Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(scanners): Add support to all existing scanners for containers #696

Merged
merged 4 commits into from
Sep 21, 2023
Merged

feat(scanners): Add support to all existing scanners for containers #696

merged 4 commits into from
Sep 21, 2023

Conversation

Tehsmash
Copy link
Contributor

@Tehsmash Tehsmash commented Sep 15, 2023
edited

Description

This commit adds support to all existing scanners for all families for
the image, docker-archive, oci-archive, and oci-directory input types.

In the scenario where a scanner does not support containers natively a
new library containerrootfs has been added which converts the container
into a rootfs folder.

The containerrootfs library supports a cached mode which indentifies
containers based on the source and cache the result so that multiple
scanners (even concurrent ones) attempting to convert the same container
to a rootfs only perform it once. All these cached folders are cleaned
up by a function called once all the families have completed.

Type of Change

[ ] Bug Fix
[X] New Feature
[ ] Breaking Change
[ ] Refactor
[ ] Documentation
[ ] Other (please describe)

Checklist

  • I have read the contributing guidelines
  • Existing issues have been referenced (where applicable)
  • I have verified this change is not present in other open pull requests
  • Functionality is documented
  • All code style checks pass
  • New code contribution is covered by automated tests
  • All new and existing tests pass

@Tehsmash Tehsmash requested a review from a team as a code owner September 15, 2023 14:55
FrimIdan
FrimIdan reviewed Sep 19, 2023
View reviewed changes
go.mod Outdated Show resolved Hide resolved
pkg/shared/families/malware/clam/clam.go Outdated Show resolved Hide resolved
pkg/shared/families/malware/clam/clam.go Outdated Show resolved Hide resolved
pkg/shared/families/malware/config.go Outdated Show resolved Hide resolved
pkg/shared/families/rootkits/chkrootkit/chkrootkit.go Outdated Show resolved Hide resolved
pkg/shared/utils/containerRootfs/fs.go Outdated Show resolved Hide resolved
pkg/shared/utils/containerRootfs/fs.go Outdated Show resolved Hide resolved
pkg/shared/utils/containerRootfs/fs.go Outdated Show resolved Hide resolved
pkg/shared/utils/containerRootfs/fs.go Outdated Show resolved Hide resolved
pkg/shared/utils/containerRootfs/fs.go Outdated Show resolved Hide resolved
@Tehsmash Tehsmash force-pushed the container_tar_scanning branch 2 times, most recently from c89713f to bfb66cf Compare September 19, 2023 14:14
@Tehsmash
Copy link
Contributor Author

Tehsmash commented Sep 19, 2023
edited

@FrimIdan I had to squash because I changed the containerRootfs directory from camel case to all lower case because of the linter and apparently OSX directories are not case sensitive so git thought it already existed and didn't do the rename so when applying the commits for a rebase it broke things.

FrimIdan
FrimIdan reviewed Sep 20, 2023
View reviewed changes
pkg/shared/utils/containerrootfs/totempdirectory.go Outdated Show resolved Hide resolved
pkg/shared/utils/containerrootfs/totempdirectory.go Outdated Show resolved Hide resolved
pkg/shared/utils/containerrootfs/totempdirectory.go Outdated Show resolved Hide resolved
pkg/shared/utils/containerrootfs/todirectory.go Outdated Show resolved Hide resolved
pkg/shared/utils/containerRootfs/fs.go Outdated Show resolved Hide resolved
@Tehsmash
feat(scanners): Add support to all existing scanners for containers
c3f8deb 
This commit adds support to all existing scanners for all families for
the image, docker-archive, oci-archive, and oci-directory input types.

In the scenario where a scanner does not support containers natively a
new library containerrootfs has been added which converts the container
into a rootfs folder.

The containerrootfs library supports a cached mode which indentifies
containers based on the source and cache the result so that multiple
scanners (even concurrent ones) attempting to convert the same container
to a rootfs only perform it once. All these cached folders are cleaned
up by a function called once all the families have completed.
@Tehsmash
refactor(scanners): handle cleanup better for container rootfs
31f9a05
@Tehsmash
fix(scanners): error handling in rootfs cache cleanup
0a91f3a
@Tehsmash
fix(scanner): make sure that symlinks are supported for container rootfs
999ff2c
@Tehsmash Tehsmash added this pull request to the merge queue Sep 21, 2023
Merged via the queue into main with commit bbe1d7a Sep 21, 2023
16 checks passed
@Tehsmash Tehsmash deleted the container_tar_scanning branch September 21, 2023 12:27
@chrisgacsal chrisgacsal mentioned this pull request Nov 6, 2023
Merged
7 tasks
@chrisgacsal chrisgacsal mentioned this pull request Feb 21, 2024
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FrimIdan FrimIdan FrimIdan left review comments

@fishkerez fishkerez fishkerez left review comments

@akpsgit akpsgit akpsgit approved these changes

Assignees
No one assigned
Labels
None yet
Projects
OpenClarity
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Tehsmash @akpsgit @FrimIdan @fishkerez