fix(client): add image name and build time (#402)

* WIP: Add imageName and BuildTime for Remote detector Signed-off-by: Simarpreet Singh <[email protected]> * wip Signed-off-by: Simarpreet Singh <[email protected]> * change name from build_time to created * remove an unused function * fix(library): add image_name and created_at * fix(ospkg): add image_name and created_at * fix(scan): add image_name and created_at * fix(library): remove unused param Co-authored-by: Simarpreet Singh <[email protected]>
aquasecurity · Feb 16, 2020 · 42043a0 · 42043a0
1 parent 246793e
commit 42043a0
Show file tree

Hide file tree

Showing 21 changed files with 362 additions and 209 deletions.
diff --git a/go.mod b/go.mod
@@ -3,6 +3,7 @@ module github.com/aquasecurity/trivy
 go 1.13
 
 require (
+	github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 // indirect
 	github.com/aquasecurity/fanal v0.0.0-20200112144021-9a35ce3bd793
 	github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b
 	github.com/aquasecurity/trivy-db v0.0.0-20191226181755-d6cabf5bc5d1
@@ -20,8 +21,9 @@ require (
 	github.com/knqyf263/go-version v1.1.1
 	github.com/kylelemons/godebug v1.1.0
 	github.com/olekukonko/tablewriter v0.0.2-0.20190607075207-195002e6e56a
+	github.com/prometheus/procfs v0.0.5 // indirect
 	github.com/stretchr/testify v1.4.0
-	github.com/twitchtv/twirp v5.9.0+incompatible
+	github.com/twitchtv/twirp v5.10.1+incompatible
 	github.com/urfave/cli v1.20.0
 	go.uber.org/atomic v1.5.1 // indirect
 	go.uber.org/multierr v1.4.0 // indirect

diff --git a/go.sum b/go.sum
@@ -10,6 +10,8 @@ github.com/GoogleCloudPlatform/docker-credential-gcr v1.5.0 h1:wykTgKwhVr2t2qs+x
 github.com/GoogleCloudPlatform/docker-credential-gcr v1.5.0/go.mod h1:BB1eHdMLYEFuFdBlRMb0N7YGVdM5s6Pt0njxgvfbGGs=
 github.com/Microsoft/go-winio v0.4.12 h1:xAfWHN1IrQ0NJ9TBC0KBZoqLjzDTr1ML+4MywiUOryc=
 github.com/Microsoft/go-winio v0.4.12/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
+github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 h1:ygIc8M6trr62pF5DucadTWGdEB4mEyvzi0e2nbcmcyA=
+github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
@@ -263,6 +265,8 @@ github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1 h1:/K3IL0Z1quvmJ
 github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084 h1:sofwID9zm4tzrgykg80hfFph1mryUeLRsUfoocVVmRY=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQlL8=
+github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/rogpeppe/go-charset v0.0.0-20180617210344-2471d30d28b4/go.mod h1:qgYeAmZ5ZIpBWTGllZSQnw97Dj+woV0toclVaRGI8pc=
@@ -293,8 +297,8 @@ github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJy
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/tomoyamachi/reg v0.16.1-0.20190706172545-2a2250fd7c00 h1:0e4vRd9YqnQBIAIAE39jLKDWffRfJWxloyWwcaMAQho=
 github.com/tomoyamachi/reg v0.16.1-0.20190706172545-2a2250fd7c00/go.mod h1:RQE7h2jyIxekQZ24/wad0c9RGP+KSq4XzHh7h83ALi8=
-github.com/twitchtv/twirp v5.9.0+incompatible h1:KBCo4NYCpE9alO1HAEcgninDnw/0AhPT1rZnHkkSqi8=
-github.com/twitchtv/twirp v5.9.0+incompatible/go.mod h1:RRJoFSAmTEh2weEqWtpPE3vFK5YBhA6bqp2l1kfCC5A=
+github.com/twitchtv/twirp v5.10.1+incompatible h1:35js8ID9rYPKkZ0qWnuZw+q+OuCWM1GIibu1F1YImjA=
+github.com/twitchtv/twirp v5.10.1+incompatible/go.mod h1:RRJoFSAmTEh2weEqWtpPE3vFK5YBhA6bqp2l1kfCC5A=
 github.com/urfave/cli v1.20.0 h1:fDqGv3UG/4jbVl/QkFwEdddtEDjh/5Ov6X+0B/3bPaw=
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
 github.com/xanzy/ssh-agent v0.2.0/go.mod h1:0NyE30eGUDliuLEHJgYte/zncp2zdTStcOnWhgSqHD8=
@@ -356,6 +360,7 @@ golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180903190138-2b024373dcd9/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -371,6 +376,7 @@ golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190506115046-ca7f33d4116e h1:bq5BY1tGuaK8HxuwN6pT6kWgTVLeJ5KwuyBpsl1CZL4=
 golang.org/x/sys v0.0.0-20190506115046-ca7f33d4116e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191105231009-c1f44814a5cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9 h1:ZBzSG/7F4eNKz2L3GE9o300RX0Az1Bw5HF7PDraD+qU=

diff --git a/pkg/detector/library/detect.go b/pkg/detector/library/detect.go
@@ -2,6 +2,7 @@ package library
 
 import (
 	"path/filepath"
+	"time"
 
