Adapt secscan API for Clair v1.0
Squash /vulnerabilities and /packages as it basically does the same action on Clair and we don't need both for Quay
This commit is contained in:
Quentin Machu
parent
e5da33578c
commit
4bd5996bbf
1 changed files with 12 additions and 40 deletions
|
|
@ -1,4 +1,4 @@
|
|||
""" List and manage repository vulnerabilities and other sec information. """
|
||||
""" List and manage repository vulnerabilities and other security information. """
|
||||
|
||||
import logging
|
||||
import features
|
||||
|
|
@ -9,7 +9,7 @@ from app import secscan_api
|
|||
from data import model
|
||||
from endpoints.api import (require_repo_read, NotFound, DownstreamIssue, path_param,
|
||||
RepositoryParamResource, resource, nickname, show_if, parse_args,
|
||||
query_param)
|
||||
query_param, truthy_bool)
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
|
@ -54,19 +54,19 @@ def _get_status(repo_image):
|
|||
|
||||
|
||||
@show_if(features.SECURITY_SCANNER)
|
||||
@resource('/v1/repository/<apirepopath:repository>/image/<imageid>/vulnerabilities')
|
||||
@resource('/v1/repository/<apirepopath:repository>/image/<imageid>/security')
|
||||
@path_param('repository', 'The full path of the repository. e.g. namespace/name')
|
||||
@path_param('imageid', 'The image ID')
|
||||
class RepositoryImageVulnerabilities(RepositoryParamResource):
|
||||
class RepositoryImageSecurity(RepositoryParamResource):
|
||||
""" Operations for managing the vulnerabilities in a repository image. """
|
||||
|
||||
@require_repo_read
|
||||
@nickname('getRepoImageVulnerabilities')
|
||||
@nickname('getRepoImageSecurity')
|
||||
@parse_args()
|
||||
@query_param('minimumPriority', 'Minimum vulnerability priority', type=str,
|
||||
default='Low')
|
||||
@query_param('vulnerabilities', 'Include vulnerabilities informations', type=truthy_bool,
|
||||
default=False)
|
||||
def get(self, namespace, repository, imageid, parsed_args):
|
||||
""" Fetches the vulnerabilities (if any) for a repository tag. """
|
||||
""" Fetches the features and vulnerabilities (if any) for a repository tag. """
|
||||
repo_image = model.image.get_repo_image(namespace, repository, imageid)
|
||||
if repo_image is None:
|
||||
raise NotFound()
|
||||
|
|
@ -79,40 +79,12 @@ class RepositoryImageVulnerabilities(RepositoryParamResource):
|
|||
}
|
||||
|
||||
layer_id = '%s.%s' % (repo_image.docker_image_id, repo_image.storage.uuid)
|
||||
data = _call_security_api('layers/%s/vulnerabilities', layer_id,
|
||||
minimumPriority=parsed_args.minimumPriority)
|
||||
if parsed_args.vulnerabilities:
|
||||
data = _call_security_api('layers/%s?vulnerabilities', layer_id)
|
||||
else:
|
||||
data = _call_security_api('layers/%s?features', layer_id)
|
||||
|
||||
return {
|
||||
'status': _get_status(repo_image),
|
||||
'data': data,
|
||||
}
|
||||
|
||||
|
||||
@show_if(features.SECURITY_SCANNER)
|
||||
@resource('/v1/repository/<apirepopath:repository>/image/<imageid>/packages')
|
||||
@path_param('repository', 'The full path of the repository. e.g. namespace/name')
|
||||
@path_param('imageid', 'The image ID')
|
||||
class RepositoryImagePackages(RepositoryParamResource):
|
||||
""" Operations for listing the packages added/removed in an image. """
|
||||
|
||||
@require_repo_read
|
||||
@nickname('getRepoImagePackages')
|
||||
def get(self, namespace, repository, imageid):
|
||||
""" Fetches the packages added/removed in the given repo image. """
|
||||
repo_image = model.image.get_repo_image(namespace, repository, imageid)
|
||||
if repo_image is None:
|
||||
raise NotFound()
|
||||
|
||||
if not repo_image.security_indexed:
|
||||
return {
|
||||
'status': _get_status(repo_image),
|
||||
}
|
||||
|
||||
layer_id = '%s.%s' % (repo_image.docker_image_id, repo_image.storage.uuid)
|
||||
data = _call_security_api('layers/%s/packages', layer_id)
|
||||
|
||||
return {
|
||||
'status': _get_status(repo_image),
|
||||
'data': data,
|
||||
}
|
||||
|
||||
|
|
|
|||
Reference in a new issue