2017-06-28 11:50:52 +00:00
|
|
|
import logging.config
|
|
|
|
import time
|
|
|
|
|
|
|
|
import features
|
|
|
|
|
|
|
|
from app import app, secscan_api
|
|
|
|
from workers.worker import Worker
|
|
|
|
from workers.securityworker import index_images
|
|
|
|
from util.secscan.api import SecurityConfigValidator
|
|
|
|
from util.secscan.analyzer import LayerAnalyzer
|
|
|
|
from util.log import logfile_path
|
|
|
|
from endpoints.v2 import v2_bp
|
|
|
|
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
DEFAULT_INDEXING_INTERVAL = 30
|
|
|
|
|
2017-06-29 06:43:04 +00:00
|
|
|
|
2017-06-28 11:50:52 +00:00
|
|
|
class SecurityWorker(Worker):
|
|
|
|
def __init__(self):
|
|
|
|
super(SecurityWorker, self).__init__()
|
2018-05-29 17:50:51 +00:00
|
|
|
validator = SecurityConfigValidator(app.config.get('FEATURE_SECURITY_SCANNER', False), app.config.get('SECURITY_SCANNER_ENDPOINT'))
|
2017-06-28 11:50:52 +00:00
|
|
|
if not validator.valid():
|
|
|
|
logger.warning('Failed to validate security scan configuration')
|
|
|
|
return
|
|
|
|
|
|
|
|
self._target_version = app.config.get('SECURITY_SCANNER_ENGINE_VERSION_TARGET', 3)
|
|
|
|
self._analyzer = LayerAnalyzer(app.config, secscan_api)
|
|
|
|
self._next_token = None
|
|
|
|
|
|
|
|
interval = app.config.get('SECURITY_SCANNER_INDEXING_INTERVAL', DEFAULT_INDEXING_INTERVAL)
|
|
|
|
self.add_operation(self._index_images, interval)
|
|
|
|
|
|
|
|
def _index_images(self):
|
|
|
|
self._next_token = index_images(self._target_version, self._analyzer, self._next_token)
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
app.register_blueprint(v2_bp, url_prefix='/v2')
|
|
|
|
|
|
|
|
if not features.SECURITY_SCANNER:
|
|
|
|
logger.debug('Security scanner disabled; skipping SecurityWorker')
|
|
|
|
while True:
|
|
|
|
time.sleep(100000)
|
|
|
|
|
2017-08-24 18:25:51 +00:00
|
|
|
logging.config.fileConfig(logfile_path(debug=False), disable_existing_loggers=False)
|
2017-06-28 11:50:52 +00:00
|
|
|
worker = SecurityWorker()
|
|
|
|
worker.start()
|