 	"github.com/google/wire"
 
@@ -23,7 +24,7 @@ var SuperSet = wire.NewSet(
 )
 
 type Operation interface {
-	Detect(string, []ptypes.Library) ([]types.DetectedVulnerability, error)
+	Detect(string, string, time.Time, []ptypes.Library) ([]types.DetectedVulnerability, error)
 }
 
 type Detector struct {
@@ -34,7 +35,7 @@ func NewDetector(factory Factory) Detector {
 	return Detector{driverFactory: factory}
 }
 
-func (d Detector) Detect(filePath string, pkgs []ptypes.Library) ([]types.DetectedVulnerability, error) {
+func (d Detector) Detect(_ string, filePath string, _ time.Time, pkgs []ptypes.Library) ([]types.DetectedVulnerability, error) {
 	log.Logger.Debugf("Detecting library vulnerabilities, path: %s", filePath)
 	driver := d.driverFactory.NewDriver(filepath.Base(filePath))
 	if driver == nil {

diff --git a/pkg/detector/library/detector_mock.go b/pkg/detector/library/detector_mock.go
@@ -1,6 +1,8 @@
 package library
 
 import (
+	"time"
+
 	ptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/types"
 	"github.com/stretchr/testify/mock"
@@ -11,8 +13,10 @@ type MockDetector struct {
 }
 
 type DetectInput struct {
-	FilePath string
-	Libs     []ptypes.Library
+	ImageName string
+	FilePath  string
+	Created   time.Time
+	Libs      []ptypes.Library
 }
 type DetectOutput struct {
 	Vulns []types.DetectedVulnerability
@@ -26,14 +30,14 @@ type DetectExpectation struct {
 func NewMockDetector(detectExpectations []DetectExpectation) *MockDetector {
 	mockDetector := new(MockDetector)
 	for _, e := range detectExpectations {
-		mockDetector.On("Detect", e.Args.FilePath, e.Args.Libs).Return(
+		mockDetector.On("Detect", e.Args.ImageName, e.Args.FilePath, e.Args.Created, e.Args.Libs).Return(
 			e.ReturnArgs.Vulns, e.ReturnArgs.Err)
 	}
 	return mockDetector
 }
 
-func (_m *MockDetector) Detect(a string, b []ptypes.Library) ([]types.DetectedVulnerability, error) {
-	ret := _m.Called(a, b)
+func (_m *MockDetector) Detect(a, b string, c time.Time, d []ptypes.Library) ([]types.DetectedVulnerability, error) {
+	ret := _m.Called(a, b, c, d)
 	ret0 := ret.Get(0)
 	if ret0 == nil {
 		return nil, ret.Error(1)

diff --git a/pkg/detector/ospkg/detect.go b/pkg/detector/ospkg/detect.go
@@ -1,6 +1,8 @@
 package ospkg
 
 import (
+	"time"
+
 	"github.com/aquasecurity/trivy/pkg/detector/ospkg/alpine"
 	"github.com/aquasecurity/trivy/pkg/detector/ospkg/amazon"
 	"github.com/aquasecurity/trivy/pkg/detector/ospkg/debian"
@@ -28,7 +30,7 @@ var (
 )
 
 type Operation interface {
-	Detect(string, string, []analyzer.Package) ([]types.DetectedVulnerability, bool, error)
+	Detect(string, string, string, time.Time, []analyzer.Package) ([]types.DetectedVulnerability, bool, error)
 }
 
 type Driver interface {
@@ -38,7 +40,7 @@ type Driver interface {
 
 type Detector struct{}
 
-func (d Detector) Detect(osFamily, osName string, pkgs []analyzer.Package) ([]types.DetectedVulnerability, bool, error) {
+func (d Detector) Detect(_, osFamily, osName string, _ time.Time, pkgs []analyzer.Package) ([]types.DetectedVulnerability, bool, error) {
 	driver := newDriver(osFamily, osName)
 	if driver == nil {
 		return nil, false, ErrUnsupportedOS

