feat: increase tool flexibility for container static analysis

Increase the tool flexibility allowing the user choose a location on disk with the best storage characteristics for storage images during the static analysis process.
Mattlk13 · Jul 21, 2020 · 416289a · 416289a
1 parent 66bfc2f
commit 416289a
Show file tree

Hide file tree

Showing 5 changed files with 120 additions and 1 deletion.
diff --git a/package.json b/package.json
@@ -76,7 +76,7 @@
     "proxy-from-env": "^1.0.0",
     "semver": "^6.0.0",
     "snyk-config": "3.1.0",
-    "snyk-docker-plugin": "3.13.1",
+    "snyk-docker-plugin": "3.16.0",
     "snyk-go-plugin": "1.16.0",
     "snyk-gradle-plugin": "3.5.1",
     "snyk-module": "3.1.0",

diff --git a/src/cli/args.ts b/src/cli/args.ts
@@ -7,6 +7,7 @@ import {
   SupportedCliCommands,
   SupportedUserReachableFacingCliArgs,
 } from '../lib/types';
+import { getContainerImageSavePath } from '../lib/container';
 
 export declare interface Global extends NodeJS.Global {
   ignoreUnknownCA: boolean;
@@ -161,6 +162,13 @@ export function args(rawArgv: string[]): Args {
     argv._.push(command);
   }
 
+  // TODO: Once experimental flag became default this block should be
+  // moved to inside the parseModes function for container mode
+  const imageSavePath = getContainerImageSavePath();
+  if (imageSavePath) {
+    argv['imageSavePath'] = imageSavePath;
+  }
+
   const commands: SupportedCliCommands[] = [
     'protect',
     'test',

diff --git a/src/lib/container/index.ts b/src/lib/container/index.ts
@@ -1,5 +1,9 @@
 import { ScannedProject } from '@snyk/cli-interface/legacy/common';
 import { MonitorMeta } from '../types';
+import { config as userConfig } from '../user-config';
+
+export const IMAGE_SAVE_PATH_OPT = 'imageSavePath';
+export const IMAGE_SAVE_PATH_ENV_VAR = 'SNYK_IMAGE_SAVE_PATH';
 
 export function isContainer(scannedProject: ScannedProject): boolean {
   return scannedProject.meta?.imageName?.length;
@@ -38,3 +42,11 @@ export function getContainerProjectName(
   }
   return name;
 }
+
+export function getContainerImageSavePath(): string | undefined {
+  return (
+    process.env[IMAGE_SAVE_PATH_ENV_VAR] ||
+    userConfig.get(IMAGE_SAVE_PATH_OPT) ||
+    undefined
+  );
+}
diff --git a/test/args.test.ts b/test/args.test.ts
@@ -1,5 +1,6 @@
 import { test } from 'tap';
 import { args } from '../src/cli/args';
+import { config as userConfig } from '../src/lib/user-config';
 
 test('test command line arguments', (t) => {
   const cliArgs = [
@@ -190,6 +191,68 @@ test('test command line "container protect"', (t) => {
   t.end();
 });
 
+test('when command line "container"', (c) => {
+  c.test('set option imageSavePath via config set', (t) => {
+    delete process.env['SNYK_IMAGE_SAVE_PATH'];
+    userConfig.set('imageSavePath', './my/custom/image/save/path');
+    const cliArgs = [
+      '/Users/dror/.nvm/versions/node/v6.9.2/bin/node',
+      '/Users/dror/work/snyk/snyk-internal/cli',
+      'container',
+      'test',
+    ];
+
+    const result = args(cliArgs);
+
+    t.equal(
+      result.options.imageSavePath,
+      './my/custom/image/save/path',
+      'the custom path should be assigned with path',
+    );
+    userConfig.delete('imageSavePath');
+    t.end();
+  });
+
+  c.test('set option imageSavePath via env var', (t) => {
+    process.env['SNYK_IMAGE_SAVE_PATH'] = './my/custom/image/save/path';
+    const cliArgs = [
+      '/Users/dror/.nvm/versions/node/v6.9.2/bin/node',
+      '/Users/dror/work/snyk/snyk-internal/cli',
+      'container',
+      'test',
+    ];
+
+    const result = args(cliArgs);
+
+    t.equal(
+      result.options.imageSavePath,
+      './my/custom/image/save/path',
+      'the custom path should be assigned with path',
+    );
+    delete process.env['SNYK_IMAGE_SAVE_PATH'];
+    t.end();
+  });
+
+  c.test('does not set option imageSavePath', (t) => {
+    delete process.env['SNYK_IMAGE_SAVE_PATH'];
+    const cliArgs = [
+      '/Users/dror/.nvm/versions/node/v6.9.2/bin/node',
+      '/Users/dror/work/snyk/snyk-internal/cli',
+      'container',
+      'test',
+    ];
+
+    const result = args(cliArgs);
+
+    t.notOk(
+      result.options.imageSavePath,
+      'the custom path should not be assigned',
+    );
+    t.end();
+  });
+  c.end();
+});
+
 test('test command line "container" should display help for mode', (t) => {
   const cliArgs = [
     '/Users/dror/.nvm/versions/node/v6.9.2/bin/node',

diff --git a/test/container.test.ts b/test/container.test.ts
@@ -2,6 +2,7 @@ import { test } from 'tap';
 import * as container from '../src/lib/container';
 import { ScannedProject } from '@snyk/cli-interface/legacy/common';
 import { MonitorMeta } from '../src/lib/types';
+import { config as userConfig } from '../src/lib/user-config';
 
 const stubScannedProjectContainer = () => {
   return {
@@ -139,3 +140,38 @@ test('getContainerProjectName returns --project-name opt name when container pro
   );
   t.equal(res, 'override-name-my-project');
 });
+
+test('getContainerImageSavePath return path via config set', (t) => {
+  t.plan(1);
+  userConfig.set(container.IMAGE_SAVE_PATH_OPT, './my/custom/path');
+
+  const customPath = container.getContainerImageSavePath();
+
+  t.equal(
+    customPath,
+    './my/custom/path',
+    'returns the image save path from config',
+  );
+  userConfig.delete(container.IMAGE_SAVE_PATH_OPT);
+});
+
+test('getContainerImageSavePath return path via env var', (t) => {
+  t.plan(1);
+  process.env[container.IMAGE_SAVE_PATH_ENV_VAR] = './my/custom/path';
+
+  const customPath = container.getContainerImageSavePath();
+
+  t.equal(
+    customPath,
+    './my/custom/path',
+    'returns the image save path from env var',
+  );
+  delete process.env[container.IMAGE_SAVE_PATH_ENV_VAR];
+});
+
+test('getContainerImageSavePath does not return path', (t) => {
+  t.plan(1);
+  const customPath = container.getContainerImageSavePath();
+
+  t.notOk(customPath, 'does not returns a path');
+});