diff --git a/go.mod b/go.mod index 339af03..65d7171 100644 --- a/go.mod +++ b/go.mod @@ -3,8 +3,8 @@ module github.com/Checkmarx/containers-resolver go 1.24.1 require ( - github.com/Checkmarx/containers-images-extractor v1.0.7 - github.com/Checkmarx/containers-syft-packages-extractor v1.0.10 + github.com/Checkmarx/containers-images-extractor v1.0.8 + github.com/Checkmarx/containers-syft-packages-extractor v1.0.11 github.com/Checkmarx/containers-types v1.0.3 github.com/rs/zerolog v1.34.0 github.com/stretchr/testify v1.10.0 @@ -288,4 +288,4 @@ require ( sigs.k8s.io/yaml v1.4.0 // indirect ) -replace google.golang.org/protobuf => google.golang.org/protobuf v1.33.0 +replace google.golang.org/protobuf => google.golang.org/protobuf v1.33.0 \ No newline at end of file diff --git a/go.sum b/go.sum index fac40af..8da93a6 100644 --- a/go.sum +++ b/go.sum @@ -61,10 +61,10 @@ github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg= github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/Checkmarx/containers-images-extractor v1.0.7 h1:lLgaDFFqz1jksN3/d/6sLXO0C0ODbt9xExbt44YMEOg= -github.com/Checkmarx/containers-images-extractor v1.0.7/go.mod h1:ZtOqhzlErPr2QL9xGjMmxwGvzXUwi+G5BBeOfdY62Ug= -github.com/Checkmarx/containers-syft-packages-extractor v1.0.10 h1:35n22bjH2Tx5+B8vcqIHogHeEWOQrT2lUf4uaIjoENw= -github.com/Checkmarx/containers-syft-packages-extractor v1.0.10/go.mod h1:F9FFBVNmogF0wR9SVI0wRU9dZ9Ux3IZtZl3T24sQ/8E= +github.com/Checkmarx/containers-images-extractor v1.0.8 h1:X9EYkQKVjhNWcm0VCEFEF4/3O2wXM2QQtSTv5bDxm/I= +github.com/Checkmarx/containers-images-extractor v1.0.8/go.mod h1:ZtOqhzlErPr2QL9xGjMmxwGvzXUwi+G5BBeOfdY62Ug= +github.com/Checkmarx/containers-syft-packages-extractor v1.0.11 h1:mXQMz9a68DiP2Pwi4Dwj+ysPGHtGCOdouPSeA9u/Wi0= +github.com/Checkmarx/containers-syft-packages-extractor v1.0.11/go.mod h1:F9FFBVNmogF0wR9SVI0wRU9dZ9Ux3IZtZl3T24sQ/8E= github.com/Checkmarx/containers-types v1.0.3 h1:srk+RQnyPXyFKmVHA6P9SQZAtjczyndZ1aa0CWF/6/0= github.com/Checkmarx/containers-types v1.0.3/go.mod h1:F13rfevriqYHR+0ahk3W9H8uLK0Msbts012f1pIxJb0= github.com/CycloneDX/cyclonedx-go v0.9.2 h1:688QHn2X/5nRezKe2ueIVCt+NRqf7fl3AVQk+vaFcIo= diff --git a/pkg/containerResolver/containerScanner.go b/pkg/containerResolver/containerScanner.go index 095016d..392363d 100644 --- a/pkg/containerResolver/containerScanner.go +++ b/pkg/containerResolver/containerScanner.go @@ -1,6 +1,9 @@ package containersResolver import ( + "os" + "path/filepath" + "github.com/Checkmarx/containers-images-extractor/pkg/imagesExtractor" "github.com/Checkmarx/containers-syft-packages-extractor/pkg/syftPackagesExtractor" "github.com/Checkmarx/containers-types/types" @@ -30,10 +33,10 @@ func (cr *ContainersResolver) Resolve(scanPath string, resolutionFolderPath stri } log.Debug().Msgf("Resolve func parameters: scanPath=%s, resolutionFolderPath=%s, images=%s, isDebug=%t", scanPath, resolutionFolderPath, images, isDebug) - // 0. validate input - err := validate(resolutionFolderPath) + // 0. validate input and create .checkmarx folder + checkmarxPath, err := validate(resolutionFolderPath) if err != nil { - log.Err(err).Msg("Resolution Path is not valid.") + log.Err(err).Msg("Resolution Path is not valid or could not create .checkmarx folder.") return err } @@ -59,14 +62,14 @@ func (cr *ContainersResolver) Resolve(scanPath string, resolutionFolderPath stri return err } - //5. save to resolution file path - err = cr.SaveObjectToFile(resolutionFolderPath, resolutionResult) + //5. save to resolution file path (now using .checkmarx folder) + err = cr.SaveObjectToFile(checkmarxPath, resolutionResult) if err != nil { log.Err(err).Msg("Could not save resolution result.") return err } //6. cleanup files generated folder - err = cleanup(resolutionFolderPath, outputPath) + err = cleanup(resolutionFolderPath, outputPath, checkmarxPath) if err != nil { log.Err(err).Msg("Could not cleanup resources.") return err @@ -74,20 +77,33 @@ func (cr *ContainersResolver) Resolve(scanPath string, resolutionFolderPath stri return nil } -func validate(resolutionFolderPath string) error { +func validate(resolutionFolderPath string) (string, error) { isValidFolderPath, err := imagesExtractor.IsValidFolderPath(resolutionFolderPath) if err != nil || isValidFolderPath == false { - return err + return "", err } - return nil + + checkmarxPath := filepath.Join(resolutionFolderPath, ".checkmarx", "containers") + + err = os.MkdirAll(checkmarxPath, 0755) + if err != nil { + return "", err + } + + return checkmarxPath, nil } -func cleanup(originalPath string, outputPath string) error { - if outputPath != "" && outputPath != originalPath { +func cleanup(originalPath string, outputPath string, checkmarxPath string) error { + if outputPath != "" && outputPath != originalPath && checkmarxPath != "" { err := imagesExtractor.DeleteDirectory(outputPath) + cxErr := imagesExtractor.DeleteDirectory(checkmarxPath) + if err != nil { return err } + if cxErr != nil { + return cxErr + } } return nil } diff --git a/pkg/containerResolver/containerScanner_test.go b/pkg/containerResolver/containerScanner_test.go index 4dd412b..846dead 100644 --- a/pkg/containerResolver/containerScanner_test.go +++ b/pkg/containerResolver/containerScanner_test.go @@ -4,14 +4,16 @@ package containersResolver_test import ( "errors" - "github.com/Checkmarx/containers-resolver/pkg/containerResolver" + "os" + "path/filepath" + "testing" + + containersResolver "github.com/Checkmarx/containers-resolver/pkg/containerResolver" "github.com/Checkmarx/containers-syft-packages-extractor/pkg/syftPackagesExtractor" "github.com/Checkmarx/containers-types/types" "github.com/rs/zerolog/log" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" - "os" - "testing" ) // Mock for ImagesExtractorInterface @@ -92,7 +94,7 @@ func TestResolve(t *testing.T) { expectedResolution := []*syftPackagesExtractor.ContainerResolution{ { ContainerImage: syftPackagesExtractor.ContainerImage{ - ImageName: "image1", + ImageName: "image1:blabla", ImageTag: "latest", Distribution: "debian", ImageHash: "sha256:123abc", @@ -118,6 +120,8 @@ func TestResolve(t *testing.T) { } t.Run("Success scenario", func(t *testing.T) { + checkmarxPath := filepath.Join(resolutionFolderPath, ".checkmarx", "containers") + createTestFolder(checkmarxPath) mockImagesExtractor.On("ExtractFiles", scanPath). Return(sampleFileImages, map[string]map[string]string{"settings.json": {"key": "value"}}, "/output/path", nil) @@ -127,7 +131,7 @@ func TestResolve(t *testing.T) { map[string]map[string]string{"settings.json": {"key": "value"}}). Return([]types.ImageModel{{Name: "image1"}}, nil) mockSyftPackagesExtractor.On("AnalyzeImages", mock.Anything).Return(expectedResolution, nil) - mockImagesExtractor.On("SaveObjectToFile", resolutionFolderPath, expectedResolution).Return(nil) + mockImagesExtractor.On("SaveObjectToFile", checkmarxPath, expectedResolution).Return(nil) err := resolver.Resolve(scanPath, resolutionFolderPath, images, true) assert.NoError(t, err) @@ -135,7 +139,7 @@ func TestResolve(t *testing.T) { mockImagesExtractor.AssertCalled(t, "ExtractFiles", scanPath) mockImagesExtractor.AssertCalled(t, "ExtractAndMergeImagesFromFiles", sampleFileImages, mock.Anything, mock.Anything) mockSyftPackagesExtractor.AssertCalled(t, "AnalyzeImages", mock.Anything) - mockImagesExtractor.AssertCalled(t, "SaveObjectToFile", resolutionFolderPath, expectedResolution) + mockImagesExtractor.AssertCalled(t, "SaveObjectToFile", checkmarxPath, expectedResolution) }) t.Run("ScanPath Validation failure", func(t *testing.T) { @@ -151,6 +155,9 @@ func TestResolve(t *testing.T) { mockImagesExtractor.ExpectedCalls = nil mockImagesExtractor.Calls = nil + checkmarxPath := filepath.Join(resolutionFolderPath, ".checkmarx", "containers") + createTestFolder(checkmarxPath) + mockImagesExtractor.On("ExtractFiles", scanPath). Return(sampleFileImages, map[string]map[string]string{"settings.json": {"key": "value"}}, "/output/path", errors.New("invalid path")) @@ -167,6 +174,9 @@ func TestResolve(t *testing.T) { mockSyftPackagesExtractor.ExpectedCalls = nil mockSyftPackagesExtractor.Calls = nil + checkmarxPath := filepath.Join(resolutionFolderPath, ".checkmarx", "containers") + createTestFolder(checkmarxPath) + mockImagesExtractor.On("ExtractFiles", scanPath). Return(sampleFileImages, map[string]map[string]string{"settings.json": {"key": "value"}}, "/output/path", nil)