Merge pull request #115 from docker/warn-old-snyk-version

silvin-lubecki · web-flow · commit c98e6def4374 · 2020-09-07T16:08:09.000+02:00
Check and warn for old snyk version installed
diff --git a/Dockerfile b/Dockerfile
@@ -117,8 +117,6 @@ FROM docker:${CLI_VERSION} AS cli
 # DOWNLOAD
 ####
 FROM golang:${GO_VERSION} AS download
-ARG SNYK_DESKTOP_VERSION=1.332.0
-ARG SNYK_USER_VERSION=1.334.0
 COPY builder.Makefile vars.mk ./
 RUN make -f builder.Makefile download
 
@@ -128,14 +126,8 @@ RUN make -f builder.Makefile download
 FROM builder AS e2e
 ARG TARGETOS
 ARG TARGETARCH
-ARG SNYK_DESKTOP_VERSION=1.332.0
-ENV SNYK_DESKTOP_VERSION=${SNYK_DESKTOP_VERSION}
-ARG SNYK_USER_VERSION=1.334.0
-ENV SNYK_USER_VERSION=${SNYK_USER_VERSION}
 ARG TAG_NAME
 ENV TAG_NAME=$TAG_NAME
-ENV SNYK_USER_PATH="/root/e2e"
-ENV SNYK_DESKTOP_PATH="/root/.docker/scan"
 ENV DOCKER_CONFIG="/root/.docker"
 
 # install snyk binaries
diff --git a/Makefile b/Makefile
@@ -14,9 +14,7 @@
 include vars.mk
 export DOCKER_BUILDKIT=1
 
-BUILD_ARGS := --build-arg SNYK_DESKTOP_VERSION=$(SNYK_DESKTOP_VERSION)\
-	--build-arg SNYK_USER_VERSION=$(SNYK_USER_VERSION)\
-	--build-arg GO_VERSION=$(GO_VERSION)\
+BUILD_ARGS := --build-arg GO_VERSION=$(GO_VERSION)\
 	--build-arg CLI_VERSION=$(CLI_VERSION)\
 	--build-arg ALPINE_VERSION=$(ALPINE_VERSION)\
 	--build-arg GOLANGCI_LINT_VERSION=$(GOLANGCI_LINT_VERSION) \
diff --git a/builder.Makefile b/builder.Makefile
@@ -36,6 +36,7 @@ endif
 VARS:= SNYK_DESKTOP_VERSION=${SNYK_DESKTOP_VERSION}\
 	SNYK_USER_VERSION=${SNYK_USER_VERSION}\
 	DOCKER_CONFIG=$(PWD)/docker-config\
+	SNYK_OLD_PATH=$(PWD)/docker-config/snyk-old\
 	SNYK_USER_PATH=$(PWD)/docker-config/snyk-user\
 	SNYK_DESKTOP_PATH=$(PWD)/docker-config/snyk-desktop
 
@@ -72,6 +73,10 @@ download:
 	curl https://github.com/snyk/snyk/releases/download/v${SNYK_USER_VERSION}/${SNYK_DOWNLOAD_NAME} -L -s -S -o docker-config/snyk-user/${SNYK_BINARY}
 	chmod +x docker-config/snyk-user/${SNYK_BINARY}
 
+	mkdir -p docker-config/snyk-old
+	curl https://github.com/snyk/snyk/releases/download/v${SNYK_OLD_VERSION}/${SNYK_DOWNLOAD_NAME} -L -s -S -o docker-config/snyk-old/${SNYK_BINARY}
+	chmod +x docker-config/snyk-old/${SNYK_BINARY}
+
 	mkdir -p docker-config/snyk-desktop
 	curl https://github.com/snyk/snyk/releases/download/v${SNYK_DESKTOP_VERSION}/${SNYK_DOWNLOAD_NAME} -L -s -S -o docker-config/snyk-desktop/${SNYK_BINARY}
 	chmod +x docker-config/snyk-desktop/${SNYK_BINARY}
diff --git a/e2e/auth_test.go b/e2e/auth_test.go
@@ -31,7 +31,7 @@ import (
 func TestSnykAuthentication(t *testing.T) {
 	// Add snyk binary to the path
 	path := os.Getenv("PATH")
-	defer env.Patch(t, "PATH", fmt.Sprintf(pathFormat(), os.Getenv("SNYK_USER_PATH"), path))()
+	defer env.Patch(t, "PATH", fmt.Sprintf(pathFormat(), os.Getenv("SNYK_DESKTOP_PATH"), path))()
 
 	// create Snyk config file with empty token
 	homeDir, cleanFunction := createSnykConfFile(t, "")
diff --git a/e2e/version_test.go b/e2e/version_test.go
@@ -50,6 +50,30 @@ Provider:   %s
 	assert.Equal(t, output, expected)
 }
 
