examine 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +2 -0
- data/.gitlab-ci.yml +22 -12
- data/Dockerfile +4 -1
- data/Gemfile.lock +8 -2
- data/README.md +10 -16
- data/examine.gemspec +1 -0
- data/lib/examine/cli/application.rb +10 -0
- data/lib/examine/cli/clair.rb +105 -0
- data/lib/examine/cli.rb +12 -0
- data/lib/examine/version.rb +1 -1
- data/lib/examine.rb +1 -59
- metadata +19 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d580d78447a470a51a68c9c9c67a921f223bd982b7d28977885b7b70ea1d9f1f
|
4
|
+
data.tar.gz: 7775399dbe8b3f043a77de1afb83be5a54e4096e9be051f3089f0a830aa3e1bd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7deb9c99012fdb03a1a6bf94d49bd168c1590f17ed84be12ab704c0d77612b52fd6e22aa155bf5f64a8ca7367abf6288c2fe1054a5708d5ccc3c02f8d411df3c
|
7
|
+
data.tar.gz: 9b43e8f24d5b0d14a0f6a8cf797c18712f2f7ffd4299b1bde86a1de4e2fe726cc1c3d5e63dacc947caf5de114f2760023b73d140fc44088b3e88a6430966394c
|
data/.gitignore
CHANGED
data/.gitlab-ci.yml
CHANGED
@@ -1,36 +1,46 @@
|
|
1
1
|
services:
|
2
|
-
- docker:
|
2
|
+
- docker:dind
|
3
3
|
|
4
4
|
stages:
|
5
5
|
- build
|
6
6
|
- test
|
7
7
|
|
8
|
-
|
9
|
-
|
8
|
+
variables:
|
9
|
+
DOCKER_IMAGE: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA
|
10
10
|
|
11
11
|
build:
|
12
12
|
image: docker:stable
|
13
13
|
stage: build
|
14
|
-
variables:
|
15
|
-
IMAGE: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA
|
16
14
|
script:
|
17
15
|
- docker info
|
18
16
|
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
|
19
|
-
- docker build -t $
|
20
|
-
- docker push $
|
17
|
+
- docker build -t $DOCKER_IMAGE .
|
18
|
+
- docker push $DOCKER_IMAGE
|
21
19
|
|
22
20
|
rspec:
|
23
21
|
image:
|
24
|
-
name: $
|
22
|
+
name: $DOCKER_IMAGE
|
25
23
|
entrypoint: [""]
|
24
|
+
variables:
|
25
|
+
GIT_STRATEGY: none
|
26
26
|
stage: test
|
27
27
|
script:
|
28
|
-
- bundle exec rspec
|
28
|
+
- cd /examine/ && bundle exec rspec
|
29
29
|
|
30
30
|
examine:
|
31
31
|
image:
|
32
|
-
name:
|
33
|
-
|
32
|
+
name: docker:stable
|
33
|
+
allow_failure: true
|
34
|
+
variables:
|
35
|
+
CLAIR_URL: http://docker:6060
|
36
|
+
DOCKER_DRIVER: overlay2
|
37
|
+
DOCKER_HOST: tcp://docker:2375
|
38
|
+
GIT_STRATEGY: none
|
39
|
+
NO_PROXY: docker,localhost
|
40
|
+
TARGET_IMAGE: $DOCKER_IMAGE
|
34
41
|
stage: test
|
35
42
|
script:
|
36
|
-
-
|
43
|
+
- apk add ruby curl
|
44
|
+
- gem install examine --no-document
|
45
|
+
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
|
46
|
+
- examine clair scan $DOCKER_IMAGE --clair_url $CLAIR_URL --ip $(hostname -i)
|
data/Dockerfile
CHANGED
@@ -1,6 +1,9 @@
|
|
1
1
|
FROM docker:stable
|
2
|
-
RUN apk add ruby git
|
2
|
+
RUN apk add ruby git curl
|
3
3
|
RUN gem install bundler -v '~> 2.0' --no-document
|
4
|
+
RUN wget https://github.com/arminc/clair-scanner/releases/download/v12/clair-scanner_linux_amd64 && \
|
5
|
+
mv clair-scanner_linux_amd64 /usr/local/bin/clair-scanner && \
|
6
|
+
chmod +x /usr/local/bin/clair-scanner
|
4
7
|
RUN mkdir -p /examine
|
5
8
|
WORKDIR /examine
|
6
9
|
COPY . .
