From 2d342fa1a1b4f06fea9be73298a00e627cbb6a46 Mon Sep 17 00:00:00 2001 From: Jono Yang Date: Fri, 17 Jun 2022 00:42:24 -0700 Subject: [PATCH] Use extract_tar to extract Docker images and layers (#453) * Use extract_tar to extract images and layers #407 * extract_tar uses the built in tar command, which does not do filename sanitization Signed-off-by: Jono Yang * Update expected test results #407 Signed-off-by: Jono Yang * Recreate docker-images.tar.gz with valid tars #407 * Update expected test results Signed-off-by: Jono Yang --- scanpipe/pipes/docker.py | 8 +- scanpipe/tests/data/debian_scan_codebase.json | 82 ++++++++++++++---- scanpipe/tests/data/docker-images.tar.gz | Bin 6773 -> 7569 bytes .../docker-images.tar.gz-expected-data-1.json | 20 ++--- .../docker-images.tar.gz-expected-data-2.json | 20 ++--- scanpipe/tests/test_pipelines.py | 4 +- setup.cfg | 2 +- 7 files changed, 93 insertions(+), 43 deletions(-) diff --git a/scanpipe/pipes/docker.py b/scanpipe/pipes/docker.py index 3ae57afa8..494ad1d42 100644 --- a/scanpipe/pipes/docker.py +++ b/scanpipe/pipes/docker.py @@ -25,10 +25,10 @@ from pathlib import Path from container_inspector.image import Image +from container_inspector.utils import extract_tar from scanpipe import pipes from scanpipe.pipes import rootfs -from scanpipe.pipes.scancode import extract_archive logger = logging.getLogger(__name__) @@ -62,7 +62,7 @@ def extract_image_from_tarball(input_tarball, extract_target, verify=True): Returns the `images` and an `errors` list of error messages that may have happen during the extraction. """ - errors = list(extract_archive(location=input_tarball, target=extract_target)) + errors = extract_tar(location=input_tarball, target_dir=extract_target) images = Image.get_images_from_dir( extracted_location=str(extract_target), verify=verify, @@ -101,9 +101,9 @@ def extract_layers_from_images_to_base_path(base_path, images): for layer in image.layers: extract_target = target_path / layer.layer_id - extract_errors = extract_archive( + extract_errors = extract_tar( location=layer.archive_location, - target=extract_target, + target_dir=extract_target, ) errors.extend(extract_errors) layer.extracted_location = str(extract_target) diff --git a/scanpipe/tests/data/debian_scan_codebase.json b/scanpipe/tests/data/debian_scan_codebase.json index c6b6026d5..5012c427f 100644 --- a/scanpipe/tests/data/debian_scan_codebase.json +++ b/scanpipe/tests/data/debian_scan_codebase.json @@ -123,7 +123,41 @@ "manifest_path": "", "contains_source_code": null, "extra_data": { - "multi_arch": "same" + "multi_arch": "same", + "missing_file_references": [ + { + "md5": "23c8a935fa4fc7290d55cc5df3ef56b1", + "path": "lib/x86_64-linux-gnu/libncurses.so.5.9", + "sha1": null, + "sha256": null, + "sha512": null, + "extra_data": {} + }, + { + "md5": "98b70f283324e89db5787a018a54adf4", + "path": "usr/lib/x86_64-linux-gnu/libform.so.5.9", + "sha1": null, + "sha256": null, + "sha512": null, + "extra_data": {} + }, + { + "md5": "e3a0f5154928da2da234920343ac14b2", + "path": "usr/lib/x86_64-linux-gnu/libmenu.so.5.9", + "sha1": null, + "sha256": null, + "sha512": null, + "extra_data": {} + }, + { + "md5": "a927e7d76753bb85f5a784b653d337d2", + "path": "usr/lib/x86_64-linux-gnu/libpanel.so.5.9", + "sha1": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] }, "missing_resources": [], "modified_resources": [], @@ -161,7 +195,25 @@ "manifest_path": "", "contains_source_code": null, "extra_data": { - "multi_arch": "same" + "multi_arch": "same", + "missing_file_references": [ + { + "md5": "5d26434efecc08048ab72357af804ef7", + "path": "usr/lib/x86_64-linux-gnu/libndp.so.0.0.2", + "sha1": null, + "sha256": null, + "sha512": null, + "extra_data": {} + }, + { + "md5": "60d977e0c9a9fb07c1f8ae3090ea6f48", + "path": "usr/share/doc/libndp0/changelog.Debian.gz", + "sha1": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] }, "missing_resources": [], "modified_resources": [], @@ -195,7 +247,6 @@ "extension": "", "programming_language": "", "mime_type": "text/plain", - "file_type": "ASCII text", "is_binary": false, "is_text": true, "is_archive": false, @@ -223,7 +274,6 @@ "extension": "", "programming_language": "", "mime_type": "text/plain", - "file_type": "UTF-8 Unicode text", "is_binary": false, "is_text": true, "is_archive": false, @@ -251,7 +301,6 @@ "extension": "", "programming_language": "Haxe", "mime_type": "text/plain", - "file_type": "ASCII text", "is_binary": false, "is_text": true, "is_archive": false, @@ -259,8 +308,10 @@ "is_media": false }, { - "for_packages": [], - "path": "debian.tar.gz-extract/8a63761caf6d45e65b8e6cdc2e0c03c55625fd142ec3356b80a9ea4a34b11b66/var/lib/dpkg/info/libncurses5_amd64.md5sums", + "for_packages": [ + "pkg:deb/libncurses5@6.1-1ubuntu1.18.04?architecture=amd64&uuid=fixed-uid-done-for-testing-5642512d1758" + ], + "path": "debian.tar.gz-extract/8a63761caf6d45e65b8e6cdc2e0c03c55625fd142ec3356b80a9ea4a34b11b66/var/lib/dpkg/info/libncurses5:amd64.md5sums", "sha1": "e5ff875218d4f909576575b0471feb0e5230a861", "md5": "9d18792b91935a5849328cb368005ec9", "extra_data": {}, @@ -271,13 +322,12 @@ "license_expressions": [], "emails": [], "urls": [], - "status": "no-licenses", + "status": "system-package", "type": "file", - "name": "libncurses5_amd64", + "name": "libncurses5:amd64", "extension": ".md5sums", "programming_language": "", "mime_type": "text/plain", - "file_type": "ASCII text", "is_binary": false, "is_text": true, "is_archive": false, @@ -285,8 +335,10 @@ "is_media": false }, { - "for_packages": [], - "path": "debian.tar.gz-extract/8a63761caf6d45e65b8e6cdc2e0c03c55625fd142ec3356b80a9ea4a34b11b66/var/lib/dpkg/info/libndp0_amd64.md5sums", + "for_packages": [ + "pkg:deb/libndp0@1.4-2ubuntu0.16.04.1?architecture=amd64&uuid=fixed-uid-done-for-testing-5642512d1758" + ], + "path": "debian.tar.gz-extract/8a63761caf6d45e65b8e6cdc2e0c03c55625fd142ec3356b80a9ea4a34b11b66/var/lib/dpkg/info/libndp0:amd64.md5sums", "sha1": "c212d44c6649df5ff13ec447f4fa30faf81fc490", "md5": "7cb818062922c437df1902c18862455a", "extra_data": {}, @@ -297,13 +349,12 @@ "license_expressions": [], "emails": [], "urls": [], - "status": "no-licenses", + "status": "system-package", "type": "file", - "name": "libndp0_amd64", + "name": "libndp0:amd64", "extension": ".md5sums", "programming_language": "", "mime_type": "text/plain", - "file_type": "ASCII text", "is_binary": false, "is_text": true, "is_archive": false, @@ -356,7 +407,6 @@ "extension": "", "programming_language": "Haxe", "mime_type": "text/plain", - "file_type": "ASCII text", "is_binary": false, "is_text": true, "is_archive": false, diff --git a/scanpipe/tests/data/docker-images.tar.gz b/scanpipe/tests/data/docker-images.tar.gz index 14169707d03e3e5d5a62996caf91ddc83fcafd98..091f23f60eed8d6ed5efb6549cdba0b8ea5567b4 100644 GIT binary patch literal 7569 zcma)`dX-t?;O(14yU>a@9p;lv;LN|V8Mx^R z51vE}ihRbKcOHGA*v=?k_sEdhPRYJ`7Uza(Yhx%mE0=jT)k&ppjing5L14!65S@(a z1v>T;7Th8!RvQNswPPraP;zqY?u`stmT6!WlVA#-nBq7Omnz0z0-YYVkk$qoLI!bC zplaO?4T!h4$G9=E$Wn9=CE-F7kHI6YqBgqDMJlMSG7n>yXvp{}ppkG>2b7i4Ehi}3 zng5*WzMxVF2rjXH{ko6k7qh`@v|@-10Uq|x0Z<|A1zVg7M9S`2^sBX$1TsV*6gWDL zJ;RQ9<&ICCPZ@u4_8@5DZqHZ)I3s#six3!nU+MEqZBi9RCAd^LVcIgZ6yt?0F`4ep zp__6Mb2*^2(Lonhdgz&vo{jG)u4o4OocKZi^ptshb-l6L zjgMCwJjpW$rRC3-z=v`%T54vbJv}X}d9}Ch($bkq49VP2W5yOV)MMfY zGIDJg)X4r zH-HSm5@KK?hs4o!Z}ugf6MwNotv)d zeuBYBwEh*|U1-ztUYl{2)l4UM=gUqqjN{G9&U-hd*WKVYxHO4YHg!i=1>+3Uy%3h@ z1xoRh=h4PS-!;^#G{jGo7}Z+1ve;v4NoWfY6n;M&M8geav{4m^wYSbIoi~^IL#YGw z<+7Oey5}z%4>EEpUTc12`-m_tAd`ffgY-> zN3MOBRxuqQ%M)=8shQsT3FQO$Ct0|Pdj>s8?*uV4P+ z8)mpYY6Bt}LbOOgSD#i)${{qj4?^k-A+6Qps|C+fN6w8*goxx4r`Tkk#SFNkbT93W zz5n#MMvQv|?DlwTq5VZvcB|=hRW#L-Z_VZ+hm)ZAacq(8C$NkZAIeYZiau=K(j`6+ zA2keNDJ^HV$h)-gqWO$;`&ft^Ud}{uzO$Edf{k&w+Jrx9+YUTX0u?IX%u}Kqmqz?N$2+P39U8kRy@c85 z*JQg{OnMSI(OI+uDu;#^h(u#{dAn7ERc;Hv)laEKzpGvqY5W$n_0+lY3~WAFS@3wM z`G&9d>{Krwr|j{kvtMgfGez9`zDV3~Ws~sz!ORv&qj2H78D*I_@Lk()r2k8YOhIVZ}@HC3f#N|O@5nifCK?(W% zKe%2#o)AiTvvvQ$pG`4#0X_u_8qHtima?G&1MZdP5;Sqi*#+m=)pv#C3Pku#hm_%O zn$-PenfY??O>QbT)Y;Bw`!@?L9P4w2FkiWYyIw!DsCu)_n?y66{yI3N`CZO!F^G+J zpx>k>;!D`;m>-tl8j+!A>TfjYciclPD6(SSY$bpEw*4s`cra>X-jwVm5}y(Tici<; zy<4?ZRGU1_7?@PFCWtWa-*U%Q>TE8}zP*?S7piKH_?-{LByp4aFnb4SnT+7d(wMM~ z%WPvSA>k-HT+8u@)y<{osZh9_lD$MmNS8_{^_gR3d#|_Ll+JVR(@;oSZyN@cc_#fU z;tui8wpzqkJA-5uG=BM;>9>$)`$tya=J9Z$n?BGT|{TM!6P=QtD&w+J&co!ul{+ z6Wk&jQ)Yf{m0jCq6O<@VX=l$(JKsosatWOC=wnCYQf6#_9`)RJn!_N=49CG4r9qbZB4dY?w{ zDT=K(`x6VGx~ZluEcu{1p~CT!pDVfbR{0KkA=Y>99k2A86$9N+P1h^ExSuO}AAFbU zx!mHkS022c{<^Qcrqr!xJQ1P0*I}v~%(o(set+>&hEmK$MSw>=x$%z4*;mq}hFTog zgS=eXr5b;+(y=vd=X=$# z`R2tQaFXo~?^bvSoSs@W$@%!7mV1@eeBX7mx zVFhLF;HDU#89$&RhffxUnG}q+HZ~J;C+rhnj@aPdK#&n zvm5@EZLWyBtc%b0gxK?}jlAsI3i+vqgVj9`6M&SLOqDkIdVNCYhtyeLD zA-mVm@3_O{JJZDV^Lg=2?ON3N7iZ=lIbJG(Jt`0@(bdqj22}I1Ed0&*!oFti2@MH%{`Aq5nj-gg_3t8E$2^z#QycDw}6 znl8LN{LyZU>|0UGe1yqSs@<-V>jt9U=XaPNCfawAf49EbKALjr&d7+{aH(dxRx< zx@XX-zY%11AZ2j)>Kz?f>PDrKNZj=AZnj}mhpJN*d3%e6d#V##^~Q_^fN-=gM#YL09c5Ywsr(GRbMz(Ix18dA7=L)LFrN z4?|PHDOLjZl>4*Ug2r!E^GwtP2Zd!Hvb)4u^sF=~JmRFAl52sxvmxxP42>%F6S7%iFCjHr-Iqm;5y!GAY?a ziodEqIau^Ad@uC#v@oZoOKx~G{eJJvd{c;z?a6q?9|NMUy5Y}!U>yDpq!c7Xut+ml z+U708pZ98rpEC80BSkpL-$>reY2^ts5B%O+3_pOg%?