.dZddlmZddlmZddlmZddlZddlmZddl m Z ddl m Z dd l m Zdd lmZdd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddlZdZdZdZ dZ!dZ"dZ#e jHe jJe jLjNGdde jPZ)e jJe jLjTGdde)Z+GddejXZ(y)z8Scan a container image using the On-Demand Scanning API.)absolute_import)division)unicode_literalsN)util)base)flags)ondemandscanning_util)binary_operations) arg_utils)log) properties)progress_tracker) local_state)update_manager) platformszScanning container imagez@Locally extracting packages and versions from {} container imagez5Remotely initiating analysis of packages and versionsz*Waiting for analysis operation to completezExtraction failed: image extraction was either stopped or crashed (possibly due to a lack of available memory) with exit code {exit_code}z9Extraction failed: unknown error (exit code: {exit_code})cBeZdZdZdddZedZdZdZdZ d Z y ) ScanBeta[Perform a vulnerability scan on a container image. You can scan a container image in a Google Cloud registry (Artifact Registry or Container Registry), or a local container image. Reference an image by tag or digest using any of the formats: Artifact Registry: LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY-ID/IMAGE[:tag] LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY-ID/IMAGE@sha256:digest Container Registry: [LOCATION.]gcr.io/PROJECT-ID/REPOSITORY-ID/IMAGE[:tag] [LOCATION.]gcr.io/PROJECT-ID/REPOSITORY-ID/IMAGE@sha256:digest Local: IMAGE[:tag] z {description}a  Start a scan of a container image stored in Artifact Registry: $ {command} us-west1-docker.pkg.dev/my-project/my-repository/busy-box@sha256:abcxyz --remote Start a scan of a container image stored in the Container Registry, and perform the analysis in Europe: $ {command} eu.gcr.io/my-project/my-repository/my-image:latest --remote --location=europe Start a scan of a container image stored locally, and perform the analysis in Asia: $ {command} ubuntu:latest --location=asia ) DESCRIPTIONEXAMPLEScrtjj|tjj|tjj|tj j|tj j|tjj|tjj|tjj|tjj|y)N) rGetResourceURIArg AddToParser GetRemoteFlag%GetOnDemandScanningFakeExtractionFlagGetOnDemandScanningLocationFlagGetAdditionalPackageTypesFlagGetExperimentalPackageTypesFlagGetSkipPackageTypesFlagGetVerboseErrorsFlagr ASYNC_FLAG)parsers +lib/surface/artifacts/docker/images/scan.pyArgsz ScanBeta.Args^s ))&1 %%f- //1==fE ))+77? '')55f= ))+77? !!#//7  ,,V4OO'c <tjjrtjd t j jdgt}tjtj|j rdnddtjt"dg}|j$s|tjt&dgz }|j)}tj*t,| 5}|j/d||j0|j |j2|j4|j6|j8|j: }|j<rd }|j>rHd jA|j>jCDcgc]}|jEd r|c}}|sP|j<dkr!tFj|j<}n tHj|j<}|jKdtjL| d d d y g} tOjP|jRD]i} |jU| d| d| d} d| vr2tWjX| d|jTjZ| _.d| vr | d| _/| | gz } k|jad|j/d|jc|| } |jadd } |j$s^|j/d|jeddj| jf|ji| } |jadd d d |j$r:tjjljodj jf| S S#t j$rtj$rYwxYwcc}w#1swYxYw)a1Runs local extraction then calls ODS with the results. Args: args: an argparse namespace. All the arguments that were provided to this command invocation. Returns: AnalyzePackages operation. Raises: UnsupportedOS: when the command is run on a