoriesFromExtractedLayers(extractedLayers);
+
   const applicationDependenciesScanResults: AppDepsScanResultWithoutTarget[] =
     [];
 
@@ -222,6 +230,7 @@ export async function analyze(
     autoDetectedUserInstructions,
     imageLabels,
     imageCreationTime,
+    redHatRepositories,
   };
 }
 

diff --git a/lib/analyzer/types.ts b/lib/analyzer/types.ts
@@ -75,6 +75,7 @@ export interface StaticAnalysis {
   manifestFiles: ManifestFile[];
   imageLabels?: { [key: string]: string };
   imageCreationTime?: string;
+  redHatRepositories: string[];
 }
 
 export interface ArchiveResult {

diff --git a/lib/extractor/types.ts b/lib/extractor/types.ts
@@ -83,9 +83,3 @@ export interface DetectedImageLayers {
   packages;
   layers;
 }
-
-export interface RedHatRepos {
-  [imageLayerIndex: string]: RedHatRepo[];
-}
-
-export type RedHatRepo = string;
diff --git a/lib/facts.ts b/lib/facts.ts
@@ -82,3 +82,8 @@ export interface LoadedPackagesFact {
   type: "loadedPackages";
   data: string;
 }
+
+export interface RedHatRepositoriesFact {
+  type: "redHatRepositories";
+  data: string[];
+}
diff --git a/lib/inputs/redHat/static.ts b/lib/inputs/redHat/static.ts
@@ -0,0 +1,28 @@
+import { ExtractAction, ExtractedLayers } from "../../extractor/types";
+import { streamToJson } from "../../stream-utils";
+
+export const getRedHatRepositoriesContentAction: ExtractAction = {
+  actionName: "redhat-content-manifests",
+  filePathMatches: isRedHatContentManifest,
+  callback: streamToJson,
+};
+
+export function getRedHatRepositoriesFromExtractedLayers(
+  extractedLayers: ExtractedLayers,
+): string[] {
+  const repositories: string[] = [];
+  for (const filePath in extractedLayers) {
+    if (isRedHatContentManifest(filePath)) {
+      const contentManifest = extractedLayers[filePath][
+        "redhat-content-manifests"
+      ] as any;
+      repositories.push(...contentManifest?.content_sets);
+    }
+  }
+
+  return [...new Set(repositories)];
+}
+
+function isRedHatContentManifest(filePath: string): boolean {
+  return filePath.startsWith("/root/buildinfo/content_manifests/");
+}
diff --git a/lib/inputs/rhel/static.ts b/lib/inputs/rhel/static.ts
diff --git a/lib/response-builder.ts b/lib/response-builder.ts
@@ -143,6 +143,14 @@ async function buildResponse(
     additionalFacts.push(autoDetectedUserInstructionsFact);
   }
 
+  if (depsAnalysis.redHatRepositories.length > 0) {
+    const redHatRepositoriesFact: facts.RedHatRepositoriesFact = {
+      type: "redHatRepositories",
+      data: depsAnalysis.redHatRepositories,
+    };
+    additionalFacts.push(redHatRepositoriesFact);
+  }
+
   const applicationDependenciesScanResults: types.ScanResult[] = (
     depsAnalysis.applicationDependenciesScanResults || []
   ).map((appDepsScanResult) => {

diff --git a/lib/types.ts b/lib/types.ts
@@ -64,7 +64,8 @@ export type FactType =
   | "imageLabels"
   | "imageSizeBytes"
   | "loadedPackages"
-  | "imageCreationTime";
+  | "imageCreationTime"
+  | "redHatRepositories";
 
 export interface PluginResponse {
   /** The first result is guaranteed to be the OS dependencies scan result. */

