tiny fixes to securityworker
This commit is contained in:
Jimmy Zelinskie
parent
6415a3d070
commit
37ce84f6af
2 changed files with 31 additions and 20 deletions
|
|
@ -129,6 +129,7 @@ class SecurityWorker(Worker):
|
|||
self._keys = validator.keypair()
|
||||
|
||||
self.add_operation(self._index_images, INDEXING_INTERVAL)
|
||||
logger.warning('Failed to validate security scan configuration')
|
||||
|
||||
def _get_image_url(self, image):
|
||||
""" Gets the download URL for an image and if the storage doesn't exist,
|
||||
|
|
@ -149,9 +150,18 @@ class SecurityWorker(Worker):
|
|||
return None
|
||||
|
||||
uri = storage.get_direct_download_url(locations, path)
|
||||
# Local storage hack
|
||||
if uri is None:
|
||||
uri = path
|
||||
# Handle local storage
|
||||
local_storage_enabled = False
|
||||
for storage_type, _ in app.config.get('DISTRIBUTED_STORAGE_CONFIG', {}).values():
|
||||
if storage_type == 'LocalStorage':
|
||||
local_storage_enabled = True
|
||||
|
||||
if local_storage_enabled:
|
||||
uri = path
|
||||
else:
|
||||
logger.warning('Could not get image URL and local storage was not enabled')
|
||||
return None
|
||||
|
||||
return uri
|
||||
|
||||
|
|
@ -161,12 +171,13 @@ class SecurityWorker(Worker):
|
|||
return None
|
||||
|
||||
request = {
|
||||
'ID': image['docker_image_id']+'.'+image['storage_uuid'],
|
||||
'ID': '%s.%s' % (image['docker_image_id'], image['storage_uuid']),
|
||||
'Path': url,
|
||||
}
|
||||
|
||||
if image['parent_docker_image_id'] is not None and image['parent_storage_uuid'] is not None:
|
||||
request['ParentID'] = image['parent_docker_image_id']+'.'+image['parent_storage_uuid']
|
||||
request['ParentID'] = '%s.%s' % (image['parent_docker_image_id'],
|
||||
image['parent_storage_uuid'])
|
||||
|
||||
return request
|
||||
|
||||
|
|
@ -182,7 +193,7 @@ class SecurityWorker(Worker):
|
|||
httpResponse = requests.post(self._api + API_METHOD_INSERT, json=request,
|
||||
cert=self._keys, verify=self._cert)
|
||||
jsonResponse = httpResponse.json()
|
||||
except:
|
||||
except (requests.exceptions.RequestException, ValueError):
|
||||
logger.exception('An exception occurred when analyzing layer ID %s', request['ID'])
|
||||
return None
|
||||
|
||||
|
|
@ -245,18 +256,18 @@ class SecurityWorker(Worker):
|
|||
if not images:
|
||||
logger.debug('No more images left to analyze')
|
||||
return
|
||||
logger.debug('Found %d images to index' % len(images))
|
||||
logger.debug('Found %d images to index', len(images))
|
||||
|
||||
for image in images:
|
||||
sec_data = self._analyze_image(image)
|
||||
if sec_data is None:
|
||||
continue
|
||||
logger.debug('Got response vulnerabilities for layer %s: %s', image['image_id'], sec_data)
|
||||
|
||||
if not sec_data['Vulnerabilities']:
|
||||
continue
|
||||
|
||||
# Dispatch events for any detected vulnerabilities
|
||||
logger.debug('Got response vulnerabilities for layer %s: %s', image['image_id'], sec_data)
|
||||
event = ExternalNotificationEvent.get(name='vulnerability_found')
|
||||
matching = (RepositoryTag
|
||||
.select(RepositoryTag, Repository)
|
||||
|
|
|
|||
Reference in a new issue