From 95be17bcaf6a644bec8557d24e1c56643804fc51 Mon Sep 17 00:00:00 2001 From: Christian Zunker Date: Mon, 18 Sep 2023 15:47:39 +0200 Subject: [PATCH 1/3] =?UTF-8?q?=F0=9F=90=9B=20Prevent=20k8s=20scan=20panic?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When scanning k8s with container image discovery, it paniced. That happened because asset data was missing. Fixes #1749 Signed-off-by: Christian Zunker --- explorer/scan/local_scanner.go | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/explorer/scan/local_scanner.go b/explorer/scan/local_scanner.go index 87b979f577..3f75b7fce8 100644 --- a/explorer/scan/local_scanner.go +++ b/explorer/scan/local_scanner.go @@ -188,15 +188,11 @@ func (s *LocalScanner) distributeJob(job *Job, ctx context.Context, upstream *up log.Error().Err(err).Msg("unable to connect to asset") continue } - inventorySpec := runtime.Provider.Connection - if inventorySpec.Inventory != nil && - inventorySpec.Inventory.Spec != nil && - inventorySpec.Inventory.Spec.Assets != nil { - log.Debug().Msgf("adding %d discovered asset(s)", len(runtime.Provider.Connection.Inventory.Spec.Assets)) - assetCandidates = append(assetCandidates, inventorySpec.Inventory.Spec.Assets...) - } else { - assetCandidates = append(assetCandidates, runtime.Provider.Connection.Asset) + processedAssets, err := providers.ProcessAssetCandidates(runtime, runtime.Provider.Connection, upstream, "") + if err != nil { + return nil, false, err } + assetCandidates = append(assetCandidates, processedAssets...) // TODO: we want to keep better track of errors, since there may be // multiple assets coming in. It's annoying to abort the scan if we get one // error at this stage. @@ -239,7 +235,12 @@ func (s *LocalScanner) distributeJob(job *Job, ctx context.Context, upstream *up justAssets := []*inventory.Asset{} for _, asset := range assets { - asset.asset.KindString = asset.asset.GetPlatform().Kind + if asset.asset.GetPlatform() != nil { + asset.asset.KindString = asset.asset.GetPlatform().Kind + } else { + asset.asset = asset.runtime.Provider.Connection.Asset + asset.asset.KindString = asset.runtime.Provider.Connection.Asset.Platform.Kind + } justAssets = append(justAssets, asset.asset) } From cb535f18a815b3748754d37e5d6c8aa5fad55216 Mon Sep 17 00:00:00 2001 From: Christian Zunker Date: Tue, 19 Sep 2023 10:28:30 +0200 Subject: [PATCH 2/3] Prevent AWS from taking over the images Signed-off-by: Christian Zunker --- providers/aws/provider/provider.go | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/providers/aws/provider/provider.go b/providers/aws/provider/provider.go index f900f26ff3..af3a938c24 100644 --- a/providers/aws/provider/provider.go +++ b/providers/aws/provider/provider.go @@ -13,16 +13,12 @@ import ( "go.mondoo.com/cnquery/providers-sdk/v1/upstream" "go.mondoo.com/cnquery/providers/aws/connection" "go.mondoo.com/cnquery/providers/aws/resources" - osconnection "go.mondoo.com/cnquery/providers/os/connection" "go.mondoo.com/cnquery/providers/os/connection/shared" - "go.mondoo.com/cnquery/providers/os/detector" ) const ( - defaultConnection uint32 = 1 - DefaultConnectionType = "aws" - SshConnectionType = "ssh" - RegistryImageConnectionType = "registry-image" + defaultConnection uint32 = 1 + DefaultConnectionType = "aws" ) type Service struct { @@ -134,20 +130,9 @@ func (s *Service) connect(req *plugin.ConnectReq, callback plugin.ProviderCallba var err error switch conf.Type { - case SshConnectionType: - s.lastConnectionID++ - conn, err = osconnection.NewSshConnection(s.lastConnectionID, conf, asset) - if pf, ok := detector.DetectOS(conn); ok { - conn.Asset().Platform = pf - } - - case RegistryImageConnectionType: - s.lastConnectionID++ - conn, err = osconnection.NewContainerRegistryImage(s.lastConnectionID, conf, asset) default: s.lastConnectionID++ conn, err = connection.NewAwsConnection(s.lastConnectionID, asset, conf) - } if err != nil { return nil, err From 0d823c7173cf4b0bbfa52d86cd364e1c488d90c4 Mon Sep 17 00:00:00 2001 From: Christian Zunker Date: Tue, 19 Sep 2023 10:33:29 +0200 Subject: [PATCH 3/3] Remove left-over from first try Signed-off-by: Christian Zunker --- explorer/scan/local_scanner.go | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/explorer/scan/local_scanner.go b/explorer/scan/local_scanner.go index 3f75b7fce8..942548abe9 100644 --- a/explorer/scan/local_scanner.go +++ b/explorer/scan/local_scanner.go @@ -235,12 +235,7 @@ func (s *LocalScanner) distributeJob(job *Job, ctx context.Context, upstream *up justAssets := []*inventory.Asset{} for _, asset := range assets { - if asset.asset.GetPlatform() != nil { - asset.asset.KindString = asset.asset.GetPlatform().Kind - } else { - asset.asset = asset.runtime.Provider.Connection.Asset - asset.asset.KindString = asset.runtime.Provider.Connection.Asset.Platform.Kind - } + asset.asset.KindString = asset.asset.GetPlatform().Kind justAssets = append(justAssets, asset.asset) }