scan: improve functionality with locally saved images

Previously the locally saved image flow was at best confusing and at
worst just wrong for some cases. This change simplified the handling of
local images and reduces resources that were previously allocated for no
good reason. Tests were also added to verify both docker and podman
saved images work as expected. The application now expects all saved
images to follow the OCI spec https://github.com/opencontainers/image-spec/blob/v1.1.1/image-layout.md

This code was backported by Claude Code.

Co-authored-by: crozzy <joseph.crosland@gmail.com>

Author: Mab879

.gitignore

@@ -3,4 +3,6 @@
 /feeds
 /reports
 /vendor
-/cvetool
+/cvetool
+*db*
+*.patch

cmd/cvetool/scan.go

@@ -12,6 +12,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/quay/claircore"
 	"github.com/quay/claircore/enricher/cvss"
 	"github.com/quay/claircore/indexer"
 	"github.com/quay/claircore/libindex"
@@ -127,8 +128,8 @@ func scan(c *cli.Context) error {
 	)
 
 	var (
-		img image.Image
-		fa  indexer.FetchArena
+		mf *claircore.Manifest
+		fa indexer.FetchArena
 	)
 	switch {
 	case imgRef != "":
@@ -138,24 +139,32 @@ func scan(c *cli.Context) error {
 		if err != nil {
 			return fmt.Errorf("error setting DOCKER_CONFIG env var")
 		}
-		img = image.NewDockerRemoteImage(ctx, imgRef)
+		mf, err = image.ManifestFromRemote(ctx, imgRef)
+		if err != nil {
+			return fmt.Errorf("error getting image information: %v", err)
+		}
 	case imgPath != "":
 		fa = &LocalFetchArena{}
 		var err error
-		img, err = image.NewDockerLocalImage(ctx, imgPath, os.TempDir())
+		mf, err = image.ManifestFromLocal(ctx, imgPath, os.TempDir())
 		if err != nil {
 			return fmt.Errorf("error getting image information: %v", err)
 		}
 	case rootPath != "":
 		fa = &LocalFetchArena{}
 		var err error
-		img, err = image.NewFileSystemImage(ctx, rootPath)
+		mf, err = image.ManifestFromFilesystem(ctx, rootPath)
 		if err != nil {
 			return fmt.Errorf("error getting filesystem information: %v", err)
 		}
 	default:
 		return fmt.Errorf("no --image-path ($IMAGE_PATH), --image-ref ($IMAGE_REF) or --root-path ($ROOT_PATH) set")
 	}
+	defer func() {
+		for _, l := range mf.Layers {
+			l.Close()
+		}
+	}()
 
 	switch {
 	case dbPath != "":
@@ -204,11 +213,6 @@ func scan(c *cli.Context) error {
 		return fmt.Errorf("error creating Libvuln: %v", err)
 	}
 
-	mf, err := img.GetManifest(ctx)
-	if err != nil {
-		return fmt.Errorf("error creating manifest: %v", err)
-	}
-
 	indexerOpts := &libindex.Options{
 		Store:  datastore.NewLocalIndexerStore(),
 		Locker: NewLocalLockSource(),

image/docker.go

@@ -8,54 +8,27 @@ import (
 	"github.com/quay/claircore"
 )
 
-type fileSystemImage struct {
-	imageDigest string
-	layerPaths  []string
-	rootDir     string
-}
-
-func NewFileSystemImage(ctx context.Context, rootDir string) (*fileSystemImage, error) {
-	fsi := &fileSystemImage{}
-	fsi.rootDir = rootDir
-	return fsi, nil
-}
-
-func (i *fileSystemImage) getLayers(ctx context.Context) ([]*claircore.Layer, error) {
-	layers := []*claircore.Layer{}
+func ManifestFromFilesystem(ctx context.Context, rootDir string) (*claircore.Manifest, error) {
+	digest, err := claircore.ParseDigest(fmt.Sprintf("sha256:%s", strings.Repeat("0", 64)))
+	if err != nil {
+		return nil, err
+	}
 
 	desc := &claircore.LayerDescription{
 		Digest:    fmt.Sprintf("sha256:%s", strings.Repeat("1", 64)),
-		URI:       "file://" + i.rootDir,
+		URI:       "file://" + rootDir,
 		MediaType: "application/vnd.claircore.filesystem",
 	}
 
 	l := &claircore.Layer{}
-	err := l.Init(ctx, desc, nil)
-
+	err = l.Init(ctx, desc, nil)
 	if err != nil {
 		return nil, err
 	}
-
 	l.Close()
 
-	layers = append(layers, l)
-
-	return layers, nil
-}
-
-func (i *fileSystemImage) GetManifest(ctx context.Context) (*claircore.Manifest, error) {
-	digest, err := claircore.ParseDigest(fmt.Sprintf("sha256:%s", strings.Repeat("0", 64)))
-	if err != nil {
-		return nil, err
-	}
-
-	layers, err := i.getLayers(ctx)
-	if err != nil {
-		return nil, err
-	}
-
 	return &claircore.Manifest{
 		Hash:   digest,
-		Layers: layers,
+		Layers: []*claircore.Layer{l},
 	}, nil
 }