Skip to content

Commit

Permalink
Merge pull request #11 from Exein-io/docker-lite
Browse files Browse the repository at this point in the history 
Add Docker lite support
  • Loading branch information
@krsh
krsh authored Nov 11, 2022
2 parents b3d405c + bc7c36a commit 8dec255
Show file tree
Hide file tree
Showing 5 changed files with 150 additions and 10 deletions.
2 changes: 1 addition & 1 deletion Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "cosmo-cli"
version = "0.2.1"
version = "0.3.0"
description = "Easy Cosmo pipeline helper"
authors = [
"banditopazzo <[email protected]>",
Expand All @@ -9,7 +9,6 @@ authors = [
edition = "2021"
repository = "https://github.com/Exein-io/cosmo-cli.git"
homepage = "https://cosmo.exein.io"
license-file = "LICENSE"
license = "Apache-2.0"


Expand Down
3 changes: 3 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,8 @@ cargo build --release
* kernel
* software-bom
* static-code
### Container/Docker Lite Analysis
* cve-check
### UEFI Analysis
* access
* intel-boot-guard
Expand All @@ -75,6 +77,7 @@ cargo build --release
| linux | buildroot |
| linux | openwrt |
| container | docker |
| container | docker-lite |
| container | lxc |
| uefi | generic |
| vxworks | generic |
Expand Down
25 changes: 20 additions & 5 deletions src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ pub async fn run_cmd<U: ApiServer>(
.await?;

let project_id = project_created.id;
Box::new(format!("Project created successfull with id: {project_id}. Dashboard URL: {}/reports/{project_id}", api_server.address()))
Box::new(format!("Project created successfull with id: {project_id}\nDashboard URL: {}/reports/{project_id}", api_server.address()))
}
Command::List => {
impl CommandOutput for Vec<Project> {
Expand Down Expand Up @@ -140,10 +140,10 @@ pub async fn run_cmd<U: ApiServer>(
.context("Error extracting string")?;
log::debug!("project type {}", fw_type);
match fw_type {
"LINUX" | "CONTAINER" => {
"LINUX" => {
impl CommandOutput for LinuxProjectOverview {
fn text(&self) -> String {
format!("Overview: {:#?}", self) //TODO
LinuxProjectOverview::get_text_output(self)
}

fn json(&self) -> String {
Expand All @@ -155,10 +155,25 @@ pub async fn run_cmd<U: ApiServer>(

Box::new(lpo)
}
"CONTAINER" => {
impl CommandOutput for ContainerProjectOverview {
fn text(&self) -> String {
ContainerProjectOverview::get_text_output(self)
}

fn json(&self) -> String {
serde_json::to_string(self).unwrap()
}
}

let lpo: ContainerProjectOverview = serde_json::from_value(overview)?;

Box::new(lpo)
}
"UEFI" => {
impl CommandOutput for UefiProjectOverview {
fn text(&self) -> String {
format!("Overview: {:#?}", self) //TODO
UefiProjectOverview::get_text_output(self)
}

fn json(&self) -> String {
Expand All @@ -173,7 +188,7 @@ pub async fn run_cmd<U: ApiServer>(
"VXWORKS" => {
impl CommandOutput for VxworksProjectOverview {
fn text(&self) -> String {
format!("Overview: {:#?}", self) //TODO
VxworksProjectOverview::get_text_output(self)
}

fn json(&self) -> String {
Expand Down
127 changes: 125 additions & 2 deletions src/services/project_service.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@ use uuid::Uuid;

use crate::{api::ApiServer, cli::Analysis};

pub const FILE_SIZE_LIMIT: usize = 536870912; // 512 Mb
pub const FILE_SIZE_LIMIT: usize = 2147483648; // 2 Gb
pub const CVE_DETAILS_BASE_URL: &str = "https://nvd.nist.gov/vuln/detail/";

#[derive(Deserialize, Debug)]
pub struct ProjectIdDTO {
Expand Down Expand Up @@ -127,6 +128,41 @@ pub struct LinuxProjectOverviewSeverity {
pub high: u16,
}

impl LinuxProjectOverview {
pub fn get_text_output(project: &LinuxProjectOverview) -> String {
let banner = project
.info
.banner
.as_ref()
.map(|s| s.to_string())
.unwrap_or_default();
let kernel = project
.info
.kernel
.as_ref()
.map(|s| s.to_string())
.unwrap_or_default();
let kernelc = project
.info
.kernelc
.as_ref()
.map(|s| s.to_string())
.unwrap_or_default();
let libc = project
.info
.libc
.as_ref()
.map(|s| s.to_string())
.unwrap_or_default();
let arch = &project.info.arch;

format!(
"Architecture: {}\nBanner: {}\nLib C: {}\nKernel version: {}\nKernel compiler: {}",
arch, banner, libc, kernel, kernelc
)
}
}

