Fix invalid Clair V2 post layer requests

Instead of filtering the empty layers when getting the layer, we do it before posting the layer.
genuinetools · Mar 5, 2019 · 7e1d6a0 · 7e1d6a0
1 parent d959057
commit 7e1d6a0
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 23 deletions.
diff --git a/clair/layerutil.go b/clair/layerutil.go
@@ -53,7 +53,7 @@ func (c *Clair) NewClairV3Layer(ctx context.Context, r *registry.Registry, image
 	}, nil
 }
 
-func (c *Clair) getLayers(ctx context.Context, r *registry.Registry, repo, tag string, filterEmpty bool) (map[int]distribution.Descriptor, string, error) {
+func (c *Clair) getLayers(ctx context.Context, r *registry.Registry, repo, tag string) (map[int]distribution.Descriptor, string, error) {
 	ok := true
 	// Get the manifest to pass to clair.
 	mf, err := r.ManifestV2(ctx, repo, tag)
@@ -67,11 +67,7 @@ func (c *Clair) getLayers(ctx context.Context, r *registry.Registry, repo, tag s
 	// Filter out the empty layers.
 	if ok {
 		for i := 0; i < len(mf.Layers); i++ {
-			if filterEmpty && IsEmptyLayer(mf.Layers[i].Digest) {
-				continue
-			} else {
-				filteredLayers[len(mf.Layers)-i-1] = mf.Layers[i]
-			}
+			filteredLayers[len(mf.Layers)-i-1] = mf.Layers[i]
 		}
 
 		return filteredLayers, mf.Config.Digest.String(), nil
@@ -83,12 +79,8 @@ func (c *Clair) getLayers(ctx context.Context, r *registry.Registry, repo, tag s
 	}
 
 	for i := 0; i < len(m.FSLayers); i++ {
-		if filterEmpty && IsEmptyLayer(m.FSLayers[i].BlobSum) {
-			continue
-		} else {
-			filteredLayers[i] = distribution.Descriptor{
-				Digest: m.FSLayers[i].BlobSum,
-			}
+		filteredLayers[i] = distribution.Descriptor{
+			Digest: m.FSLayers[i].BlobSum,
 		}
 	}
 

diff --git a/clair/vulns.go b/clair/vulns.go
@@ -20,19 +20,19 @@ func (c *Clair) Vulnerabilities(ctx context.Context, r *registry.Registry, repo,
 		VulnsBySeverity: make(map[string][]Vulnerability),
 	}
 
-	filteredLayers, _, err := c.getLayers(ctx, r, repo, tag, true)
+	layers, _, err := c.getLayers(ctx, r, repo, tag)
 	if err != nil {
-		return report, fmt.Errorf("getting filtered layers failed: %v", err)
+		return report, fmt.Errorf("getting layers failed: %v", err)
 	}
 
-	if len(filteredLayers) == 0 {
-		fmt.Printf("No need to analyse image %s:%s as there is no non-emtpy layer", repo, tag)
-		return report, nil
-	}
+	lastPostedLayer := ""
+	for i := len(layers) - 1; i >= 0; i-- {
+		if IsEmptyLayer(layers[i].Digest) {
+			continue
+		}
 
-	for i := len(filteredLayers) - 1; i >= 0; i-- {
 		// Form the clair layer.
-		l, err := c.NewClairLayer(ctx, r, repo, filteredLayers, i)
+		l, err := c.NewClairLayer(ctx, r, repo, layers, i)
 		if err != nil {
 			return report, err
 		}
@@ -41,11 +41,17 @@ func (c *Clair) Vulnerabilities(ctx context.Context, r *registry.Registry, repo,
 		if _, err := c.PostLayer(ctx, l); err != nil {
 			return report, err
 		}
+
+		lastPostedLayer = l.Name
 	}
 
-	report.Name = filteredLayers[0].Digest.String()
+	if lastPostedLayer == "" {
+		fmt.Printf("No need to analyse image %s:%s as there is no non-emtpy layer", repo, tag)
+		return report, nil
+	}
 
-	vl, err := c.GetLayer(ctx, filteredLayers[0].Digest.String(), true, true)
+	report.Name = lastPostedLayer
+	vl, err := c.GetLayer(ctx, lastPostedLayer, true, true)
 	if err != nil {
 		return report, err
 	}
@@ -86,7 +92,7 @@ func (c *Clair) VulnerabilitiesV3(ctx context.Context, r *registry.Registry, rep
 		VulnsBySeverity: make(map[string][]Vulnerability),
 	}
 
-	layers, reportName, err := c.getLayers(ctx, r, repo, tag, false)
+	layers, reportName, err := c.getLayers(ctx, r, repo, tag)
 	if err != nil {
 		return report, fmt.Errorf("getting filtered layers failed: %v", err)
 	}