Skip to content

Commit

Permalink
Ingest directory scheme scans into xeol.io (#163)
Browse files Browse the repository at this point in the history
Signed-off-by: Benji Visser <benji@093b.org>
  • Loading branch information
noqcks authored Sep 3, 2023
1 parent 777e3c4 commit f98ac75
Show file tree
Hide file tree
Showing 4 changed files with 93 additions and 7 deletions.
16 changes: 14 additions & 2 deletions cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -260,6 +260,7 @@ func startWorker(userInput string, failOnEolFound bool, eolMatchDate time.Time)
var wg = &sync.WaitGroup{}
var loadedDB, gatheredPackages bool
var policies []policy.Policy
var eventSourceScheme source.Scheme
x := xeolio.NewXeolClient(appConfig.APIKey)

wg.Add(3)
Expand Down Expand Up @@ -294,6 +295,7 @@ func startWorker(userInput string, failOnEolFound bool, eolMatchDate time.Time)
errs <- fmt.Errorf("failed to catalog: %w", err)
return
}
eventSourceScheme = xeolio.EventSourceScheme(sbom.Source)
gatheredPackages = true
}()
wg.Wait()
Expand Down Expand Up @@ -332,11 +334,16 @@ func startWorker(userInput string, failOnEolFound bool, eolMatchDate time.Time)
for _, p := range policies {
switch p.GetPolicyType() {
case types.PolicyTypeNotary:
// Notary policy is only applicable to images
if eventSourceScheme != source.ImageScheme {
continue
}
shouldFailScan, res := p.Evaluate(allMatches, appConfig.ProjectName, userInput)
imageVerified = res.GetVerified()
if shouldFailScan {
failScan = true
}

case types.PolicyTypeEol:
shouldFailScan, _ := p.Evaluate(allMatches, appConfig.ProjectName, userInput)
if shouldFailScan {
Expand All @@ -354,13 +361,18 @@ func startWorker(userInput string, failOnEolFound bool, eolMatchDate time.Time)
return
}

eventSource, err := xeolio.NewEventSource(sbom.Source)
if err != nil {
errs <- fmt.Errorf("failed to create event source: %w", err)
return
}

if err := x.SendEvent(report.XeolEventPayload{
Matches: allMatches.Sorted(),
Packages: packages,
Context: pkgContext,
AppConfig: appConfig,
ImageName: sbom.Source.ImageMetadata.UserInput,
ImageDigest: sbom.Source.ImageMetadata.ManifestDigest,
EventSource: eventSource,
ImageVerified: imageVerified,
Sbom: base64.StdEncoding.EncodeToString(buf.Bytes()),
}); err != nil {
Expand Down
5 changes: 2 additions & 3 deletions internal/xeolio/request.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,7 @@ import (
)

const (
XeolAPIURL = "https://api.xeol.io"
XeolEngineURL = "https://engine.xeol.io"
XeolAPIURL = "https://api.xeol.io"
)

type XeolClient struct {
Expand Down Expand Up @@ -77,5 +76,5 @@ func (x *XeolClient) SendEvent(payload report.XeolEventPayload) error {
return fmt.Errorf("error marshalling xeol.io API request: %v", err)
}

return x.makeRequest("PUT", XeolEngineURL, "v1/scan", bytes.NewBuffer(p), nil)
return x.makeRequest("PUT", XeolAPIURL, "v2/scan", bytes.NewBuffer(p), nil)
}
76 changes: 76 additions & 0 deletions internal/xeolio/source.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
package xeolio

import (
"fmt"

"github.com/anchore/syft/syft/source"
)

type EventSource interface {
Serialize() map[string]interface{}
}

type DirectorySource struct {
ID string
Type string
Target string
}

func (s *DirectorySource) Serialize() map[string]interface{} {
return map[string]interface{}{
"ID": s.ID,
"Type": s.Type,
"Target": s.Target,
}
}

func NewDirectorySource(sbomSource source.Metadata) *DirectorySource {
return &DirectorySource{
ID: sbomSource.ID,
Type: string(sbomSource.Scheme),
Target: sbomSource.Path,
}
}

type ImageSource struct {
ID string
Type string
ImageName string
ImageDigest string
ManifestDigest string
}

func NewImageSource(sbomSource source.Metadata) *ImageSource {
return &ImageSource{
ID: sbomSource.ID,
Type: string(sbomSource.Scheme),
ImageName: sbomSource.ImageMetadata.UserInput,
ImageDigest: sbomSource.ImageMetadata.ID,
ManifestDigest: sbomSource.ImageMetadata.ManifestDigest,
}
}

func (s *ImageSource) Serialize() map[string]interface{} {
return map[string]interface{}{
"ID": s.ID,
"Type": s.Type,
"ImageName": s.ImageName,
"ImageDigest": s.ImageDigest,
"ManifestDigest": s.ManifestDigest,
}
}

func EventSourceScheme(sbomSource source.Metadata) source.Scheme {
return sbomSource.Scheme
}

func NewEventSource(sbomSource source.Metadata) (map[string]interface{}, error) {
if sbomSource.Scheme == source.DirectoryScheme {
return NewDirectorySource(sbomSource).Serialize(), nil
}
if sbomSource.Scheme == source.ImageScheme {
return NewImageSource(sbomSource).Serialize(), nil
}

return nil, fmt.Errorf("unsupported source type: %s", sbomSource.Scheme)
}
3 changes: 1 addition & 2 deletions xeol/report/model.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ type XeolEventPayload struct {
Context pkg.Context
AppConfig interface{}
ImageVerified bool
ImageName string
ImageDigest string
EventSource map[string]interface{}
Sbom string
}

0 comments on commit f98ac75

Please sign in to comment.