Refactor the security worker and API calls and add a bunch of tests
This commit is contained in:
Joseph Schorr
parent
0183c519f7
commit
c0374d71c9
17 changed files with 811 additions and 456 deletions
|
|
@ -2,14 +2,13 @@
|
|||
|
||||
import logging
|
||||
import features
|
||||
import json
|
||||
import requests
|
||||
|
||||
from app import secscan_api
|
||||
from data import model
|
||||
from endpoints.api import (require_repo_read, NotFound, DownstreamIssue, path_param,
|
||||
RepositoryParamResource, resource, nickname, show_if, parse_args,
|
||||
query_param, truthy_bool)
|
||||
from util.secscan.api import APIRequestFailure
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
|
@ -22,30 +21,6 @@ class SCAN_STATUS(object):
|
|||
QUEUED = 'queued'
|
||||
|
||||
|
||||
def _call_security_api(relative_url, *args, **kwargs):
|
||||
""" Issues an HTTP call to the sec API at the given relative URL. """
|
||||
try:
|
||||
response = secscan_api.call(relative_url, None, *args, **kwargs)
|
||||
except requests.exceptions.Timeout:
|
||||
raise DownstreamIssue(payload=dict(message='API call timed out'))
|
||||
except requests.exceptions.ConnectionError:
|
||||
raise DownstreamIssue(payload=dict(message='Could not connect to downstream service'))
|
||||
|
||||
if response.status_code == 404:
|
||||
raise NotFound()
|
||||
|
||||
try:
|
||||
response_data = json.loads(response.text)
|
||||
except ValueError:
|
||||
raise DownstreamIssue(payload=dict(message='Non-json response from downstream service'))
|
||||
|
||||
if response.status_code / 100 != 2:
|
||||
logger.warning('Got %s status code to call: %s', response.status_code, response.text)
|
||||
raise DownstreamIssue(payload=dict(message=response_data['Message']))
|
||||
|
||||
return response_data
|
||||
|
||||
|
||||
def _get_status(repo_image):
|
||||
if repo_image.security_indexed_engine is not None and repo_image.security_indexed_engine >= 0:
|
||||
return SCAN_STATUS.SCANNED if repo_image.security_indexed else SCAN_STATUS.FAILED
|
||||
|
|
@ -78,11 +53,16 @@ class RepositoryImageSecurity(RepositoryParamResource):
|
|||
'status': _get_status(repo_image),
|
||||
}
|
||||
|
||||
layer_id = '%s.%s' % (repo_image.docker_image_id, repo_image.storage.uuid)
|
||||
if parsed_args.vulnerabilities:
|
||||
data = _call_security_api('layers/%s?vulnerabilities', layer_id)
|
||||
else:
|
||||
data = _call_security_api('layers/%s?features', layer_id)
|
||||
try:
|
||||
if parsed_args.vulnerabilities:
|
||||
data = secscan_api.get_layer_data(repo_image, include_vulnerabilities=True)
|
||||
else:
|
||||
data = secscan_api.get_layer_data(repo_image, include_features=True)
|
||||
except APIRequestFailure as arf:
|
||||
raise DownstreamIssue(arf.message)
|
||||
|
||||
if data is None:
|
||||
raise NotFound()
|
||||
|
||||
return {
|
||||
'status': _get_status(repo_image),
|
||||
|
|
|
|||
Reference in a new issue