diff --git a/test/fixtures/extracted-layers/rhel7-with-content-manifests.json b/test/fixtures/extracted-layers/rhel7-with-content-manifests.json
@@ -0,0 +1,17 @@
+{
+    "/root/buildinfo/content_manifests/jenkins-agent-maven-35-rhel7-container-v3.11.346-2.json": {
+        "redhat-content-manifests": {
+            "metadata": {
+                "icm_version": 1,
+                "icm_spec": "https://raw.githubusercontent.com/containerbuildsystem/atomic-reactor/master/atomic_reactor/schemas/content_manifest.json",
+                "image_layer_index": 6
+            },
+            "content_sets": [
+                "rhel-7-server-ose-3.11-rpms",
+                "rhel-server-rhscl-7-rpms",
+                "rhel-7-server-rpms"
+            ],
+            "image_contents": []
+        }
+    }
+}
diff --git a/test/fixtures/extracted-layers/ubi8-with-content-manifests.json b/test/fixtures/extracted-layers/ubi8-with-content-manifests.json
@@ -0,0 +1,37 @@
+{
+    "/root/buildinfo/content_manifests/s2i-core-container-1-155.json": {
+        "redhat-content-manifests": {
+            "content_sets": [
+                "rhel-8-for-x86_64-baseos-rpms",
+                "rhel-8-for-x86_64-appstream-rpms"
+            ],
+            "metadata": {
+                "image_layer_index": 2
+            }
+        }
+    },
+    "/root/buildinfo/content_manifests/ubi8-container-8.2-337": {
+        "redhat-content-manifests": {
+            "content_sets": [
+                "rhel-8-for-x86_64-baseos-beta-rpms",
+                "rhel-8-for-x86_64-appstream-beta-rpms",
+                "rhel-8-for-x86_64-baseos-htb-rpms",
+                "rhel-8-for-x86_64-appstream-htb-rpms"
+            ],
+            "metadata": {
+                "image_layer_index": 1
+            }
+        }
+    },
+    "/root/buildinfo/content_manifests/nodejs-10-container-1-99": {
+        "redhat-content-manifests": {
+            "content_sets": [
+                "rhel-8-for-x86_64-baseos-rpms",
+                "rhel-8-for-x86_64-appstream-rpms"
+            ],
+            "metadata": {
+                "image_layer_index": 4
+            }
+        }
+    }
+}
diff --git a/test/fixtures/extracted-layers/with-content-manifests.json b/test/fixtures/extracted-layers/with-content-manifests.json
diff --git a/test/lib/extractor/extractor.spec.ts b/test/lib/extractor/extractor.spec.ts
@@ -1,5 +1,6 @@
 import { extractImageContent } from "../../../lib/extractor";
-import { getRedHatReposContentAction } from "../../../lib/inputs/rhel/static";
+import { ExtractionResult } from "../../../lib/extractor/types";
+import { getRedHatRepositoriesContentAction } from "../../../lib/inputs/redHat/static";
 import { ImageType } from "../../../lib/types";
 import { getFixture } from "../../util/index";
 
@@ -10,7 +11,7 @@ describe("extractImageContent", () => {
     extractedContent = await extractImageContent(
       ImageType.DockerArchive,
       getFixture("docker-archives/docker-save/nginx-with-buildinfo.tar"),
-      [getRedHatReposContentAction],
+      [getRedHatRepositoriesContentAction],
     );
   });
 

diff --git a/test/lib/inputs/redHat/static.spec.ts b/test/lib/inputs/redHat/static.spec.ts
@@ -0,0 +1,37 @@
+import { getRedHatRepositoriesFromExtractedLayers } from "../../../../lib/inputs/redHat/static";
+import { getObjFromFixture } from "../../../util";
+
+describe("getRedHatRepositoriesFromExtractedLayers", () => {
+  it("returns unique set of repositories from rhel7 image", () => {
+    const extractedLayers = getObjFromFixture(
+      "extracted-layers/rhel7-with-content-manifests.json",
+    );
+
+    const repositories =
+      getRedHatRepositoriesFromExtractedLayers(extractedLayers);
+
+    expect(repositories).toMatchObject([
+      "rhel-7-server-ose-3.11-rpms",
+      "rhel-server-rhscl-7-rpms",
+      "rhel-7-server-rpms",
+    ]);
+  });
+
+  it("returns unique set of repositories from ubi8 image", () => {
+    const extractedLayers = getObjFromFixture(
+      "extracted-layers/ubi8-with-content-manifests.json",
+    );
+
+    const repositories =
+      getRedHatRepositoriesFromExtractedLayers(extractedLayers);
+
+    expect(repositories).toMatchObject([
+      "rhel-8-for-x86_64-baseos-rpms",
+      "rhel-8-for-x86_64-appstream-rpms",
+      "rhel-8-for-x86_64-baseos-beta-rpms",
+      "rhel-8-for-x86_64-appstream-beta-rpms",
+      "rhel-8-for-x86_64-baseos-htb-rpms",
+      "rhel-8-for-x86_64-appstream-htb-rpms",
+    ]);
+  });
+});
diff --git a/test/lib/inputs/rhel/static.spec.ts b/test/lib/inputs/rhel/static.spec.ts
diff --git a/test/system/operating-systems/__snapshots__/ubi8.spec.ts.snap b/test/system/operating-systems/__snapshots__/ubi8.spec.ts.snap
@@ -2775,6 +2775,13 @@ Object {
           "data": "Red Hat Enterprise Linux 8.2 (Ootpa)",
           "type": "imageOsReleasePrettyName",
         },
+        Object {
+          "data": Array [
+            "rhel-8-for-x86_64-baseos-rpms",
+            "rhel-8-for-x86_64-appstream-rpms",
+          ],
+          "type": "redHatRepositories",
+        },
       ],
       "identity": Object {
         "args": Object {