diff --git a/pkg/detector/ospkg/detector_mock.go b/pkg/detector/ospkg/detector_mock.go
@@ -1,6 +1,8 @@
 package ospkg
 
 import (
+	"time"
+
 	"github.com/aquasecurity/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/types"
 	"github.com/stretchr/testify/mock"
@@ -11,9 +13,11 @@ type MockDetector struct {
 }
 
 type DetectInput struct {
-	OSFamily string
-	OSName   string
-	Pkgs     []analyzer.Package
+	ImageName string
+	OSFamily  string
+	OSName    string
+	Created   time.Time
+	Pkgs      []analyzer.Package
 }
 type DetectOutput struct {
 	Vulns []types.DetectedVulnerability
@@ -28,14 +32,14 @@ type DetectExpectation struct {
 func NewMockDetector(detectExpectations []DetectExpectation) *MockDetector {
 	mockDetector := new(MockDetector)
 	for _, e := range detectExpectations {
-		mockDetector.On("Detect", e.Args.OSFamily, e.Args.OSName, e.Args.Pkgs).Return(
+		mockDetector.On("Detect", e.Args.ImageName, e.Args.OSFamily, e.Args.OSName, e.Args.Created, e.Args.Pkgs).Return(
 			e.ReturnArgs.Vulns, e.ReturnArgs.Eosl, e.ReturnArgs.Err)
 	}
 	return mockDetector
 }
 
-func (_m *MockDetector) Detect(a, b string, c []analyzer.Package) ([]types.DetectedVulnerability, bool, error) {
-	ret := _m.Called(a, b, c)
+func (_m *MockDetector) Detect(a string, b string, c string, d time.Time, e []analyzer.Package) ([]types.DetectedVulnerability, bool, error) {
+	ret := _m.Called(a, b, c, d, e)
 	ret0 := ret.Get(0)
 	if ret0 == nil {
 		return nil, false, ret.Error(2)

diff --git a/pkg/rpc/client/library/client.go b/pkg/rpc/client/library/client.go
@@ -3,12 +3,16 @@ package library
 import (
 	"context"
 	"net/http"
+	"time"
 
+	"github.com/golang/protobuf/ptypes"
+	"github.com/golang/protobuf/ptypes/timestamp"
 	"github.com/google/wire"
 	"golang.org/x/xerrors"
 
-	ptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
+	depptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
 	detector "github.com/aquasecurity/trivy/pkg/detector/library"
+	"github.com/aquasecurity/trivy/pkg/log"
 	r "github.com/aquasecurity/trivy/pkg/rpc"
 	"github.com/aquasecurity/trivy/pkg/rpc/client"
 	"github.com/aquasecurity/trivy/pkg/types"
@@ -38,15 +42,23 @@ func NewDetector(customHeaders CustomHeaders, detector rpc.LibDetector) Detector
 	return Detector{customHeaders: customHeaders, client: detector}
 }
 
-func (d Detector) Detect(filePath string, libs []ptypes.Library) ([]types.DetectedVulnerability, error) {
+func (d Detector) Detect(imageName, filePath string, created time.Time, libs []depptypes.Library) ([]types.DetectedVulnerability, error) {
 	ctx := client.WithCustomHeaders(context.Background(), http.Header(d.customHeaders))
 
 	var res *rpc.DetectResponse
 	err := r.Retry(func() error {
 		var err error
 		res, err = d.client.Detect(ctx, &rpc.LibDetectRequest{
+			ImageName: imageName,
 			FilePath:  filePath,
 			Libraries: r.ConvertToRpcLibraries(libs),
+			Created: func() *timestamp.Timestamp {
+				t, err := ptypes.TimestampProto(created)
+				if err != nil {
+					log.Logger.Warnf("invalid timestamp: %s", err)
+				}
+				return t
+			}(),
 		})
 		return err
 	})

diff --git a/pkg/rpc/client/library/client_test.go b/pkg/rpc/client/library/client_test.go
@@ -3,14 +3,18 @@ package library
 import (
 	"context"
 	"testing"
+	"time"
 
 	"golang.org/x/xerrors"
 
+	"github.com/golang/protobuf/ptypes"
+	"github.com/golang/protobuf/ptypes/timestamp"
+
 	"github.com/stretchr/testify/assert"
 
 	"github.com/stretchr/testify/require"
 
