first commit

Author: dwertent

.github/workflows/release.yaml

@@ -0,0 +1,31 @@
+name: Release-Tag
+on:
+  push:
+    branches: [ master ] 
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Set up Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: 1.17
+
+    - name: Build
+      run: go build -v ./...
+
+    - name: Test
+      run: go test -v ./...
+
+    - name: Create a release
+      id: create_release
+      uses: actions/create-release@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        tag_name: v0.0.${{ github.run_number }}
+        release_name: Release v0.0.${{ github.run_number }}
+        draft: false
+        prerelease: false

containerscan/containerscan_mock.go

@@ -0,0 +1,90 @@
+package containerscan
+
+import (
+	"bytes"
+	"math/rand"
+	"time"
+
+	"github.com/francoispqt/gojay"
+)
+
+// GenerateContainerScanReportMock - generate a scan result
+func GenerateContainerScanReportMock() ScanResultReport {
+	ds := ScanResultReport{
+		WLID:         "wlid://cluster-k8s-geriatrix-k8s-demo3/namespace-whisky-app/deployment-whisky4all-shipping",
+		CustomerGUID: "1231bcb1-49ce-4a67-bdd3-5da7a393ae08",
+		ImgTag:       "dreg.armo.cloud:443/demoservice:v16",
+		ImgHash:      "docker-pullable://dreg.armo.cloud:443/demoservice@sha256:754f3cfca915a07ed10655a301dd7a8dc5526a06f9bd06e7c932f4d4108a8296",
+		Timestamp:    time.Now().UnixNano(),
+	}
+
+	ds.Layers = make(LayersList, 0)
+	layer := ScanResultLayer{}
+	GenerateContainerScanLayer(&layer)
+	ds.Layers = append(ds.Layers, layer)
+	return ds
+}
+
+// GenerateContainerScanReportMock - generate a scan result
+func GenerateContainerScanReportNoVulMock() ScanResultReport {
+	ds := ScanResultReport{
+		WLID:          "wlid://cluster-k8s-geriatrix-k8s-demo3/namespace-whisky-app/deployment-whisky4all-shipping",
+		CustomerGUID:  "1231bcb1-49ce-4a67-bdd3-5da7a393ae08",
+		ImgTag:        "dreg.armo.cloud:443/demoservice:v16",
+		ImgHash:       "docker-pullable://dreg.armo.cloud:443/demoservice@sha256:754f3cfca915a07ed10655a301dd7a8dc5526a06f9bd06e7c932f4d4108a8296",
+		Timestamp:     time.Now().UnixNano(),
+		ContainerName: "shipping",
+	}
+
+	ds.Layers = make(LayersList, 0)
+	layer := ScanResultLayer{LayerHash: "aaa"}
+	ds.Layers = append(ds.Layers, layer)
+	return ds
+}
+
+var hash = []rune("abcdef0123456789")
+var nums = []rune("0123456789")
+
+func randSeq(n int, bank []rune) string {
+	rand.Seed(time.Now().UnixNano())
+
+	b := make([]rune, n)
+	for i := range b {
+		b[i] = bank[rand.Intn(len(bank))]
+	}
+	return string(b)
+}
+
+// GenerateContainerScanLayer - generate a layer with random vuls
+func GenerateContainerScanLayer(layer *ScanResultLayer) {
+	layer.LayerHash = randSeq(32, hash)
+	layer.Vulnerabilities = make(VulnerabilitiesList, 0)
+	layer.Packages = make(LinuxPkgs, 0)
+	vuls := rand.Intn(10) + 1
+
+	for i := 0; i < vuls; i++ {
+		v := Vulnerability{}
+		GenerateVulnerability(&v)
+		layer.Vulnerabilities = append(layer.Vulnerabilities, v)
+	}
+
+	pkg := LinuxPackage{PackageName: "coreutils"}
+	pkg.Files = make(PkgFiles, 0)
+	pf := PackageFile{Filename: "aa"}
+	pkg.Files = append(pkg.Files, pf)
+	layer.Packages = append(layer.Packages, pkg)
+}
+
+// GenerateVulnerability - generate a vul (just diff "cve"'s)
+func GenerateVulnerability(v *Vulnerability) error {
+	baseVul := " { \"name\": \"CVE-2014-9471\", \"imageTag\": \"debian:8\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2014-9471\", \"description\": \"The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the sdf\", \"severity\": \"Low\", \"metadata\": { \"NVD\": { \"CVSSv2\": { \"Score\": 7.5, \"Vectors\": \"AV:N/AC:L/Au:N/C:P/I:P\" } } }, \"fixedIn\": [ { \"name\": \"coreutils\", \"imageTag\": \"debian:8\", \"version\": \"8.23-1\" } ] }"
+	b := []byte(baseVul)
+	r := bytes.NewReader(b)
+	er := gojay.NewDecoder(r).DecodeObject(v)
+	v.RelatedPackageName = "coreutils"
+	v.Severity = HighSeverity
+	v.Relevancy = Irelevant
+	v.Name = "CVE-" + randSeq(4, nums) + "-" + randSeq(4, nums)
+	return er
+
+}