|
data/Gemfile.lock
CHANGED
@@ -1,13 +1,19 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
examine (0.1.
|
4
|
+
examine (0.1.1)
|
5
|
+
down (~> 4.8)
|
5
6
|
thor (~> 0.20)
|
6
7
|
|
7
8
|
GEM
|
8
9
|
remote: https://rubygems.org/
|
9
10
|
specs:
|
11
|
+
addressable (2.6.0)
|
12
|
+
public_suffix (>= 2.0.2, < 4.0)
|
10
13
|
diff-lcs (1.3)
|
14
|
+
down (4.8.1)
|
15
|
+
addressable (~> 2.5)
|
16
|
+
public_suffix (3.1.1)
|
11
17
|
rake (10.5.0)
|
12
18
|
rspec (3.8.0)
|
13
19
|
rspec-core (~> 3.8.0)
|
@@ -34,4 +40,4 @@ DEPENDENCIES
|
|
34
40
|
rspec (~> 3.0)
|
35
41
|
|
36
42
|
BUNDLED WITH
|
37
|
-
2.0.
|
43
|
+
2.0.2
|
data/README.md
CHANGED
@@ -1,28 +1,22 @@
|
|
1
1
|
# Examine
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
TODO: Delete this and the text above, and describe your gem
|
3
|
+
This gem is used to perform different types of analysis on your
|
4
|
+
code/images.
|
6
5
|
|
7
6
|
## Installation
|
8
7
|
|
9
|
-
|
10
|
-
|
11
|
-
```ruby
|
12
|
-
gem 'examine'
|
13
|
-
```
|
14
|
-
|
15
|
-
And then execute:
|
16
|
-
|
17
|
-
$ bundle
|
18
|
-
|
19
|
-
Or install it yourself as:
|
8
|
+
Install it yourself as:
|
20
9
|
|
21
10
|
$ gem install examine
|
22
11
|
|
23
12
|
## Usage
|
24
13
|
|
25
|
-
|
14
|
+
To scan a docker image: (this requires docker to be running on your system)
|
15
|
+
|
16
|
+
```bash
|
17
|
+
$ examine clair scan mokhan/minbox:latest
|
18
|
+
$ examine clair scan node:latest
|
19
|
+
```
|
26
20
|
|
27
21
|
## Development
|
28
22
|
|
@@ -32,7 +26,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
32
26
|
|
33
27
|
## Contributing
|
34
28
|
|
35
|
-
Bug reports and pull requests are welcome on
|
29
|
+
Bug reports and pull requests are welcome on GitLab at https://gitlab.com/xlgmokha/examine.
|
36
30
|
|
37
31
|
## License
|
38
32
|
|
data/examine.gemspec
CHANGED
@@ -23,6 +23,7 @@ Gem::Specification.new do |spec|
|
|
23
23
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
24
24
|
spec.require_paths = ["lib"]
|
25
25
|
|
26
|
+
spec.add_dependency "down", "~> 4.8"
|
26
27
|
spec.add_dependency "thor", "~> 0.20"
|
27
28
|
spec.add_development_dependency "bundler", "~> 2.0"
|
28
29
|
spec.add_development_dependency "rake", "~> 10.0"
|
@@ -0,0 +1,105 @@
|
|
1
|
+
module Examine
|
2
|
+
module CLI
|
3
|
+
class Clair < Thor
|
4
|
+
DOWNLOAD_PATH = 'https://github.com/arminc/clair-scanner/releases/download/v12/'
|
5
|
+
|
6
|
+
method_option :clair_url, desc: 'clair url', default: 'http://localhost:6060', type: :string
|
7
|
+
desc 'start', 'start a clair server'
|
8
|
+
def start
|
9
|
+
ensure_docker_installed!