-	ptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
+	deptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/types"
 	"github.com/aquasecurity/trivy/rpc/detector"
@@ -52,8 +56,10 @@ func TestDetectClient_Detect(t *testing.T) {
 	}
 
 	type args struct {
-		filePath string
-		libs     []ptypes.Library
+		imageName string
+		filePath  string
+		created   time.Time
+		libs      []deptypes.Library
 	}
 	tests := []struct {
 		name    string
@@ -71,14 +77,22 @@ func TestDetectClient_Detect(t *testing.T) {
 				},
 			},
 			args: args{
-				filePath: "app/Pipfile.lock",
-				libs: []ptypes.Library{
+				imageName: "/tmp/alpine.tar",
+				filePath:  "app/Pipfile.lock",
+				created:   time.Date(2019, 1, 1, 0, 0, 0, 0, time.UTC),
+				libs: []deptypes.Library{
 					{Name: "django", Version: "3.0.0"},
 				},
 			},
 			detect: detect{
 				input: detectInput{req: &detector.LibDetectRequest{
-					FilePath: "app/Pipfile.lock",
+					ImageName: "/tmp/alpine.tar",
+					FilePath:  "app/Pipfile.lock",
+					Created: func() *timestamp.Timestamp {
+						d := time.Date(2019, 1, 1, 0, 0, 0, 0, time.UTC)
+						t, _ := ptypes.TimestampProto(d)
+						return t
+					}(),
 					Libraries: []*detector.Library{
 						{Name: "django", Version: "3.0.0"},
 					},
@@ -118,17 +132,25 @@ func TestDetectClient_Detect(t *testing.T) {
 			name:   "Detect returns an error",
 			fields: fields{},
 			args: args{
-				filePath: "app/Pipfile.lock",
-				libs: []ptypes.Library{
+				imageName: "/tmp/alpine.tar",
+				filePath:  "app/Pipfile.lock",
+				created:   time.Date(2019, 2, 1, 0, 0, 0, 0, time.UTC),
+				libs: []deptypes.Library{
 					{Name: "django", Version: "3.0.0"},
 				},
 			},
 			detect: detect{
 				input: detectInput{req: &detector.LibDetectRequest{
-					FilePath: "app/Pipfile.lock",
+					ImageName: "/tmp/alpine.tar",
+					FilePath:  "app/Pipfile.lock",
 					Libraries: []*detector.Library{
 						{Name: "django", Version: "3.0.0"},
 					},
+					Created: func() *timestamp.Timestamp {
+						d := time.Date(2019, 2, 1, 0, 0, 0, 0, time.UTC)
+						t, _ := ptypes.TimestampProto(d)
+						return t
+					}(),
 				},
 				},
 				output: detectOutput{
@@ -145,7 +167,7 @@ func TestDetectClient_Detect(t *testing.T) {
 				tt.detect.output.res, tt.detect.output.err)
 
 			d := NewDetector(tt.fields.customHeaders, mockDetector)
-			got, err := d.Detect(tt.args.filePath, tt.args.libs)
+			got, err := d.Detect(tt.args.imageName, tt.args.filePath, tt.args.created, tt.args.libs)
 			if tt.wantErr != "" {
 				require.NotNil(t, err, tt.name)
 				assert.Contains(t, err.Error(), tt.wantErr, tt.name)

diff --git a/pkg/rpc/client/ospkg/client.go b/pkg/rpc/client/ospkg/client.go
@@ -3,6 +3,12 @@ package ospkg
 import (
 	"context"
 	"net/http"
+	"time"
+
+	"github.com/aquasecurity/trivy/pkg/log"
+
+	"github.com/golang/protobuf/ptypes"
+	"github.com/golang/protobuf/ptypes/timestamp"
 
 	"github.com/google/wire"
 	"golang.org/x/xerrors"
@@ -38,15 +44,23 @@ func NewDetector(customHeaders CustomHeaders, detector rpc.OSDetector) Detector
 	return Detector{customHeaders: customHeaders, client: detector}
 }
 
-func (d Detector) Detect(osFamily, osName string, pkgs []analyzer.Package) ([]types.DetectedVulnerability, bool, error) {
+func (d Detector) Detect(imageName, osFamily, osName string, created time.Time, pkgs []analyzer.Package) ([]types.DetectedVulnerability, bool, error) {
 	ctx := client.WithCustomHeaders(context.Background(), http.Header(d.customHeaders))
 
 	var res *rpc.DetectResponse
 	err := r.Retry(func() error {
 		var err error
 		res, err = d.client.Detect(ctx, &rpc.OSDetectRequest{
-			OsFamily: osFamily,
-			OsName:   osName,
+			ImageName: imageName,
+			OsFamily:  osFamily,
+			OsName:    osName,
+			Created: func() *timestamp.Timestamp {
+				t, err := ptypes.TimestampProto(created)
+				if err != nil {
+					log.Logger.Warnf("invalid timestamp: %s", err)
+				}
+				return t
+			}(),
 			Packages: r.ConvertToRpcPkgs(pkgs),
 		})
 		return err