From 888f976e8d38513b0bfbb291f559de3615a5c67a Mon Sep 17 00:00:00 2001 From: Quentin Machu Date: Tue, 1 Mar 2016 15:35:00 -0500 Subject: [PATCH] Use a feature flag to toggle security notifications --- config.py | 3 ++- util/secscan/analyzer.py | 4 +++- workers/security_notification_worker.py | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/config.py b/config.py index 3e0b391f2..1d2cd9e32 100644 --- a/config.py +++ b/config.py @@ -280,9 +280,10 @@ class DefaultConfig(object): # Security scanner FEATURE_SECURITY_SCANNER = False + FEATURE_SECURITY_NOTIFICATIONS = False SECURITY_SCANNER = { 'ENDPOINT': 'http://192.168.99.101:6060', - 'ENGINE_VERSION_TARGET': 1, + 'ENGINE_VERSION_TARGET': 2, 'API_VERSION': 'v1', 'API_TIMEOUT_SECONDS': 10, } diff --git a/util/secscan/analyzer.py b/util/secscan/analyzer.py index 4533e933e..28352bdea 100644 --- a/util/secscan/analyzer.py +++ b/util/secscan/analyzer.py @@ -1,6 +1,8 @@ import logging import logging.config +import features + from collections import defaultdict from endpoints.notificationhelper import spawn_notification @@ -90,7 +92,7 @@ class LayerAnalyzer(object): # If we are the one who've done the job successfully first, get the vulnerabilities and # send notifications to the repos that have a tag on that layer. - if set_status: + if features.SECURITY_NOTIFICATIONS and set_status: # Get the tags of the layer we analyzed. repository_map = defaultdict(list) event = ExternalNotificationEvent.get(name='vulnerability_found') diff --git a/workers/security_notification_worker.py b/workers/security_notification_worker.py index a5e6d0480..a31075d50 100644 --- a/workers/security_notification_worker.py +++ b/workers/security_notification_worker.py @@ -43,7 +43,7 @@ class SecurityNotificationWorker(QueueWorker): if __name__ == '__main__': - if not features.SECURITY_SCANNER: + if not features.SECURITY_SCANNER or not features.SECURITY_NOTIFICATIONS: logger.debug('Security scanner disabled; skipping SecurityNotificationWorker') while True: time.sleep(100000)