func usage(name string) string {
s, ok := flagUsage[name]
if !ok {
panic(fmt.Sprintf("flag usage not defined for %q", name))
}
s = "\n" + strings.TrimSpace(s) + "\n"
// github.com/spf13/pflag appends the default value after the usage text. Add
// the correct indentation (7 spaces) here. This is admittedly fragile.
return text.Indent(s, strings.Repeat(" ", usageIndentation)) +
strings.Repeat(" ", usageIndentation-1)
}
func usage(name string) string {
s := flagUsage[name]
if s[0] != '\n' {
s = "\n" + s
}
if s[len(s)-1] != '\n' {
s = s + "\n"
}
// github.com/spf13/pflag appends the default value after the usage text. Add
// the correct indentation (7 spaces) here. This is admittedly fragile.
return text.Indent(s, strings.Repeat(" ", usageIndentation)) +
strings.Repeat(" ", usageIndentation-1)
}
func outputErrors(errors []compilercommon.SourceError) {
sort.Sort(ErrorsSlice(errors))
highlight := color.New(color.FgRed, color.Bold)
location := color.New(color.FgWhite)
message := color.New(color.FgHiWhite)
for _, err := range errors {
highlight.Print("ERROR: ")
location.Printf("At %v:%v:%v:\n", err.SourceAndLocation().Source(), err.SourceAndLocation().Location().LineNumber()+1, err.SourceAndLocation().Location().ColumnPosition()+1)
message.Printf("%s\n\n", text.Indent(text.Wrap(err.Error(), 80), " "))
}
}
func outputWarnings(warnings []compilercommon.SourceWarning) {
sort.Sort(WarningsSlice(warnings))
highlight := color.New(color.FgYellow, color.Bold)
location := color.New(color.FgWhite)
message := color.New(color.FgHiWhite)
for _, warning := range warnings {
highlight.Print("WARNING: ")
location.Printf("At %v:%v:%v:\n", warning.SourceAndLocation().Source(), warning.SourceAndLocation().Location().LineNumber()+1, warning.SourceAndLocation().Location().ColumnPosition()+1)
message.Printf("%s\n\n", text.Indent(text.Wrap(warning.String(), 80), " "))
}
}
// makeUsageString returns the usage information for a given flag identifier. The
// identifier is always the flag's name, except in the case where a client/server
// distinction for the same flag is required.
func makeUsageString(flagID string, hasEnv bool) string {
s, ok := flagUsage[flagID]
if !ok {
panic(fmt.Sprintf("flag usage not defined for %q", flagID))
}
s = "\n" + strings.TrimSpace(s) + "\n"
if hasEnv {
s = s + "Environment variable: " + envutil.VarName(flagID) + "\n"
}
// github.com/spf13/pflag appends the default value after the usage text. Add
// the correct indentation (7 spaces) here. This is admittedly fragile.
return text.Indent(s, strings.Repeat(" ", usageIndentation)) +
strings.Repeat(" ", usageIndentation-1)
}
// makeUsageString returns the usage information for a given flag identifier. The
// identifier is always the flag's name, except in the case where a client/server
// distinction for the same flag is required.
func makeUsageString(flagInfo cliflags.FlagInfo) string {
s := "\n" + wrapDescription(flagInfo.Description) + "\n"
if flagInfo.EnvVar != "" {
// Check that the environment variable name matches the flag name. Note: we
// don't want to automatically generate the name so that grepping for a flag
// name in the code yields the flag definition.
correctName := "COCKROACH_" + strings.ToUpper(strings.Replace(flagInfo.Name, "-", "_", -1))
if flagInfo.EnvVar != correctName {
panic(fmt.Sprintf("incorrect EnvVar %s for flag %s (should be %s)",
flagInfo.EnvVar, flagInfo.Name, correctName))
}
s = s + "Environment variable: " + flagInfo.EnvVar + "\n"
}
// github.com/spf13/pflag appends the default value after the usage text. Add
// the correct indentation (7 spaces) here. This is admittedly fragile.
return text.Indent(s, strings.Repeat(" ", usageIndentation)) +
strings.Repeat(" ", usageIndentation-1)
}
// this isn't real efficient, but that's not a problem here
func wrap(s string, indent int) string {
if indent > 3 {
indent = 3
}
wrapped := text.Wrap(s, maxLine)
lines := strings.SplitN(wrapped, "\n", 2)
if len(lines) == 1 {
return lines[0]
}
if (maxLine - indentLen(indent)) <= 0 {
panic("too much indentation")
}
rest := strings.Join(lines[1:], " ")
wrapped = text.Wrap(rest, maxLine-indentLen(indent))
return lines[0] + "\n" + text.Indent(wrapped, makeIndent(indent))
}
func generateFunctions(ymlFile string) []byte {
data, err := ioutil.ReadFile(ymlFile)
if err != nil {
log.Fatalf("ERROR: Problem reading from file '%v' - %s", ymlFile, err)
}
// json is valid YAML, so we can safely convert, even if it is already json
rawJSON, err := yaml.YAMLToJSON(data)
if err != nil {
log.Fatalf("ERROR: Problem converting file '%v' to json format - %s", ymlFile, err)
}
rawJSON, err = jsontest.FormatJson(rawJSON)
if err != nil {
log.Fatalf("ERROR: Problem pretty printing json in '%v' - %s", ymlFile, err)
}
// the following strings.Replace function call safely escapes backticks (`) in rawJSON
escapedJSON := "`" + strings.Replace(text.Indent(fmt.Sprintf("%v", string(rawJSON)), ""), "`", "` + \"`\" + `", -1) + "`"
response := `
// Returns json schema for the payload part of the task definition. Please
// note we use a go string and do not load an external file, since we want this
// to be *part of the compiled executable*. If this sat in another file that
// was loaded at runtime, it would not be burned into the build, which would be
// bad for the following two reasons:
// 1) we could no longer distribute a single binary file that didn't require
// installation/extraction
// 2) the payload schema is specific to the version of the code, therefore
// should be versioned directly with the code and *frozen on build*.
