/
main.go
111 lines (93 loc) · 2.33 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package main
import (
"fmt"
kingpin "gopkg.in/alecthomas/kingpin.v2"
"log"
"net/http"
"os"
"strconv"
"strings"
)
var debug = false
var rules Rules
func (v Validation) validFrom() bool {
for _, entry := range v.Rules.From {
// If there's a wildcard, check the substring, otherwise, check the image
if strings.Contains(entry, "/*") {
seed := entry[:len(entry)-2]
if strings.Contains(v.Dockerfile.From(), seed) {
return true
} else {
return false
}
}
if entry == v.Dockerfile.From() {
return true
}
}
return false
}
func (v Validation) isRootUser() bool {
if v.Dockerfile.User() == "root" || v.Dockerfile.User() == "" {
return true
}
return false
}
func (v Validation) isRootUserAllowed() bool {
// Rules.RootUser = true allow root
if v.Rules.AllowRootUser {
return true
} else {
// root user not allowed
if !v.isRootUser() {
return true
}
}
return false
}
func (v Validation) validate() (bool, string) {
lines := []string{}
valid := true
if !v.validFrom() {
valid = false
lines = append(lines, "FROM not valid")
}
if v.isRootUser() {
if !v.Rules.AllowRootUser {
valid = false
lines = append(lines, "Running as root")
}
}
return valid, strings.Join(lines, "\n")
}
var (
startDaemon = kingpin.Flag("daemon", "start a simple HTTP serving your slides.").Short('d').Bool()
port = kingpin.Flag("port", "port where to run the server.").Short('p').Default("8080").Int()
dockerfile = kingpin.Flag("dockerfile", "dockerfile to be analysed").Short('f').Default("Dockerfile").String()
rulesFile = kingpin.Flag("rules", "Rules file").Short('r').String()
)
func main() {
kingpin.Parse()
if *startDaemon {
debug, _ = strconv.ParseBool(os.Getenv("DEBUG"))
rules, _ = loadRulesFromFile("rules.yaml")
log.Println("Daemon is listening in port", strconv.Itoa(*port))
http.HandleFunc("/validate", validateHandler)
http.HandleFunc("/setup", uploadHandler)
http.HandleFunc("/rules", uploadRulesHandler)
http.HandleFunc("/", defaultHandler)
http.ListenAndServe(":8080", nil)
} else {
rules, _ = loadRulesFromFile(*rulesFile)
dfile, _ := DockerfileFromPath(*dockerfile)
v := Validation{rules, dfile}
valid, msg := v.validate()
if valid {
fmt.Println("Dockerfile valid")
os.Exit(0)
} else {
fmt.Println("Docker file not vallid:", msg)
os.Exit(1)
}
}
}