#[derive(Debug, Serialize, Deserialize)]
pub struct ProjectAnalysis {
pub(crate) name: String,
Expand Down Expand Up @@ -203,30 +239,43 @@ impl LinuxHardeningAnalysis {

#[derive(Debug, Serialize, Deserialize)]
pub struct LinuxCveCheckAnalysis {
pub product: String,
pub cveid: String,
pub severity: String,
pub summary: String,
pub vendor: String,
pub product: String,
pub version: String,
pub vector: String,
pub patch: Option<String>,
pub references: Option<String>,
pub cvss: Option<serde_json::Value>,
pub problems: Option<serde_json::Value>,
pub published_date: Option<String>,
}

impl LinuxCveCheckAnalysis {
pub fn get_table_from_list(list: &[LinuxCveCheckAnalysis]) -> String {
let mut table = Table::new();
table.style = TableStyle::simple();
table.max_column_width = 30;
table.set_max_width_for_column(4, 50);
table.add_row(Row::new(vec![
TableCell::new("PRODUCT"),
TableCell::new("VERSION"),
TableCell::new("CVE ID"),
TableCell::new("SEVERITY"),
TableCell::new("DETAILS"),
]));

let rows: Vec<Row> = list
.iter()
.map(|project| {
vec![
TableCell::new(&project.product),
TableCell::new(&project.version),
TableCell::new(&project.cveid),
TableCell::new(&project.severity),
TableCell::new(format!("{}{}", CVE_DETAILS_BASE_URL, &project.cveid)),
]
})
.map(Row::new)
Expand Down Expand Up @@ -523,6 +572,44 @@ impl LinuxSoftwareBOMAnalysis {
}
}

// CONTAINER Analysis
#[derive(Debug, Serialize, Deserialize)]
pub struct ContainerProjectOverview {
pub info: ContainerInfo,
}

#[derive(Debug, Serialize, Deserialize)]
pub struct ContainerInfo {
pub arch: String,
pub os_name: Option<String>,
pub os_version: Option<String>,
pub env: Option<serde_json::Value>,
pub history: Option<String>,
}

impl ContainerProjectOverview {
pub fn get_text_output(project: &ContainerProjectOverview) -> String {
let name = project
.info
.os_name
.as_ref()
.map(|s| s.to_string())
.unwrap_or_default();
let version = project
.info
.os_version
.as_ref()
.map(|s| s.to_string())
.unwrap_or_default();
let arch = &project.info.arch;

format!(
"Name: {}\nVersion: {}\nArchitecture: {}",
name, version, arch
)
}
}

// UEFI Analysis

#[derive(Debug, Serialize, Deserialize)]
Expand All @@ -539,6 +626,20 @@ pub struct UefiInfo {
pub s3mit: String,
}

impl UefiProjectOverview {
pub fn get_text_output(project: &UefiProjectOverview) -> String {
let manufacturer = &project.info.manufacturer;
let dxe_no = &project.info.dxe_no;
let pei_no = &project.info.pei_no;
let s3mit = &project.info.s3mit;

format!(
"Manufacturer: {}\nDXE number: {}\nPEI number: {}\nS3 mitigation: {}",
manufacturer, dxe_no, pei_no, s3mit
)
}
}

#[derive(Debug, Serialize, Deserialize)]
pub struct UefiAccess {
read: String,
Expand Down Expand Up @@ -829,6 +930,28 @@ pub struct VxworksInfo {
pub os: String,
}

impl VxworksProjectOverview {
pub fn get_text_output(project: &VxworksProjectOverview) -> String {
let os = &project.info.os;
let arch = &project.info.arch;
let functions_no = &project.info.functions_no;
let tasks_no = &project.info.tasks_no;
let symbols_no = &project.info.symbols_no;

let kernel = project
.info
.kernel
.as_ref()
.map(|s| s.to_string())
.unwrap_or_default();

format!(
"Architecture: {}\nOS version: {}\nKernel version: {}\nFunctions: {}\nTasks: {}\nSymbols: {}",
arch, os, kernel, functions_no, tasks_no, symbols_no
)
}
}

#[derive(Debug, Serialize, Deserialize)]
pub struct VxworksData {
offset: u32,
Expand Down

0 comments on commit 8dec255

Please sign in to comment.