scan: improve functionality with locally saved images

cmd/cvetool/scan.go

@@ -12,6 +12,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/quay/claircore"
 	"github.com/quay/claircore/enricher/cvss"
 	"github.com/quay/claircore/indexer"
 	"github.com/quay/claircore/libindex"
@@ -127,8 +128,8 @@ func scan(c *cli.Context) error {
 	)
 
 	var (
-		img image.Image
-		fa  indexer.FetchArena
+		mf *claircore.Manifest
+		fa indexer.FetchArena
 	)
 	switch {
 	case imgRef != "":
@@ -138,24 +139,32 @@ func scan(c *cli.Context) error {
 		if err != nil {
 			return fmt.Errorf("error setting DOCKER_CONFIG env var")
 		}
-		img = image.NewDockerRemoteImage(ctx, imgRef)
+		mf, err = image.ManifestFromRemote(ctx, imgRef)
+		if err != nil {
+			return fmt.Errorf("error getting image information: %v", err)
+		}
 	case imgPath != "":
 		fa = &LocalFetchArena{}
 		var err error
-		img, err = image.NewDockerLocalImage(ctx, imgPath, os.TempDir())
+		mf, err = image.ManifestFromLocal(ctx, imgPath)
 		if err != nil {
 			return fmt.Errorf("error getting image information: %v", err)
 		}
 	case rootPath != "":
 		fa = &LocalFetchArena{}
 		var err error
-		img, err = image.NewFileSystemImage(ctx, rootPath)
+		mf, err = image.ManifestFromFilesystem(ctx, rootPath)
 		if err != nil {
 			return fmt.Errorf("error getting filesystem information: %v", err)
 		}
 	default:
 		return fmt.Errorf("no --image-path ($IMAGE_PATH), --image-ref ($IMAGE_REF) or --root-path ($ROOT_PATH) set")
 	}
+	defer func() {
+		for _, l := range mf.Layers {
+			l.Close()
+		}
+	}()
 
 	switch {
 	case dbPath != "":
@@ -204,11 +213,6 @@ func scan(c *cli.Context) error {
 		return fmt.Errorf("error creating Libvuln: %v", err)
 	}
 
-	mf, err := img.GetManifest(ctx)
-	if err != nil {
-		return fmt.Errorf("error creating manifest: %v", err)
-	}
-
 	indexerOpts := &libindex.Options{
 		Store:  datastore.NewLocalIndexerStore(),
 		Locker: NewLocalLockSource(),

go.mod

@@ -14,6 +14,7 @@ require (
 	github.com/remind101/migrate v0.0.0-20170729031349-52c1edff7319
 	github.com/rs/zerolog v1.35.1
 	github.com/urfave/cli/v2 v2.27.7
+	golang.org/x/tools v0.44.0
 	modernc.org/sqlite v1.49.1
 )
 
@@ -70,7 +71,6 @@ require (
 	golang.org/x/sys v0.43.0 // indirect
 	golang.org/x/text v0.36.0 // indirect
 	golang.org/x/time v0.14.0 // indirect
-	golang.org/x/tools v0.44.0 // indirect
 	google.golang.org/protobuf v1.36.8 // indirect
 	gotest.tools/v3 v3.5.2 // indirect
 	modernc.org/libc v1.72.0 // indirect

image/filesystem.go

@@ -8,54 +8,27 @@ import (
 	"github.com/quay/claircore"
 )
 
-type fileSystemImage struct {
-	imageDigest string
-	layerPaths  []string
-	rootDir     string
-}
-
-func NewFileSystemImage(ctx context.Context, rootDir string) (*fileSystemImage, error) {
-	fsi := &fileSystemImage{}
-	fsi.rootDir = rootDir
-	return fsi, nil
-}
-
-func (i *fileSystemImage) getLayers(ctx context.Context) ([]*claircore.Layer, error) {
-	layers := []*claircore.Layer{}
+func ManifestFromFilesystem(ctx context.Context, rootDir string) (*claircore.Manifest, error) {
+	digest, err := claircore.ParseDigest(fmt.Sprintf("sha256:%s", strings.Repeat("0", 64)))
+	if err != nil {
+		return nil, err
+	}
 
 	desc := &claircore.LayerDescription{
 		Digest:    fmt.Sprintf("sha256:%s", strings.Repeat("1", 64)),
-		URI:       "file://" + i.rootDir,
+		URI:       "file://" + rootDir,
 		MediaType: "application/vnd.claircore.filesystem",
 	}
 
 	l := &claircore.Layer{}
-	err := l.Init(ctx, desc, nil)
-
+	err = l.Init(ctx, desc, nil)
 	if err != nil {
 		return nil, err
 	}
-
 	l.Close()
 
-	layers = append(layers, l)
-
-	return layers, nil
-}
-
-func (i *fileSystemImage) GetManifest(ctx context.Context) (*claircore.Manifest, error) {
-	digest, err := claircore.ParseDigest(fmt.Sprintf("sha256:%s", strings.Repeat("0", 64)))
-	if err != nil {
-		return nil, err
-	}
-
-	layers, err := i.getLayers(ctx)
-	if err != nil {
-		return nil, err
-	}
-
 	return &claircore.Manifest{
 		Hash:   digest,
-		Layers: layers,
+		Layers: []*claircore.Layer{l},
 	}, nil
 }