+func TestVersionSnykOldBinary(t *testing.T) {
+	// Add old snyk binary to the $PATH
+	path := os.Getenv("PATH")
+	defer env.Patch(t, "PATH", fmt.Sprintf(pathFormat(), os.Getenv("SNYK_OLD_PATH"), path))()
+
+	cmd, configDir, cleanup := dockerCli.createTestCmd()
+	defer cleanup()
+
+	createScanConfigFile(t, configDir)
+
+	// docker scan --version should fallback to desktop's Snyk binary and print a message on
+	// stderr stating that the user should upgrade Snyk.
+	cmd.Command = dockerCli.Command("scan", "--version")
+	output := icmd.RunCmd(cmd).Assert(t, icmd.Success).Combined()
+	expected := fmt.Sprintf(
+		`Version:    %s
+Git commit: %s
+Provider:   %s
+The Snyk version installed on your system does not match the docker scan requirements (>=1.385.0), using embedded Snyk version instead.
+`, internal.Version, internal.GitCommit, getProviderVersion("SNYK_DESKTOP_VERSION"))
+
+	assert.Equal(t, output, expected)
+}
+
 func TestVersionSnykDesktopBinary(t *testing.T) {
 	cmd, configDir, cleanup := dockerCli.createTestCmd()
 	defer cleanup()
diff --git a/go.mod b/go.mod
@@ -4,6 +4,7 @@ go 1.15
 
 require (
 	github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect
+	github.com/Masterminds/semver/v3 v3.1.0
 	github.com/Microsoft/hcsshim v0.8.9 // indirect
 	github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect
 	github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412 // indirect
diff --git a/go.sum b/go.sum
@@ -7,6 +7,8 @@ github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0=
 github.com/GeertJohan/go.rice v1.0.0/go.mod h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0=
+github.com/Masterminds/semver/v3 v3.1.0 h1:Y2lUDsFKVRSYGojLJ1yLxSXdMmMYTYls0rCvoqmMUQk=
+github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 h1:ygIc8M6trr62pF5DucadTWGdEB4mEyvzi0e2nbcmcyA=
 github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
 github.com/Microsoft/hcsshim v0.8.9 h1:VrfodqvztU8YSOvygU+DN1BGaSGxmrNfqOv5oOuX2Bk=
diff --git a/internal/provider/snyk.go b/internal/provider/snyk.go
@@ -27,6 +27,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/Masterminds/semver/v3"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/scan-cli-plugin/internal/authentication"
@@ -35,6 +36,10 @@ import (
 	"github.com/mitchellh/go-homedir"
 )
 
+const (
+	minimalSnykVersion = ">=1.385.0"
+)
+
 type snykProvider struct {
 	path    string
 	flags   []string
@@ -69,7 +74,7 @@ func WithContext(ctx context.Context) SnykProviderOps {
 // WithPath update the Snyk provider with the path from the configuration
 func WithPath(path string) SnykProviderOps {
 	return func(provider *snykProvider) error {
-		if p, err := exec.LookPath("snyk"); err == nil {
+		if p, err := exec.LookPath("snyk"); err == nil && checkUserSnykBinaryVersion(p) {
 			path = p
 		}
 		provider.path = path
@@ -221,3 +226,32 @@ func isAuthenticatedOnSnyk() (bool, error) {
 
 	return config.API != "", nil
 }
+
+func checkUserSnykBinaryVersion(path string) bool {
+	cmd := exec.Command(path, "--version")
+	buff := bytes.NewBuffer(nil)
+	cmd.Stdout = buff
+	cmd.Stderr = ioutil.Discard
+	if err := cmd.Run(); err != nil {
+		// an error occurred, so let's use the desktop binary
+		return false
+	}
+	ver, err := semver.NewVersion(cleanVersion(buff.String()))
+	if err != nil {
+		return false
+	}
+	constraint, err := semver.NewConstraint(minimalSnykVersion)
+	if err != nil {
+		return false
+	}
+	matchConstraint := constraint.Check(ver)
+	if !matchConstraint {
+		fmt.Fprintf(os.Stderr, "The Snyk version installed on your system does not match the docker scan requirements (%s), using embedded Snyk version instead.\n", minimalSnykVersion)
+	}
+	return matchConstraint
+}
+
+func cleanVersion(version string) string {
+	version = strings.TrimSpace(version)
+	return strings.Split(version, " ")[0]
+}
diff --git a/vars.mk b/vars.mk
@@ -1,6 +1,7 @@
 # Pinned Versions
-SNYK_DESKTOP_VERSION=1.383.1
-SNYK_USER_VERSION=1.382.1
+SNYK_DESKTOP_VERSION=1.385.0
+SNYK_USER_VERSION=1.385.1
+SNYK_OLD_VERSION=1.382.1
 GO_VERSION=1.15.0
 CLI_VERSION=19.03.9
 ALPINE_VERSION=3.12.0
