fix(container-pull): fix issue with artifactory incorrect tags + add …

…version info (#307) This PR fixes a current issue affecting Artifactory registries and multi-arch images in which the digest of the images are being displayed as tags. However, this poses a problem become the digest is not a valid tag format. A recent CVE exposed this and now tools such as Skopeo and Podman have patched this which is causing the listing tag issue with Artifactory. Also added a better way to get the version of the script currently being used.
CrowdStrike · Jun 5, 2024 · 1993933 · 1993933
1 parent 8757c92
commit 1993933
Showing 1 changed file with 11 additions and 44 deletions.
diff --git a/bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh b/bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh
@@ -6,8 +6,11 @@ Description: Bash script to copy Falcon DaemonSet Sensor, Container Sensor, Kube
 
 set -e
 
+VERSION="1.4.1"
+
 usage() {
     echo "usage: $0
+version: $VERSION
 
 Required Flags:
     -u, --client-id <FALCON_CLIENT_ID>             Falcon API OAUTH Client ID
@@ -219,49 +222,13 @@ curl_command() {
     fi
 }
 
-# Formats tags into a JSON array (Podman/Skopeo Only)
-format_tags_to_json() {
-    local raw_tags=$1
-
-    tags_json=$(
-        echo "$raw_tags" |
-            sed -n '/"Tags": \[/,/\]/p' |
-            sed '1d;$d' |
-            tr -d ' ,' |
-            awk 'ORS=", "' |
-            sed 's/, $/\n/' |
-            sed 's/^/"tags" : [ /;s/$/ ]/'
-    )
-    # The output should mimic the same format as the Docker (curl) output
-    echo "{
-  \"name\": \"${IMAGE_NAME}\",
-  ${tags_json}
-}"
-}
-
 fetch_tags() {
-    local container_tool=$1
-
-    case "${container_tool}" in
-        *podman)
-            podman_tags=$($container_tool image search --list-tags --format json --limit 100 "$cs_registry/$registry_opts/$repository_name")
-            format_tags_to_json "$podman_tags"
-            ;;
-        *docker)
-            registry_bearer=$(echo "-u $ART_USERNAME:$ART_PASSWORD" |
-                curl -s -L "https://$cs_registry/v2/token?=$ART_USERNAME&scope=repository:$registry_opts/$repository_name:pull&service=registry.crowdstrike.com" -K- |
-                json_value "token" |
-                sed 's/ *$//g' | sed 's/^ *//g')
-            curl_command "$registry_bearer" "https://$cs_registry/v2/$registry_opts/$repository_name/tags/list"
-            ;;
-        *skopeo)
-            skopeo_tags=$($container_tool list-tags "docker://$cs_registry/$registry_opts/$repository_name")
-            format_tags_to_json "$skopeo_tags"
-            ;;
-        *)
-            die "Unrecognized option: ${container_tool}"
-            ;;
-    esac
+    # Fetches tags from the CrowdStrike registry
+    registry_bearer=$(echo "-u $ART_USERNAME:$ART_PASSWORD" |
+        curl -s -L "https://$cs_registry/v2/token?=$ART_USERNAME&scope=repository:$registry_opts/$repository_name:pull&service=registry.crowdstrike.com" -K- |
+        json_value "token" |
+        sed 's/ *$//g' | sed 's/^ *//g')
+    curl_command "$registry_bearer" "https://$cs_registry/v2/$registry_opts/$repository_name/tags/list"
 }
 
 format_tags() {
@@ -309,7 +276,7 @@ print_formatted_tags() {
 }
 
 list_tags() {
-    all_tags=$(fetch_tags "${CONTAINER_TOOL}")
+    all_tags=$(fetch_tags)
     formatted_tags=$(format_tags "$all_tags")
 
     print_formatted_tags "$formatted_tags"
@@ -459,7 +426,7 @@ cs_falcon_oauth_token=$(
     token_result=$(echo "client_id=$FALCON_CLIENT_ID&client_secret=$FALCON_CLIENT_SECRET" |
         curl -X POST -s -L "https://$(cs_cloud)/oauth2/token" \
             -H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \
-            -H 'User-Agent: crowdstrike-falcon-scripts/1.4.1' \
+            -H "User-Agent: crowdstrike-falcon-script/$VERSION" \
             --dump-header "$response_headers" \
             --data @-)
     token=$(echo "$token_result" | json_value "access_token" | sed 's/ *$//g' | sed 's/^ *//g')