fix: Prefer local over remote Docker images

When invoking a native Capella installation via Docker, `capellambse` did always pull the image from a remote environment. This has two disadvantages: - It's not possible to work with local images which don't exist in a remote registry. - It's vulnarable to dependency confusion since attackers could upload a vulnarable Docker image with the same name as the local image to DockerHub. The new behviour is: `capellambse` checks if the image exists locally. If it exists, continue with the local image. Otherwise, pull it from the remote. This also matches the behaviour when using the `docker run` CLI.
DSD-DBS · Jun 6, 2024 · c39ac22 · c39ac22
1 parent 3b92f5c
commit c39ac22
Showing 1 changed file with 20 additions and 1 deletion.
diff --git a/capellambse/_native.py b/capellambse/_native.py
@@ -208,7 +208,8 @@ def __call__(
 
     def get_metadata(self) -> tuple[str, list[str]]:
         """Find the username and entrypoint of the Docker image."""
-        subprocess.run(["docker", "pull", self.image], check=True)
+        if not self.does_image_exist():
+            subprocess.run(["docker", "pull", self.image], check=True)
         proc = subprocess.run(
             ["docker", "inspect", self.image],
             check=True,
@@ -324,3 +325,21 @@ def copy_files_from_container(
                 f"{destination}",
             ],
         )
+
+    def does_image_exist(self) -> bool:
+        """Check if the Docker image exists locally on the system."""
+        try:
+            result = subprocess.run(
+                ["docker", "images", "-q", self.image],
+                capture_output=True,
+                check=True,
+            )
+        except subprocess.CalledProcessError as err:
+            _LOGGER.error(
+                "Docker command failed:\n%s",
+                err.stdout,
+            )
+
+        if result.stdout == b"":
+            return False
+        return True