github.com/jenkins-x/jx/v2@v2.1.155/pkg/cmd/get/get_cve.go

github.com/jenkins-x/jx/v2@v2.1.155/pkg/cmd/get/get_cve.go (about)

     1  package get
     2  
     3  import (
     4  	"github.com/jenkins-x/jx/v2/pkg/cmd/create"
     5  	"github.com/jenkins-x/jx/v2/pkg/cmd/helper"
     6  	"github.com/spf13/cobra"
     7  
     8  	"fmt"
     9  
    10  	"github.com/jenkins-x/jx-logging/pkg/log"
    11  	"github.com/jenkins-x/jx/v2/pkg/cmd/opts"
    12  	"github.com/jenkins-x/jx/v2/pkg/cmd/templates"
    13  	"github.com/jenkins-x/jx/v2/pkg/cve"
    14  	"github.com/jenkins-x/jx/v2/pkg/kube"
    15  	"github.com/jenkins-x/jx/v2/pkg/util"
    16  )
    17  
    18  // GetGitOptions the command line options
    19  type GetCVEOptions struct {
    20  	Options
    21  	ImageName         string
    22  	ImageID           string
    23  	Version           string
    24  	Env               string
    25  	VulnerabilityType string
    26  }
    27  
    28  var (
    29  	getCVELong = templates.LongDesc(`
    30  		Display Common Vulnerabilities and Exposures (CVEs)
    31  
    32  `)
    33  
    34  	getCVEExample = templates.Examples(`
    35  		# List all Common Vulnerabilities and Exposures (CVEs)
    36  
    37  		jx get cve # using current dir as the context for app name
    38  		jx get cve --app foo
    39  		jx get cve --app foo --version 1.0.0
    40  		jx get cve --app foo --environment staging
    41  		jx get cve --environment staging
    42  	`)
    43  )
    44  
    45  // NewCmdGetCVE creates the command
    46  func NewCmdGetCVE(commonOpts *opts.CommonOptions) *cobra.Command {
    47  	options := &GetCVEOptions{
    48  		Options: Options{
    49  			CommonOptions: commonOpts,
    50  		},
    51  	}
    52  
    53  	cmd := &cobra.Command{
    54  		Use:     "cve [flags]",
    55  		Short:   "Display Common Vulnerabilities and Exposures (CVEs)",
    56  		Long:    getCVELong,
    57  		Example: getCVEExample,
    58  		Aliases: []string{"cves"},
    59  		Run: func(cmd *cobra.Command, args []string) {
    60  			options.Cmd = cmd
    61  			options.Args = args
    62  			err := options.Run()
    63  			helper.CheckErr(err)
    64  		},
    65  	}
    66  
    67  	options.addGetCVEFlags(cmd)
    68  
    69  	return cmd
    70  }
    71  
    72  func (o *GetCVEOptions) addGetCVEFlags(cmd *cobra.Command) {
    73  	cmd.Flags().StringVarP(&o.ImageName, "image-name", "", "", "Full image name e.g. jenkinsxio/nexus ")
    74  	cmd.Flags().StringVarP(&o.ImageID, "image-id", "", "", "Image ID in CVE engine if already known")
    75  	cmd.Flags().StringVarP(&o.Version, "version", "", "", "Version or tag e.g. 0.0.1")
    76  	cmd.Flags().StringVarP(&o.Env, "environment", "e", "", "The Environment to find running applications")
    77  }
    78  
    79  // Run implements this command
    80  func (o *GetCVEOptions) Run() error {
    81  
    82  	client, currentNamespace, err := o.KubeClientAndNamespace()
    83  	if err != nil {
    84  		return fmt.Errorf("cannot connect to Kubernetes cluster: %v", err)
    85  	}
    86  
    87  	jxClient, _, err := o.JXClient()
    88  	if err != nil {
    89  		return fmt.Errorf("cannot create jx client: %v", err)
    90  	}
    91  
    92  	externalURL, err := o.EnsureAddonServiceAvailable(kube.AddonServices[create.DefaultAnchoreName])
    93  	if err != nil {
    94  		log.Logger().Warnf("no CVE provider service found, are you in your teams dev environment?  Type `jx env` to switch.")
    95  		return fmt.Errorf("if no CVE provider running, try running `jx create addon anchore` in your teams dev environment: %v", err)
    96  	}
    97  
    98  	// if no flags are set try and guess the image name from the current directory
    99  	if o.ImageID == "" && o.ImageName == "" && o.Env == "" {
   100  		return fmt.Errorf("no --image-name, --image-id or --environment flags set\n")
   101  	}
   102  
   103  	server, auth, err := o.GetAddonAuthByKind(kube.ValueKindCVE, externalURL)
   104  	if err != nil {
   105  		return fmt.Errorf("error getting anchore engine auth details, %v", err)
   106  	}
   107  
   108  	p, err := cve.NewAnchoreProvider(server, auth)
   109  	if err != nil {
   110  		return fmt.Errorf("error creating anchore provider, %v", err)
   111  	}
   112  	table := o.CreateTable()
   113  	table.AddRow("Image", util.ColorInfo("Severity"), "Vulnerability", "URL", "Package", "Fix")
   114  
   115  	query := cve.CVEQuery{
   116  		ImageID:     o.ImageID,
   117  		ImageName:   o.ImageName,
   118  		Environment: o.Env,
   119  		Vesion:      o.Version,
   120  	}
   121  
   122  	if o.Env != "" {
   123  		targetNamespace, err := kube.GetEnvironmentNamespace(jxClient, currentNamespace, o.Env)
   124  		if err != nil {
   125  			return err
   126  		}
   127  		query.TargetNamespace = targetNamespace
   128  	}
   129  
   130  	err = p.GetImageVulnerabilityTable(jxClient, client, &table, query)
   131  	if err != nil {
   132  		return fmt.Errorf("error getting vulnerability table for image %s: %v", query.ImageID, err)
   133  	}
   134  
   135  	table.Render()
   136  	return nil
   137  }