containerscan/containerscan_test.go

@@ -0,0 +1,79 @@
+package containerscan
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/francoispqt/gojay"
+)
+
+func TestDecodeScanWIthDangearousArtifacts(t *testing.T) {
+	rhs := &ScanResultReport{}
+	er := gojay.NewDecoder(strings.NewReader(nginxScanJSON)).DecodeObject(rhs)
+	if er != nil {
+		t.Errorf("decode failed due to: %v", er.Error())
+	}
+	sumObj := rhs.Summarize()
+	if sumObj.Registry != "" {
+		t.Errorf("sumObj.Registry = %v", sumObj.Registry)
+	}
+	if sumObj.VersionImage != "nginx:1.18.0" {
+		t.Errorf("sumObj.VersionImage = %v", sumObj.Registry)
+	}
+	if sumObj.ImgTag != "nginx:1.18.0" {
+		t.Errorf("sumObj.ImgTag = %v", sumObj.ImgTag)
+	}
+	if sumObj.Status != "Fail" {
+		t.Errorf("sumObj.Status = %v", sumObj.Status)
+	}
+	if len(sumObj.ListOfDangerousArtifcats) != 3 {
+		t.Errorf("sumObj.ListOfDangerousArtifcats = %v", sumObj.ListOfDangerousArtifcats)
+	}
+}
+
+func TestUnmarshalScanReport(t *testing.T) {
+	ds := GenerateContainerScanReportMock()
+	str1 := ds.AsFNVHash()
+	rhs := &ScanResultReport{}
+
+	bolB, _ := json.Marshal(ds)
+	r := bytes.NewReader(bolB)
+
+	er := gojay.NewDecoder(r).DecodeObject(rhs)
+	if er != nil {
+		t.Errorf("marshalling failed due to: %v", er.Error())
+	}
+
+	if rhs.AsFNVHash() != str1 {
+		t.Errorf("marshalling failed different values after marshal:\nOriginal:\n%v\nParsed:\n%v\n\n===\n", string(bolB), rhs)
+	}
+}
+
+func TestUnmarshalScanReport1(t *testing.T) {
+	ds := Vulnerability{}
+	if err := GenerateVulnerability(&ds); err != nil {
+		t.Errorf("%v\n%v\n", ds, err)
+	}
+}
+
+func TestGetByPkgNameSuccess(t *testing.T) {
+	ds := GenerateContainerScanReportMock()
+	a := ds.Layers[0].GetFilesByPackage("coreutils")
+	if a != nil {
+
+		fmt.Printf("%+v\n", *a)
+	}
+
+}
+
+func TestGetByPkgNameMissing(t *testing.T) {
+	ds := GenerateContainerScanReportMock()
+	a := ds.Layers[0].GetFilesByPackage("s")
+	if a != nil && len(*a) > 0 {
+		t.Errorf("expected - no such package should be in that layer %v\n\n; found - %v", ds, a)
+	}
+
+}

containerscan/datastructures.go

@@ -0,0 +1,37 @@
+package containerscan
+
+const (
+	//defines Relevancy as enum-like
+	Unknown   = "Unknown"
+	Relevant  = "Relevant"
+	Irelevant = "Irelevant"
+	NoSP      = "No signature profile to compare"
+
+	//Clair Severities
+	UnknownSeverity    = "Unknown"
+	NegligibleSeverity = "Negligible"
+	LowSeverity        = "Low"
+	MediumSeverity     = "Medium"
+	HighSeverity       = "High"
+	CriticalSeverity   = "Critical"
+
+	ContainerScanRedisPrefix = "_containerscan"
+)
+
+var KnownSeverities = map[string]bool{
+	UnknownSeverity:    true,
+	NegligibleSeverity: true,
+	LowSeverity:        true,
+	MediumSeverity:     true,
+	HighSeverity:       true,
+	CriticalSeverity:   true,
+}
+
+func CalculateFixed(Fixes []FixedIn) int {
+	for _, fix := range Fixes {
+		if fix.Version != "None" {
+			return 1
+		}
+	}
+	return 0
+}

containerscan/datastructuresmethods.go

@@ -0,0 +1,39 @@
+package containerscan
+
+import "strings"
+
+func (layer *ScanResultLayer) GetFilesByPackage(pkgname string) (files *PkgFiles) {
+	for _, pkg := range layer.Packages {
+		if pkg.PackageName == pkgname {
+			return &pkg.Files
+		}
+	}
+
+	return &PkgFiles{}
+}
+
+func (layer *ScanResultLayer) GetPackagesNames() []string {
+	pkgsNames := []string{}
+	for _, pkg := range layer.Packages {
+		pkgsNames = append(pkgsNames, pkg.PackageName)
+	}
+	return pkgsNames
+}
+
+func (scanresult *ScanResultReport) Validate() bool {
+	if scanresult.CustomerGUID == "" || (scanresult.ImgHash == "" && scanresult.ImgTag == "") || scanresult.Timestamp <= 0 {
+		return false
+	}
+
+	//TODO validate layers & vuls
+
+	return true
+}
+
+func (v *Vulnerability) IsRCE() bool {
+	desc := strings.ToLower(v.Description)
+
+	isRCE := strings.Contains(v.Description, "RCE")
+
+	return isRCE || strings.Contains(desc, "remote code execution") || strings.Contains(desc, "remote command execution") || strings.Contains(desc, "arbitrary code") || strings.Contains(desc, "code execution") || strings.Contains(desc, "code injection") || strings.Contains(desc, "command injection") || strings.Contains(desc, "inject arbitrary commands")
+}