Windows machine. z.On-Demand Scanning is not supported on Windows local-extractremotelocalextract)keyrpcpoll)stages) resource_urir(fake_extractionadditional_package_typesexperimental_package_typesskip_package_typesverbose_errorsN zExtraction failedr) exit_codepackageversioncpe_uri)r7r8cpeUri package_type hash_digestz[{}]z Check operation [{}] for status.)8rOperatingSystem IsWindowsods_util UnsupportedOSr UpdateManagerEnsureInstalledAndRestartMissingRequiredComponentsErrorrInvalidSDKRootErrorCommandrStageEXTRACT_MESSAGEformatr( RPC_MESSAGEasync_ POLL_MESSAGE GetMessagesStagedProgressTracker SCAN_MESSAGE StartStage RESOURCE_URIr0r1r2r3r4r6stderrjoin splitlines startswith EXTRACTION_KILLED_ERROR_TEMPLATE!UNKNOWN_EXTRACTION_ERROR_TEMPLATE FailStageExtractionFailedErrorjsonloadsstdout PackageDatar ChoiceToEnumPackageTypeValueValuesEnum packageType hashDigest CompleteStageAnalyzePackages UpdateStagenameWaitForOperationr statusPrint)selfargscmdr.messagestrackeroperation_resultextraction_errorlinepkgspkgpkg_dataopresponses r#Runz ScanBeta.Runjs  **,  " " : <<  ""<(  S !*!7!7.!""=="?(  C  #M 2(   5I&   d +b E"h [[6"FFMM"''$:;((,f%{ %~ {{ jj9@@IJ i OA  8 8   * *   P( % % %s8 O B(P0P A?PD>P &P  P  PPctjtjjj j d|j|j|SNT)required) api_utilAnalyzePackagesBetar VALUEScoreprojectGetlocationrPrhrirps r#rbzScanBeta.AnalyzePackagessK  ' '&&**D*9    r%c,tjdSNv1beta1ryrLrhs r#rLzScanBeta.GetMessagess    **r%c.tj|dSrr?rerhrss r#rezScanBeta.WaitForOperations  $ $R 33r%N) __name__ __module__ __qualname____doc__ detailed_help staticmethodr$rurbrLrer%r#rr5sB*   -& ( (xt+4r%rc"eZdZdZdZdZdZy)ScanGArctjtjjj j d|j|j|Srw) ryAnalyzePackagesGAr r{r|r}r~rrPrs r#rbzScanGA.AnalyzePackagessK  % %&&**D*9    r%c,tjdSNv1rrs r#rLzScanGA.GetMessagess    %%r%c.tj|dSrrrs r#rezScanGA.WaitForOperations  $ $R ..r%N)rrrrrbrLrerr%r#rrs&&/r%rc(eZdZdZfdZdZxZS)rEz"Wrapper for call to the Go binary.c 0tt| dddi|y)Nbinaryr'r)superrE__init__)rhkwargs __class__s r#rzCommand.__init__s '4!CCFCr%c d|zdtj|zdtj|zddjgdzg} g} |r| |z } |r| |z } | r6| jdtjdj| z|r6| jdtjdj|z|r'| jd tj|z| jd | S) Nz--resource_uri=z --remote=z--provide_fake_results=z --undefok=,)r1r3r4 use_scalibrz--additional_package_types=z--skip_package_types=z--verbose_errors=z --use_scalibr)six text_typerRappend) rhr/r(r0r1r2r3r4rri package_typess r#_ParseArgsForCommandzCommand._ParseArgsForCommands L(cmmF++!CMM/$BB  ((    D"M//m!11m kk/-- 789: kk !CMM#((;M2N$O O kk% n(EEFKK Kr%)rrrrrr __classcell__)rs@r#rErEs*D0r%rE)-r __future__rrrrY'googlecloudsdk.api_lib.ondemandscanningrrygooglecloudsdk.callioper$googlecloudsdk.command_lib.artifactsrr r?&googlecloudsdk.command_lib.util.anthosr $googlecloudsdk.command_lib.util.apisr googlecloudsdk.corer r googlecloudsdk.core.consolergooglecloudsdk.core.updaterrrgooglecloudsdk.core.utilrrrNrGrIrKrUrVDefaultUniverseOnly ReleaseTracks ReleaseTrackBETArErGArBinaryBackedOperationrr%r#rs?&' D(6RD:#*836. * %E ; ! @"D%%**+x4t||x4,x4vD%%(()/X/*/D6556r%