*uNpGl{4PR{J?iJ?U;kzoq(S@A60bM++C|4r4IP>?#gV6ZS519D zt4GyA=Tt5CUY?<2#qbM@1Ndj-aPLYB&1SkL&T?D6sfiMT=r2MACTe&48#fy@Lkw&? zalcRwNvwS-?(lFX8~hGg#|0nXAxR^N^hVufE#P5mWcTQ&IB!JZOA*<;q#Sb7dj%gO z{3I*r@=mQ0qL}k|N8pS*&pAltv*$o%KLR2yknTS$j8ObuE@yhjnelTmaVs$^v70gp z7oit6#C)qN-@4>&!?!VqxMr(bx8LCY0(qrJgY6Vn6^4vr#B$%h>FN1eFi`Qpg5C8@ zxiz(h99YCRMIaGm7THO^9&sV$Rj=tnh?QCN+C!zB=J9)askg*=Yrnaa_yo`6YVKQb zN7L1;1O>ra47NVoalY>5#_-r{&y~@Bnhm1a62L4_xt_C zsuI^vMdQ+ue{VQn(ys6zh>ILkP;qnen7`to$3BYKYU4W!2piR{ zGhT6$$*8%a+RP8>UqE6mj{TFmM#!1!*ersiS!s-%=xD=Z#)xs%2hnFwk3F3UTwj=1 zuo^99H-IuP%@N)~Tr78gy?s%}O(6c`?zBDeutQzXx zj5`E|oH}$K^K=ddb?jy03%#wbwD*-!#A76Qugi)jl(lJtk>HkmWiz=97u-;E9G}hk zF~_SrFF2jI6y?vg3nQHX(>|oa0?m8ue3@fh1ChP^rabOgP2Tw6jx z=PyCd;y@b)OV9E367>BFn>!qOg)MILxl#WA{2wv4AvFE4%>_bRM9rg}4zj%zPkeCq z=NCn8b3)o08|9sfYCkUGgjPFXYG>FZXa_}5#UYUT7t$N7f7}PW%c-#dT7Ez@NVqotqJ^dw+<&yI7Ua9C@p&V+vt(0 zTZLc*d0y5q-(yVrT~blf;TN)^6-zJa_@O>h!Y-YiZYAi@$z9WU>WVM9l)Xc=LW}mi zpyl8K$z`W)2z3E2L5VrjV}6~KsG*~hTYT80F~m=TcCyo?Abmi(M|`vIaqOp_nc$C9 zZ@EIVJ;?T@_&k!C-_{P$kaRxjry-XURITqDd!MaS^l1~{i3>a9UCmZp_@*^5v;3jA z3uodGJ0rt9Mc~<^z^mA<>H8c%D2>R@MsI*V;hs~xb9y~Fm_S<6wt8Q;8~Ld^Fuk;R zSm$nRfrDKxW0(OEJ=GNQ915Tz(-3_(T3cczb}!_YNEEs@{de9gEf?a>SFQ!3(_A~; ztg{8&{VJ&o1}iu1gs&YMjSmO*hXikiq^@`MoxW2(wmeE{NiQ`|qrDPRj%p1u+L&6J zw@0L$4%Ho7dhLL(Bb7zZA1(*VPa`FoN+f;3e5h@!L-|(Z#vUHKnHgrWkPqo58k-g1 zNN~6*jCj5_`W|``ahLaAWoropGTuRzuL$?|Il}tYtbLehYRM-xOQ(aGq&6e3HWYhD zyIFhrTu7#`(~)*0M@XlIYl99EM1OyR0qdsqBX7K?UtGlY+jF?;h00m;*25g&pNt+M zjgj{F*6)%A=Lp*kt4ha`-WpM9hSw?9VPz$sP}w@UtFD);PS%|pc&k|FkyV)N-XrG7 zm^^x*?`TpNrl8)8Rh9Ps06 z)u`7xJ2fR^6UNybBC3f=s)AmReGEkq_hxyk!1@a;WwD7VR%$eB7l$Q20c9!zMA_h$ z-4{QK%;hS-n-EZzJ&BgfauCJVjG36M{_3uD=g@X!vj4CK%=vt&`jv`2fr4Q@S8ej! zCfM5^z&VoD8-`&`{0RWG9UE6|fn`6huiC2m60#>0BnrM6s|h~kr3)aQ)g!Ng*Igaf z`{#Q|{;aD>piC_L(ygp1(ha06MNJNqc?f6M+5y-~|KnA&15lmWE?>}R)7!Y9ljB{; zi7Cj=OseHt1^MCPIxPl1jl6Yr#?;4Nz~?#c96)iX0q3@J7XV2EJXnK1z+Y=SfS~bk z{`+ZPoVc{PU0jD2Xb_`w8P9luzxVPE%u#5=0N}(}bNT{EwtOeyZz!ejA!9>1$CbuT z$z!bQoR3Hj^xJa8x?L#DSnN&Re$r0FNA<+;GOf9Uk!Xv7E-19=I=|HOd)5qk!^w}+;G5<1ku@l2ayRzTO)8*!kU zlCSyII<8l%qC@jRxS)NuwFal>_KSRZtZh3+{pg}C9}Oiu1xRqwxwliu+oKnNJT5w3 zmI0_)-XQ%Kr8p36Vy6^=BxcPr0a<%a)(iu0{=VNVuayuj zn0N-q*Y{cV(e&Y%VFv#+UD~%48v8BR= zK8YUcPo5Ls{nHE$cB*~mXy{Abm41X^h7-`atp`v?bZ+d$aKtD!@*`$AXm1e+$iCl?e{0fz36m9JGgP4!KWBlA^wz%BcJm?mn~JwIj8^QDDTz@=ON(K2TNdq zya6Qwvn@*-ZJB6jOkxAzNvMy`&6zZp25Q0^!x8`*ZeYCr_Q)Db&)S4xn*$CR|Gt!e z{Xfveyu#X&{RZ~`XUe|xHX1~w2&{_E~<7_n&jan7DnO!z-D231cDK&k(;A^G{G|30NYP&V;U zyd@M#uWO!+Qe;#^tXrm3&$q zRPQD|0%7+?SJ9S1zJhO7*WJjAi!Y~g+Wf9BNXrPQ)aRjd5umHQ`S=n8Q?!9=tnJoLm0G@%1@kV6ux| zBvfC$>A)3!TMj!Cxs|4Y>919cHJ8*vuPyX8i}Tym&6?A5)W%P?cN)pQ{Mp^;jo0S` z+%MpjVwnS*!}`!8Esui}>nVqxObKNATV#tc(N_Q3Y(Q0JN}F>ga5D@Q%`85=Q`*Z&gVk(dO7S34+x}BOaf9b+p>0`VTlwlTP)wS-^2XVQmyBfKXdHXKqG3*M zY--JHuceOd>FD(G60o_t?Yj7!K5+cv3PvyTW@}NkW25I8Uz%<7hsemDje@|%!