vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #2427 from jzelinskie/tiny-qss-fixes

Browse source 
workers.securityworker: small fixes
This commit is contained in:
Jimmy Zelinskie 2017-03-13 18:22:55 -04:00 committed by GitHub
commit 46f175442d
1 changed files with 35 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

43
workers/securityworker.py
View file

@ -1,7 +1,7 @@
import logging.config import logging.config
import time import time
from math import floor, log10 from math import log10
import features import features
@ -29,19 +29,16 @@ class SecurityWorker(Worker):
def __init__(self): def __init__(self):
super(SecurityWorker, self).__init__() super(SecurityWorker, self).__init__()
validator = SecurityConfigValidator(app.config) validator = SecurityConfigValidator(app.config)
if validator.valid(): if not validator.valid():
logger.warning('Failed to validate security scan configuration')
return
self._target_version = app.config.get('SECURITY_SCANNER_ENGINE_VERSION_TARGET', 3) self._target_version = app.config.get('SECURITY_SCANNER_ENGINE_VERSION_TARGET', 3)
self._analyzer = LayerAnalyzer(app.config, secscan_api) self._analyzer = LayerAnalyzer(app.config, secscan_api)
self._min_id = None
# Get the ID of the first image we want to analyze.
self._min_id = app.config.get('SECURITY_SCANNER_INDEXING_MIN_ID')
if self._min_id is None:
self._min_id = get_min_id_for_sec_scan(self._target_version)
interval = app.config.get('SECURITY_SCANNER_INDEXING_INTERVAL', DEFAULT_INDEXING_INTERVAL) interval = app.config.get('SECURITY_SCANNER_INDEXING_INTERVAL', DEFAULT_INDEXING_INTERVAL)
self.add_operation(self._index_images, interval) self.add_operation(self._index_images, interval)
else:
logger.warning('Failed to validate security scan configuration')
def _index_images(self): def _index_images(self):
def batch_query(): def batch_query():
@ -53,10 +50,14 @@ class SecurityWorker(Worker):
if max_id is None: if max_id is None:
return return
if self.min_id is None or self.min_id > max_id:
logger.info('Could not find any available images for scanning.')
return
max_unscanned_images_gauge.Set(max_id) max_unscanned_images_gauge.Set(max_id)
# 4^log10(total) gives us a scalable batch size into the billions. # 4^log10(total) gives us a scalable batch size into the billions.
batch_size = 4 ** int(floor(log10(max(10, max_id - self._min_id)))) batch_size = int(4 ** log10(max(10, max_id - self.min_id)))
with UseThenDisconnect(app.config): with UseThenDisconnect(app.config):
to_scan_generator = yield_random_entries( to_scan_generator = yield_random_entries(
@ -64,7 +65,7 @@ class SecurityWorker(Worker):
get_image_pk_field(), get_image_pk_field(),
batch_size, batch_size,
max_id, max_id,
self._min_id, self.min_id,
) )
for candidate, abt, num_remaining in to_scan_generator: for candidate, abt, num_remaining in to_scan_generator:
try: try:
@ -77,7 +78,25 @@ class SecurityWorker(Worker):
# If we reach this point, we analyzed every images up to max_id, next time the worker runs, # If we reach this point, we analyzed every images up to max_id, next time the worker runs,
# we want to start from the next image. # we want to start from the next image.
self._min_id = max_id + 1 self.min_id = max_id + 1
@property
def min_id(self):
""" If it hasn't already been determined, finds the ID of the first image to be analyzed.
First checks the config, then the database, and returns None if there are no images
available for scanning.
"""
if self._min_id is None:
self._min_id = app.config.get('SECURITY_SCANNER_INDEXING_MIN_ID')
if self._min_id is None:
self._min_id = get_min_id_for_sec_scan(self._target_version)
return self._min_id
@min_id.setter
def min_id(self, new_min_id):
self._min_id = new_min_id
if __name__ == '__main__': if __name__ == '__main__':
app.register_blueprint(v2_bp, url_prefix='/v2') app.register_blueprint(v2_bp, url_prefix='/v2')