mirror of
https://github.com/anchore/syft.git
synced 2025-11-19 17:33:18 +01:00
afc0c1acd9
Add source.NewFromRegistry function so that the syft attest command can always explicitly ask for an OCIRegistry provider rather than rely on local daemon detection for image sources. Attestation can not be used where local images loaded in a daemon are the source. Digest values for the layer identification step in attestation can sometimes vary across workstations. This fix makes it so that attest is generating an SBOM for, and attesting to, a source that exists in an OCI registry. It should never load a source from a local user docker/podman daemon. Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
74 lines
2.3 KiB
Go
74 lines
2.3 KiB
Go
package source
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/anchore/stereoscope/pkg/image"
|
|
"github.com/mitchellh/go-homedir"
|
|
"github.com/spf13/afero"
|
|
)
|
|
|
|
// Scheme represents the optional prefixed string at the beginning of a user request (e.g. "docker:").
|
|
type Scheme string
|
|
|
|
const (
|
|
// UnknownScheme is the default scheme
|
|
UnknownScheme Scheme = "UnknownScheme"
|
|
// DirectoryScheme indicates the source being cataloged is a directory on the root filesystem
|
|
DirectoryScheme Scheme = "DirectoryScheme"
|
|
// ImageScheme indicates the source being cataloged is a container image
|
|
ImageScheme Scheme = "ImageScheme"
|
|
// FileScheme indicates the source being cataloged is a single file
|
|
FileScheme Scheme = "FileScheme"
|
|
)
|
|
|
|
var AllSchemes = []Scheme{
|
|
DirectoryScheme,
|
|
ImageScheme,
|
|
FileScheme,
|
|
}
|
|
|
|
func DetectScheme(fs afero.Fs, imageDetector sourceDetector, userInput string) (Scheme, image.Source, string, error) {
|
|
switch {
|
|
case strings.HasPrefix(userInput, "dir:"):
|
|
dirLocation, err := homedir.Expand(strings.TrimPrefix(userInput, "dir:"))
|
|
if err != nil {
|
|
return UnknownScheme, image.UnknownSource, "", fmt.Errorf("unable to expand directory path: %w", err)
|
|
}
|
|
return DirectoryScheme, image.UnknownSource, dirLocation, nil
|
|
|
|
case strings.HasPrefix(userInput, "file:"):
|
|
fileLocation, err := homedir.Expand(strings.TrimPrefix(userInput, "file:"))
|
|
if err != nil {
|
|
return UnknownScheme, image.UnknownSource, "", fmt.Errorf("unable to expand directory path: %w", err)
|
|
}
|
|
return FileScheme, image.UnknownSource, fileLocation, nil
|
|
}
|
|
|
|
// try the most specific sources first and move out towards more generic sources.
|
|
|
|
// first: let's try the image detector, which has more scheme parsing internal to stereoscope
|
|
source, imageSpec, err := imageDetector(userInput)
|
|
if err == nil && source != image.UnknownSource {
|
|
return ImageScheme, source, imageSpec, nil
|
|
}
|
|
|
|
// next: let's try more generic sources (dir, file, etc.)
|
|
location, err := homedir.Expand(userInput)
|
|
if err != nil {
|
|
return UnknownScheme, image.UnknownSource, "", fmt.Errorf("unable to expand potential directory path: %w", err)
|
|
}
|
|
|
|
fileMeta, err := fs.Stat(location)
|
|
if err != nil {
|
|
return UnknownScheme, source, "", nil
|
|
}
|
|
|
|
if fileMeta.IsDir() {
|
|
return DirectoryScheme, source, location, nil
|
|
}
|
|
|
|
return FileScheme, source, location, nil
|
|
}
|