//
// Run ` + "`generic-worker show-payload-schema`" + ` to output this schema to standard
// out.
func taskPayloadSchema() string {
return ` + escapedJSON + `
}`
return []byte(response)
}
func printCommit(c *vcs.Commit) {
fmt.Printf("%s\n%s <%s> at %v\n%s\n\n", c.ID, c.Author.Name, c.Author.Email, c.Author.Date.Time(), text.Indent(c.Message, "\t"))
}
func (e *errRockerBuildRun) Error() string {
sep := "\n---------------------------------\n"
return fmt.Sprintf("Failed to run rocker build:\n\nRockerfile:%s%s%sCmd Error:\n%s",
sep, e.rockerfileContent, sep, text.Indent(e.cmdErr.Error(), " "))
}
func wrappedIndent(s string, indentS string) string {
return text.Indent(text.Wrap(s, 80-len(indentS)), indentS)
}
func AnalyzeLocalImage(imageName string, minSeverity types.Priority, endpoint, myAddress, tmpPath string) error {
// Save image.
log.Printf("Saving %s to local disk (this may take some time)", imageName)
err := save(imageName, tmpPath)
if err != nil {
return fmt.Errorf("Could not save image: %s", err)
}
// Retrieve history.
log.Println("Retrieving image history")
layerIDs, err := historyFromManifest(tmpPath)
if err != nil {
layerIDs, err = historyFromCommand(imageName)
}
if err != nil || len(layerIDs) == 0 {
return fmt.Errorf("Could not get image's history: %s", err)
}
// Setup a simple HTTP server if Clair is not local.
if !strings.Contains(endpoint, "127.0.0.1") && !strings.Contains(endpoint, "localhost") {
allowedHost := strings.TrimPrefix(endpoint, "http://")
portIndex := strings.Index(allowedHost, ":")
if portIndex >= 0 {
allowedHost = allowedHost[:portIndex]
}
log.Printf("Setting up HTTP server (allowing: %s)\n", allowedHost)
ch := make(chan error)
go listenHTTP(tmpPath, allowedHost, ch)
select {
case err := <-ch:
return fmt.Errorf("An error occured when starting HTTP server: %s", err)
case <-time.After(100 * time.Millisecond):
break
}
tmpPath = "http://" + myAddress + ":" + strconv.Itoa(httpPort)
}
// Analyze layers.
log.Printf("Analyzing %d layers... \n", len(layerIDs))
for i := 0; i < len(layerIDs); i++ {
log.Printf("Analyzing %s\n", layerIDs[i])
if i > 0 {
err = analyzeLayer(endpoint, tmpPath+"/"+layerIDs[i]+"/layer.tar", layerIDs[i], layerIDs[i-1])
} else {
err = analyzeLayer(endpoint, tmpPath+"/"+layerIDs[i]+"/layer.tar", layerIDs[i], "")
}
if err != nil {
return fmt.Errorf("Could not analyze layer: %s", err)
}
}
// Get vulnerabilities.
log.Println("Retrieving image's vulnerabilities")
layer, err := getLayer(endpoint, layerIDs[len(layerIDs)-1])
if err != nil {
return fmt.Errorf("Could not get layer information: %s", err)
}
// Print report.
fmt.Printf("Clair report for image %s (%s)\n", imageName, time.Now().UTC())
if len(layer.Features) == 0 {
fmt.Printf("%s No features have been detected in the image. This usually means that the image isn't supported by Clair.\n", color.YellowString("NOTE:"))
return nil
}
isSafe := true
hasVisibleVulnerabilities := false
var vulnerabilities = make([]vulnerabilityInfo, 0)
for _, feature := range layer.Features {
if len(feature.Vulnerabilities) > 0 {
for _, vulnerability := range feature.Vulnerabilities {
severity := types.Priority(vulnerability.Severity)
isSafe = false
if minSeverity.Compare(severity) > 0 {
continue
}
hasVisibleVulnerabilities = true
vulnerabilities = append(vulnerabilities, vulnerabilityInfo{vulnerability, feature, severity})
}
}
}
// Sort vulnerabilitiy by severity.