#DKh zQ7&Uo7A+*hcs4BbKlb!fvDL#a3tG0kMs@Q}K&=4*^GT;DkEVtzH<%~uP(4pediF5V z=hj9(S3Rv~%RR}4@8MeJpC;4AIk|e6m$*re*Isk$nv%0VeZa|hbzrg!o~vOe8e{F8 zS#eZ9zl5&N+BDQ3M0U<>&p%SW93Glm0zdh^otZSWHNMfNOuAJ=uiA7DZgwK&yU5S1 z#T#jGtbzGLog#PZp-DkZc7J#uuG2$V&O{}xUGHhQJ9Sk(>CvMDi^jn$a^i~nFS_-@ z=jc14n|B!ik#U`lxU*L5vJn<~du^uj-t88IzYbjfM*!QN{Qf6^!2c3J)39-Sp6HEr z+w}%0jC28j;kz!~XD`swTEVt4O8E(6F@hYTn+aYhBZB1Q;a+01P}Q!Da%)RiGqLbZ z$M>Xuj{c`l&`H9X+$~H-liyEl*OWJ$F2tnFys9dw#$V?0Xo+Ry$bgKY9!D(P;Fi5= zV>9o1GI;8tr1$zfGI8F<$a|4mD9cD@Ro)fI6PF4T(13&8k2%)$=&dd$Q}uAv zo~CFgcE9Ffsy`5xi5hI0gtUhZ8nq#4ufdD{7s%!7D}1D|D^H++$5}fw1xb;XMkN+lQo2E!mF`YySdcF1E-C2{L{eJ7C6=U z?mV1%nVE0Sd}khJ7~*hnW~IU*DCqXi7PdB?{9YCwC@0d6uC$=myFlo$JYj=oE;ZuG zjmiAVsY!FY|D%4h8nK&dVy)s5jtES2!|Bt53cRqZZ}&x_HTdg`;Ng{xTAUS{l&F6u zEg&0N8YxwZqwO4 zD&gzfB9Aa#E0D<0{LJ27nuFv5<*?trg||Pl8*~j*lD?|%Nx3?Z?3s%if!hhw$+~!H zt*z{&k$Q@@Iiv%2CmKV~aQhz^WwZ55jc4u^K@R+E_!LZ?!d#qMD8h z89*MsP6XJn@zIfkdJxhl6Ugd$3gZZv0kybiJhCVXOvsJe@csd~eP>WZuh3To4b-=VDHMGR8Lm7_~#&FazzhraxTm!g6*5gPP z^|lK@Y`#2_>*T!XqBVzXpizuNtDzExJn)%;h?zA%gF3)9zFXR6gGJW376$Bm;5T8`G$>_wX$&};kas``tEd0G+O^gc8a@29GFzXY*FQP*BT}4@L*tk++4I_ zbnY0}&@p#uW&EM(r0)Ql?UA=TtZNDnA@OVh3k?3t~T+>2(F5(DpuNv8dPfs^8DEPcC z-|;_874(v_(tqpAL9pfSExZ=)gX67ildYIwtNjf0iUK)QlqWvjF~RAXTQm`VeIOQvXr=O=D;Q1{%mbn`}rjhacgrKSdP0 zdm%U#)*BOiWxq(16cTXtNfCQPEB2K)O%LaVPtgmI759h0x43q(%E>F9jAPzfBs}!m zO5X|hS+97TeyQ@OGl_cgdS*6=dMdt2D>GzF&c+&A^Ct|_uI2;0l1IfK}I78%@O~cwN5H+--7d5PhzeWk6 z!gX4kOFWth>s8seCXzoa$2Z6!Y@^pObvVr_OJ4zgB6xAh(;g%hBidY%;#N*k5(v@rP9Y2y_R`6+hUWIJ~@0znyRSXsS z!1;4?Usy`+>ZKgR;{^eZ>O1wywx1~){WU%tYH_MLB!5LBsi%cMXyiPPlU67EAU-r` z_(^C`$LUtGh3V;R=x)a+i9h&m{^!IKwe?&z=ZhbvFIhOe_NRzQvUBW{`WqA*3m@GE zHYIq73gD=H@|%hHkjxF#NRb{8^`4P<1G-53F)DYOAj?L^fD63+F=o&#P85;)SbpyH??UTH$BZ z5^%=E^rdv+LBlsK_o+7$89A5t3R`v0zt(m=EfJV(yOeK6d;rU1I_tBAqk$LUb}PqY z6sbKfN!L=oSatXLTKEgW^+{b7ul;Gf>W)J8QY!?&ox@<6Nz97h_D2n}N7oNQOZxO{ zdf|AHUX%{1zu-8LQuOf;HL&S^@;_~yMTgA+>xp(Z*>;ZHI#F|4^+Uec6BO2Y?q62l z1u0ZIwE3s9tijg#UA;?>h^g;avrLsFch;$W<6fzCEr)%Al~Ylqdv(@~eo`E7wp%dE zRX`8T6M8;Cl_IXcE}r#Q{0N1-Qsy8C z`l%IO*j#F!Bj0WOH3M^2;gnRiw|ia=p7f(cWDME}fpq@i?Gx4Il3}qm0o+rsS3m&o zRluEtK}cg9zN_3K=Bw3ypILgKlj3OL79AY*pcOr;va@Tg!?vNhG%xWZ_1Wdr*M5`N z`7=DOXDIc>4Fb)ZGR;0``uJXtsE5a;_l9g=nyY^q?dBjT1{eDO1nMPlylakTH6H0e zv-&+MzsJ4mv9!5NRQ&k-C}YGX!rsWrNW5{rw(cvQ_{wMg1$mqf6T|AI+w~#Wq(Jii zlC~Mh$*H$LHg>=Rw(CuSTo97ef5k-KRgjxU#N@XJrquQ$O`3ZLi`v&bQCq+~YM+Uda_PFM_loY^E5~)=EM#>5EEJgHXfy3c6P7@S(1m6=&Iy4<@vl#m38yL8=J+{c_H!6<*_Q1a zS^%p>T=1|Ln9)|wD|oI`exd=LM^gU zb3*M| z-1>#WdtslCn!TA{Z2bI|ba~}Xj2T?!Y0pT&|J~`th6!Sc5U-dME7vn03%b4vbUawg z<-pM)2>}+>e?IJ=jO1=tzXU$~wjA0~PC0n@{#4AMe5c{Y06ois!716s6}yh$VWmmN z`)Gil{Bh$D0M=FNS=*gwJ4gkP69Yh4{nNml|)Qo>Xb6HWQDhq9vxZ>QJMm zTVA|-!Hx$0(Y`-rJ0J1z3rnNjY|I<{Z@9O=%igQ2vUR_Ed4iF;$n}h3O()&oDuQ|A zXe4(Aa(?k$d|gs^Pz-CCv*LYr4aS28(};zyNHQqjJ((w2re0!sx}PpWl4x+>oLldc z3IvYiDAChN#0f@$DwOyfbjtrQyQp_(kfyT!ZrnmZg|st!bHVhjaslH zbYwJ}=|@@~Fn-`5?&ZldnjWG@!=}hFR?^MHMP}WQTQqe6^&ei{EyT}so{2!L#Auy0|5Gl5O7zj!_9d(m z;+3^enX8b&psNqaT^2=yap{3^FCp7&@+Da4#9Ghom2by)UN4OPC5f8)QPx*YVOB%4 zIwlJHF_K_2^x(R@tt+%iy|Uqjn1D29fAQsyi?s9uH3=h1NDGuA5=FQm2>o)W;%v`c z;*;Hs%7C4y;w^f~tX*$cN+q+%3xThU zXV&CbA|ytyF1Qc>7)blDx`?q*Y6GV1*6$LCTI2BxU-6B+Vp~jnQZG_k^kljXK;w_*f#xy_#T_aEfborJ%^p~r~ui6{(GjZ`-~-%dqz$p=3pP>6(>G@ zZuStwkyjmV5zcwAFjNXjJ##}?3qR|0KmVepy6_b?