|
10
|
+
spawn 'docker run -d --name clair-db arminc/clair-db:latest'
|
11
|
+
wait_until('docker ps --filter="name=clair-db" --filter="status=running" --filter="expose=5432/tcp" | grep -v CONT')
|
12
|
+
|
13
|
+
spawn 'docker run --restart=unless-stopped -p 6060:6060 --link clair-db:postgres -d --name clair arminc/clair-local-scan:latest'
|
14
|
+
wait_until('docker ps --filter="name=clair" --filter="status=running" --filter="expose=6060/tcp" | grep -v CONT')
|
15
|
+
wait_until("curl -s #{options[:clair_url]}/v1/namespaces > /dev/null")
|
16
|
+
end
|
17
|
+
|
18
|
+
method_option :ip, desc: 'ip address', default: nil, type: :string
|
19
|
+
method_option :clair_url, desc: 'clair url', default: 'http://localhost:6060', type: :string
|
20
|
+
method_option :report, desc: 'report file', default: 'report.json', type: :string
|
21
|
+
method_option :log, desc: 'log file', default: 'clair.log', type: :string
|
22
|
+
method_option :whitelist, desc: 'whitelist file', default: nil, type: :string
|
23
|
+
desc 'scan <image>', 'scan a specific image'
|
24
|
+
def scan(image)
|
25
|
+
start unless started?
|
26
|
+
|
27
|
+
ip = options[:ip] || Socket.ip_address_list[1].ip_address
|
28
|
+
system "docker pull #{image}"
|
29
|
+
command = [
|
30
|
+
clair_exe,
|
31
|
+
"-c #{options[:clair_url]}",
|
32
|
+
"--ip #{ip}",
|
33
|
+
"-r #{options[:report]}",
|
34
|
+
"-l #{options[:log]}",
|
35
|
+
image,
|
36
|
+
]
|
37
|
+
command.insert(-2, "-w #{options[:whitelist]}") if options[:whitelist]
|
38
|
+
system command.join(' ')
|
39
|
+
end
|
40
|
+
|
41
|
+
desc 'status', 'status of clair server'
|
42
|
+
def status
|
43
|
+
system "docker ps -a | grep clair"
|
44
|
+
end
|
45
|
+
|
46
|
+
desc 'stop', 'stop all clair servers'
|
47
|
+
def stop
|
48
|
+
system "docker stop $(docker ps | grep -v CONT | grep clair- | awk '{ print $1 }')"
|
49
|
+
system "docker system prune -f"
|
50
|
+
end
|
51
|
+
|
52
|
+
private
|
53
|
+
|
54
|
+
def started?
|
55
|
+
status
|
56
|
+
end
|
57
|
+
|
58
|
+
def clair_exe
|
59
|
+
@clair_exe ||= executable_exists?('clair-scanner') || download_clair
|
60
|
+
end
|
61
|
+
|
62
|
+
def executable_exists?(exe)
|
63
|
+
found = ENV['PATH'].split(':').find do |x|
|
64
|
+
File.exist?(File.join(x, exe))
|
65
|
+
end
|
66
|
+
return File.join(found, exe) if found
|
67
|
+
end
|
68
|
+
|
69
|
+
def download_clair
|
70
|
+
File.join(Dir.tmpdir, 'clair-scanner').tap do |exe|
|
71
|
+
Down.download(clair_download_path, destination: exe)
|
72
|
+
`chmod +x #{exe}`
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
def clair_download_path
|
77
|
+
platform = Gem::Platform.local
|
78
|
+
exe = {
|
79
|
+
'x86-darwin' => 'clair-scanner_darwin_386',
|
80
|
+
'x86-linux' => 'clair-scanner_linux_386',
|
81
|
+
'x86_64-darwin' => 'clair-scanner_darwin_amd64',
|
82
|
+
'x86_64-linux' => 'clair-scanner_linux_amd64',
|
83
|
+
}["#{platform.cpu}-#{platform.os}"]
|
84
|
+
return URI.join(DOWNLOAD_PATH, exe).to_s if exe
|
85
|
+
|
86
|
+
raise 'clair-scanner could not be found in your PATH. Download from https://github.com/arminc/clair-scanner/releases'
|
87
|
+
end
|
88
|
+
|
89
|
+
def wait
|
90
|
+
print '.'
|
91
|
+
sleep 1
|
92
|
+
end
|
93
|
+
|
94
|
+
def wait_until(command)
|
95
|
+
Timeout.timeout(60, nil, command) do
|
96
|
+
wait until system(command)
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
def ensure_docker_installed!