priority := func(v1, v2 vulnerabilityInfo) bool {
return v1.severity.Compare(v2.severity) >= 0
}
By(priority).Sort(vulnerabilities)
for _, vulnerabilityInfo := range vulnerabilities {
vulnerability := vulnerabilityInfo.vulnerability
feature := vulnerabilityInfo.feature
severity := vulnerabilityInfo.severity
fmt.Printf("%s (%s)\n", vulnerability.Name, coloredSeverity(severity))
if vulnerability.Description != "" {
fmt.Printf("%s\n\n", text.Indent(text.Wrap(vulnerability.Description, 80), "\t"))
}
fmt.Printf("\tPackage: %s @ %s\n", feature.Name, feature.Version)
if vulnerability.FixedBy != "" {
fmt.Printf("\tFixed version: %s\n", vulnerability.FixedBy)
}
if vulnerability.Link != "" {
fmt.Printf("\tLink: %s\n", vulnerability.Link)
}
fmt.Printf("\tLayer: %s\n", feature.AddedBy)
fmt.Println("")
}
if isSafe {
fmt.Printf("%s No vulnerabilities were detected in your image\n", color.GreenString("Success!"))
} else if !hasVisibleVulnerabilities {
fmt.Printf("%s No vulnerabilities matching the minimum severity level were detected in your image\n", color.YellowString("NOTE:"))
}
return nil
}
func init() {
var directives []string
for _, cmd := range search.Commands {
s := cmd.Name
if len(cmd.Synonyms) > 0 {
s += sf(" (synonyms: %s)", strings.Join(cmd.Synonyms, ", "))
}
s += "\n"
s += text.Indent(text.Wrap(cmd.Description, 78), " ")
directives = append(directives, s)
}
cmdDoc := strings.Join(directives, "\n\n")
cmdSearch.help = sf(`
The search command exposes a flexible interface for quickly searching IMDb
for entities, where entities includes movies, TV shows, episodes and actors.
A search query has two different components: text to search the names of
entities in the database and directives to do additional filtering on
attributes of entities (like year released, episode number, cast/credits,
etc.). Included in those directives are options to sort the results or specify
a limit on the number of results returned.
The search query is composed of whitespace delimited tokens. Each token that
starts and ends with a '{' and '}' is a directive. All other tokens are used as
text to search the names of entities.
If you're using PostgreSQL with the 'pg_trgm' extension enabled, then text
searching is fuzzy. Otherwise, text may contain the wildcard '%%' which matches
any sequence of characters or the wildcard '_' which matches any single
character. Whenever a wildcard character is used, fuzzy search is disabled (and
the search will be case insensitive).
Directives have the form '{NAME[:ARGUMENT]}', where NAME is the name of the
directive and ARGUMENT is an argument for the directive. Each directive either
requires no argument or requires a single argument.
Examples
--------
The following are some example query strings. They can be used in 'goim search'
as is. Note that examples without wildcards assume that a PostgreSQL database
is used with the 'pg_trgm' extension enabled. Some also assume that your
database has certain data (for example, the 'actors' list must be loaded to use
the 'cast' and 'credits' directives).
Find all entities with names beginning with 'The Matrix' (case insensitive):
'the matrix%%'
Now restrict those results to only movies:
'the matrix%%' {movie}
Or restrict them further by only listing movies where Keanu Reeves is a
credited cast member:
'the matrix%%' {movie} {cast:keanu reeves}
Finally, sort the list of movies by IMDb rank and restrict the results to only
movies with 10,000 votes or more:
'the matrix%%' {movie} {cast:keanu reeves} {sort:rank desc} {votes:10000-}
We could also search in the other direction, for example, by finding the top
5 credits in the movie The Matrix:
{credits:the matrix} {billing:1-5} {sort:billing asc}
If you try this with 'goim search', then you'll get a prompt that 'credits is
ambiguous' with a list of entities to choose. This can be rather inconvenient
to see every time. Luckily, directives like 'credits' and 'cast' are actually
entire sub-searches that support directives themselves. For example, we can
specify that the matrix is a movie, which should be enough to make an
umabiguous selection:
{credits:the matrix {movie}} {billing:1-5} {sort:billing asc}
Let's switch gears and look at searching episodes for television shows. For
example, we can list the episode names for the first season of The Simpsons:
{show:simpsons} {seasons:1} {sort:episode asc}
Note here that there is no text to search here. But we could add some if we
wanted to, for example, to see all episodes in the entire series with 'bart' in
the title:
{show:simpsons} {sort:season asc} {sort:episode asc} '%%bart%%' {limit:1000}
Note the changes here: we removed the restriction on the first season, added
a limit of 1000 (since the default limit is 30, but there may be more than 30
episodes with 'bart' in the title) and added an additional sorting criterion.
In this case, we want to sort by season first and then by episode. (The order
in which they appear in the query matters.)
We can view this data in a lot of different ways, for example, by finding the
top 10 best ranked Simpsons episodes with more than 500 votes:
{show:simpsons} {sort:rank desc} {limit:10} {votes:500-}
All search directives
---------------------
%s
`, cmdDoc)
}