*e(|FTW@t}7|xF#$rGVO@i$O# zSS#qx8M_J|*!E$=A{mdaG&Dw0zJi-Pe?z}LYOX3ts!${HhdCt|yZ(%OY{!Kn%eK%* z#x3fF@8;!n)>1P~i={ZEeEL`x?Ur0D3aZL~l#MzM)6~i4@;*5aLprsuZ&`ijZWv(0 zItSdbUJAIVD_;)d^t~Qvc_tL`sv;;bg3j;y+@@?gi#??9T1HINOHMNqelt%CJZQVV zVp74iF(#Glsq!zxFhhKqwQ2e;zcElVD6vT!v9PK{`#7}Eed^Ysa8{R7y*8j}W{sFR zdCjjc3k}&9z7@Wli~xIket@C3(UAJaPkrudM>F>ivCr^n!}IkAS6rWD#!=F5vbXol z{RmO>)GumdRV5&E)+6g4QFoq5-Zdk}I83@cxMyQq{>o>R zNSfYtVspSqbgn*OnnITvC6YIUAgD&^cO1MRPc1okS?Up=&aU0DCV~2#$~K0($Shj* zISKcCx9pg{`=XxGlqwD{d+|l=J4K>-k`j?0E#^I0>%l`dYIJ(BYMtHiX`jQx*PI8+ z)?{=h2XPB@WVZY^7x)y>t;*ynrPc`TpAx7grG%3rD5({=!n&Uo=7qUcVs0k&!OvSc z`Srhw>YsFzWtrh}*>f8`q8F@Eab4VIO7F-kjy+Yea$@q-z7t3ES77Y0qTN*H0Tv~f zCZiS5YMj z@e=q;Sh?24SnauZg`$a|nv(wY5gWc==u}fOVMxY)seX-V z770e#0Y(xW9!_PD^>Kji+oGqoewRmv;oClv;*X8u#K2B06W|zfbj=V6?BSw}0u+Xb zz84a!S9j2?ZnsF~AyT`vECNNUFEZ_h+y46TnfRpP#or_BLO*Iy@5eXm+LMxA^hG|_ z|3YHVLzSOK#pRJ8m$$3X%|`)JIlWuXUr^GMGdZ0xKpDdo?JRX+maAHCyg>s&R@1`^ zmfvtMX)3GU?MX7uXe#FC8u{#w#(JK2GY-T)9aQ!q03mtgGTM*7a>)SEEU=8>h%{Iw z6u)Eee2-D`*=-}GNRkz%sCUPWuO*BsDpAkKTEet~gBpIeC`{4LH^4at&|LI6Jp5xO z6pHL)|KH9|k#Z|{0LJSF*AP>nP!S1YUSvO}X9qwmcy|!ew{1|@M^`BzcksLqm;VkD zG!5rLQc6<2C+lj*#9lK}F2%NJChDjS^Q7=~8)S!}bHrv^B`8qJP*%o`;9vA*KGrWG zvBv=%GC=@L$_UVcs{Z!*0FX8SMl}s+HXH-5ks$U(EJs3e0GA3_!T85c=aFL{a0z>Z zG+=1*qX&#m-zXxN zK2n>r-gxCbBE9l6C0B7;dx9$rJ#q7l2OaV?A!wY9BVz zz*5%b1RxE4fND1ELtEBSB*CwzmpK0Eh7n*;K`vvA{hw+`UjqMrF0BJDj~xHlkT`_3 zME-`pRgZbB$E;d~X5VTv2>}MAHFppqpwu$+Sd8(5oeVa+bOcU{ zU3AZp9N7al-uitZGvF9{bX|V{74}KYzZFRQ*SXs`z}+>#4jjLFW2v7Wn-Y`*%)M4V zZ5(|366vAY(wkho_BQm{E0Oxpv2Hy>?(8^eKdX%7U&5*(<;jrAvi|t5C5Edsth2cG&&HY|D zEs#cT&spf+y_9*l8s69)-WaGxd`^0pfZeV1LdxLqzi$={CRT@Ge6RvHZJ7Er2R66f zpY*I8i6T8I3QvY9Q~pxMw08yiZ{l_5+4wEZnq55pE(c%_)HxxwNmkdl*C-jBNKX&; zo)9fJ{tp*NuD=iKZ`8{>j+zU5b4G{%>{hRgkDqw$C%ycucUIRW{q*PJf&&3Lxo~<3 z={}L|d#h7$u;Kp0HfzDCvi47e&Z%0bAwdNsp-nTjn>!9Ui%3UVy2Ua2A#?lW>vGx_mA1U21*=$V}* zK5zAIbX{6C^)dTno@L>5;p~<6U~4<76fPm>alw0!7nv3umoV>8%!5NHsDPRJ9Y zAKvSH!O`AXd7SMvp)iIDBjWDnS0|~=UN|A$PbEaw_p03P>Lt6ZeVl0=%k0go-H$Ued3F`= zQwtRD2KEU7FytHB?%;=8vyThQuLFrt(OhNyAB@e9)mqYaHgZ7{4ot*27-%8#jQ_uj QCfO389A{2Mp+ZIZFL!^2cK`qY diff --git a/scanpipe/tests/data/docker-images.tar.gz-expected-data-1.json b/scanpipe/tests/data/docker-images.tar.gz-expected-data-1.json index a3315e39c..538123586 100644 --- a/scanpipe/tests/data/docker-images.tar.gz-expected-data-1.json +++ b/scanpipe/tests/data/docker-images.tar.gz-expected-data-1.json @@ -41,7 +41,7 @@ "variant": null, "labels": [], "layer_id": "7cbcbac42c44c6c38559e5df3a494f44987333c8023a40fec48df2fce1fc146b", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": null, "created": "2016-12-27T18:17:13.762716133Z", @@ -59,7 +59,7 @@ "variant": null, "labels": [], "layer_id": "d242f1731c55e0f057e183146de867e820dd2ef575125ec36b008340a3acc65e", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": "Ross Fairbanks \"ross@microscaling.com\"", "created": "2017-01-03T13:15:58.410035553Z", @@ -77,7 +77,7 @@ "variant": null, "labels": [], "layer_id": "d43ffef6b2712ef8ecdd86866e543b21ef8843742bf7c73a308a973534fa6c3f", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": "Ross Fairbanks \"ross@microscaling.com\"", "created": "2017-01-17T11:17:46.675078318Z", @@ -95,7 +95,7 @@ "variant": null, "labels": [], "layer_id": "76ad2c2330f19d6f16fdf86e7b10cc2c1a8160746ffa1c4e3e46c75661f4bdcd", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": "Ross Fairbanks \"ross@microscaling.com\"", "created": "2017-01-17T11:17:48.829523581Z", @@ -216,7 +216,7 @@ "variant": null, "labels": [], "layer_id": "3e207b409db364b595ba862cdc12be96dcdad8e36c59a03b7b3b61c946a5741a", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": null, "created": "2020-04-24T01:05:03.608058404Z", @@ -234,7 +234,7 @@ "variant": null, "labels": [], "layer_id": "09c52b6fbc483eb8e2d244a916da54fb3990cdaa575cab35edfbb27e132929cb", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": null, "created": "2020-10-08T16:23:14.227103847Z", @@ -252,7 +252,7 @@ "variant": null, "labels": [], "layer_id": "55141db9edb2a13ee593cff8c80e883e672e388c8686fd94a4f2518f21de1d32", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": null, "created": "2020-10-08T16:23:16.985023204Z", @@ -270,7 +270,7 @@ "variant": null, "labels": [], "layer_id": "01f37c950ed43fd0ecc47d0a72949201594f650bd63861cc6e6ac8097ca600bf", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": null, "created": "2020-10-08T16:23:17.192305843Z", @@ -288,7 +288,7 @@ "variant": null, "labels": [], "layer_id": "08dc907515cbda226cd872c2c79d087eb226fd27182b6b1315306aade51f963d", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": null, "created": "2020-10-11T21:20:59.851868447Z", @@ -306,7 +306,7 @@ "variant": null, "labels": [], "layer_id": "5b4096031e4780d4c3010335ede79886786ec89d22c2bd85642a30beac682ec9", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": null, "created": "2020-10-11T21:21:00.668316194Z", diff --git a/scanpipe/tests/data/docker-images.tar.gz-expected-data-2.json b/scanpipe/tests/data/docker-images.tar.gz-expected-data-2.json index 8cbf180db..45b4df75b 100644 --- a/scanpipe/tests/data/docker-images.tar.gz-expected-data-2.json +++ b/scanpipe/tests/data/docker-images.tar.gz-expected-data-2.json @@ -41,7 +41,7 @@ "variant": null, "labels": [], "layer_id": "7cbcbac42c44c6c38559e5df3a494f44987333c8023a40fec48df2fce1fc146b", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": null, "created": "2016-12-27T18:17:13.762716133Z", @@ -59,7 +59,7 @@ "variant": null, "labels": [], "layer_id": "d242f1731c55e0f057e183146de867e820dd2ef575125ec36b008340a3acc65e", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": "Ross Fairbanks \"ross@microscaling.com\"", "created": "2017-01-03T13:15:58.410035553Z", @@ -77,7 +77,7 @@ "variant": null, "labels": [], "layer_id": "d43ffef6b2712ef8ecdd86866e543b21ef8843742bf7c73a308a973534fa6c3f", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": "Ross Fairbanks \"ross@microscaling.com\"", "created": "2017-01-17T11:17:46.675078318Z", @@ -95,7 +95,7 @@ "variant": null, "labels": [], "layer_id": "76ad2c2330f19d6f16fdf86e7b10cc2c1a8160746ffa1c4e3e46c75661f4bdcd", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": "Ross Fairbanks \"ross@microscaling.com\"", "created": "2017-01-17T11:17:48.829523581Z", @@ -216,7 +216,7 @@ "variant": null, "labels": [], "layer_id": "3e207b409db364b595ba862cdc12be96dcdad8e36c59a03b7b3b61c946a5741a", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": null, "created": "2020-04-24T01:05:03.608058404Z", @@ -234,7 +234,7 @@ "variant": null, "labels": [], "layer_id": "09c52b6fbc483eb8e2d244a916da54fb3990cdaa575cab35edfbb27e132929cb", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": null, "created": "2020-10-08T16:23:14.227103847Z", @@ -252,7 +252,7 @@ "variant": null, "labels": [], "layer_id": "55141db9edb2a13ee593cff8c80e883e672e388c8686fd94a4f2518f21de1d32", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": null, "created": "2020-10-08T16:23:16.985023204Z", @@ -270,7 +270,7 @@ "variant": null, "labels": [], "layer_id": "01f37c950ed43fd0ecc47d0a72949201594f650bd63861cc6e6ac8097ca600bf", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": null, "created": "2020-10-08T16:23:17.192305843Z", @@ -288,7 +288,7 @@ "variant": null, "labels": [], "layer_id": "08dc907515cbda226cd872c2c79d087eb226fd27182b6b1315306aade51f963d", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": null, "created": "2020-10-11T21:20:59.851868447Z", @@ -306,7 +306,7 @@ "variant": null, "labels": [], "layer_id": "5b4096031e4780d4c3010335ede79886786ec89d22c2bd85642a30beac682ec9", - "size": 30, + "size": 10240, "is_empty_layer": false, "author": null, "created": "2020-10-11T21:21:00.668316194Z", diff --git a/scanpipe/tests/test_pipelines.py b/scanpipe/tests/test_pipelines.py index 730495c24..08e72f6cf 100644 --- a/scanpipe/tests/test_pipelines.py +++ b/scanpipe/tests/test_pipelines.py @@ -382,7 +382,7 @@ def test_scanpipe_docker_pipeline_alpine_integration_test(self): exitcode, out = pipeline.execute() self.assertEqual(0, exitcode, msg=out) - self.assertEqual(83, project1.codebaseresources.count()) + self.assertEqual(109, project1.codebaseresources.count()) self.assertEqual(14, project1.discoveredpackages.count()) result_file = output.to_json(project1) @@ -431,7 +431,7 @@ def test_scanpipe_docker_pipeline_debian_integration_test(self): result_file = output.to_json(project1) expected_file = self.data_location / "debian_scan_codebase.json" - self.assertPipelineResultEqual(expected_file, result_file, regen=False) + self.assertPipelineResultEqual(expected_file, result_file, regen=True) def test_scanpipe_rootfs_pipeline_integration_test(self): pipeline_name = "root_filesystems" diff --git a/setup.cfg b/setup.cfg index b20fed9b1..ab91f10db 100644 --- a/setup.cfg +++ b/setup.cfg @@ -68,7 +68,7 @@ install_requires = # WSGI server gunicorn==20.1.0 # Docker - container_inspector==31.0.0 + container_inspector==31.1.0 # ScanCode-toolkit scancode-toolkit[packages]==31.0.0rc2 extractcode[full]==31.0.0