|
101
|
+
raise 'docker was not detected on the system' unless executable_exists?('docker')
|
102
|
+
end
|
103
|
+
end
|
104
|
+
end
|
105
|
+
end
|
data/lib/examine/cli.rb
ADDED
data/lib/examine/version.rb
CHANGED
data/lib/examine.rb
CHANGED
@@ -1,64 +1,6 @@
|
|
1
|
+
require "examine/cli"
|
1
2
|
require "examine/version"
|
2
3
|
|
3
|
-
require 'socket'
|
4
|
-
require 'thor'
|
5
|
-
|
6
4
|
module Examine
|
7
5
|
class Error < StandardError; end
|
8
|
-
|
9
|
-
module CLI
|
10
|
-
class Clair < Thor
|
11
|
-
|
12
|
-
method_option :clair_url, desc: 'clair url', default: 'http://localhost:6060', type: :string
|
13
|
-
desc 'start', 'start a clair server'
|
14
|
-
def start
|
15
|
-
db_pid = spawn 'docker run -d --name clair-db arminc/clair-db:latest'
|
16
|
-
command = 'docker ps --filter="name=clair-db" --filter="status=running" --filter="expose=5432/tcp" | grep -v CONT'
|
17
|
-
print '.' until system(command)
|
18
|
-
puts "clair-db started. (PID: #{db_pid})"
|
19
|
-
|
20
|
-
clair_pid = spawn 'docker run --restart=unless-stopped -p 6060:6060 --link clair-db:postgres -d --name clair arminc/clair-local-scan:latest'
|
21
|
-
|
22
|
-
command = 'docker ps --filter="name=clair" --filter="status=running" --filter="expose=6060/tcp" | grep -v CONT'
|
23
|
-
print '.' until system(command)
|
24
|
-
print '.' until system("curl -s #{options[:clair_url]}/v1/namespaces > /dev/null")
|
25
|
-
puts "clair-local-scan started. (PID: #{clair_pid})"
|
26
|
-
end
|
27
|
-
|
28
|
-
method_option :ip, desc: 'ip address', default: nil, type: :string
|
29
|
-
method_option :clair_url, desc: 'clair url', default: 'http://localhost:6060', type: :string
|
30
|
-
desc 'scan <image>', 'scan a specific image'
|
31
|
-
def scan(image)
|
32
|
-
start unless started?
|
33
|
-
|
34
|
-
ip = options[:ip] || Socket.ip_address_list[1].ip_address
|
35
|
-
system "docker pull #{image}"
|
36
|
-
system "clair-scanner -c #{options[:clair_url]} --ip #{ip} #{image}"
|
37
|
-
end
|
38
|
-
|
39
|
-
desc 'status', 'status of clair server'
|
40
|
-
def status
|
41
|
-
system "docker ps -a | grep clair"
|
42
|
-
end
|
43
|
-
|
44
|
-
desc 'stop', 'stop all clair servers'
|
45
|
-
def stop
|
46
|
-
system "docker stop $(docker ps | grep -v CONT | grep clair- | awk '{ print $1 }')"
|
47
|
-
system "docker system prune -f"
|
48
|
-
end
|
49
|
-
|
50
|
-
private
|
51
|
-
|
52
|
-
def started?
|
53
|
-
status
|
54
|
-
end
|
55
|
-
end
|
56
|
-
|
57
|
-
class Application < Thor
|
58
|
-
package_name 'examine'
|
59
|
-
|
60
|
-
desc 'clair', 'manage clair'
|
61
|
-
subcommand :clair, Examine::CLI::Clair
|
62
|
-
end
|
63
|
-
end
|
64
6
|
end
|
metadata
CHANGED
@@ -1,15 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: examine
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- mo
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-07-
|
11
|
+
date: 2019-07-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: down
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '4.8'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '4.8'
|
13
27
|
- !ruby/object:Gem::Dependency
|
14
28
|
name: thor
|
15
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -88,6 +102,9 @@ files:
|
|
88
102
|
- examine.gemspec
|
89
103
|
- exe/examine
|
90
104
|
- lib/examine.rb
|
105
|
+
- lib/examine/cli.rb
|
106
|
+
- lib/examine/cli/application.rb
|
107
|
+
- lib/examine/cli/clair.rb
|
91
108
|
- lib/examine/version.rb
|
92
109
|
homepage: https://www.mokhan.ca/
|
93
110
|
licenses:
|